)=nil, 0xc00000, 0x3000, 0x0, &(0x7f000011f000/0x3000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000000c0)={0x0, 0xff, 0x30, 0x3, 0x7fff}, &(0x7f0000000100)=0x18) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000180)) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0xdf8, 0x0, 0x8, 0x400, r1}, 0x10) 2018/03/31 10:50:59 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="000002001800", @ANYBLOB], 0x6) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:50:59 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = getpid() r2 = dup(r0) utimensat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, r1, 0x0, 0xffffffffffffffff, 0x0) r3 = accept(r0, &(0x7f00000000c0)=@pptp={0x0, 0x0, {0x0, @dev}}, &(0x7f0000000140)=0x80) syz_mount_image$reiserfs(&(0x7f00000035c0)='reiserfs\x00', &(0x7f0000003600)='./file0\x00', 0x7ff, 0x5, &(0x7f0000003940)=[{&(0x7f0000003640)="8fe974901452545e0d7172d8f98d99494387cb5cb3b7a9dc57d83143e2f17d660d9342316933188a009f26bb3cfdaeb1252fb9f9157be29da58963dd4c1915f477e044ed3c60cfa6f83d855be08c7a8dc282bbd77fe7", 0x56, 0xffffffffffffffff}, {&(0x7f00000036c0)="40ad31d07989573b2f5b85c5afc4c0ae6f96b299a6615186676f162b23013b7f05754ccba2a6e31ad24ac74494a7de89d318a70afdaf67b6aa570c2ad74846040f3ee528baa93a9abbad7e186b441f4b30269ed85e394359ed7946bb84b196fe70be794c38ff391ad4bebecda4e59e6cc32167590d344edf68", 0x79, 0x1f}, {&(0x7f0000003740)="4ce59f6014107937a77550baac35358d9c87b88dd18a902c66af5b148a1f75f78f1b8a5bf22a0c93b9e8c99fa8b2dc049cf28aa0f2cafa7a6063c57f06755db8a5a48aa7cc033f1a1fc5d5694c16d9ae7e8deb174372fd543de2717f711e3809ce66fd51d3897e2723f1bac81da6858938224f9dc3b2c31bc2d3ae516e9113e7270f46cd58f1abd7c559d93ecf8c7eaf348b208800404e1654388ad4432cf7f91df3b7bde4440d561861edd55a6c6aa15ada61226293d567228f", 0xba, 0x4}, {&(0x7f0000003800)="e73a7d217abce214216bb0ccc9dd620825dcd391d65679119338b8dfa64d4d96b16f6886fe9a9ec5e2f7bb0db44f48d91679961ac04ed3318299eef54838b96ad5dab332c3cee36fd2b34cf978417e09bc1964879834e21ad257092da3", 0x5d, 0x2}, {&(0x7f0000003880)="1b3ac3a882f1956ca9f09417e952c9390c28e247b273b0984e03ef11010133dda05ac052acea4c57d31c282a924150fa336752caa48f7473996754bcf3c8599ec59ca31684061fe66af7345325bda652610efb7105f1a1c78277b12cc3e0c80bc42ed7051879cf44202a681fac306b9611290ba955b41d310a81b17dfb15421f62ba697466a054d8b090802aa5ab432371b7f9c0f0f3bdeb50b2a7868096d2bba5109ff4a4", 0xa5, 0x400}], 0x4080, &(0x7f00000039c0)={[{@usrjquota_file='usrjquota=syz', 0x2c}, {@hash_r5='hash=r5', 0x2c}, {@resize={'resize', 0x3d, [0x36, 0x37]}, 0x2c}, {@barrier_none='barrier=none', 0x2c}]}) setsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f0000000180)=0x7, 0x2) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x6) recvmmsg(r0, &(0x7f0000003440)=[{{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/117, 0x75}, {&(0x7f00000012c0)=""/48, 0x30}], 0x3, &(0x7f0000001340)=""/218, 0xda, 0x9}, 0x1}, {{&(0x7f0000001440)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000001a40)=[{&(0x7f00000014c0)=""/184, 0xb8}, {&(0x7f0000001580)=""/217, 0xd9}, {&(0x7f0000001680)=""/154, 0x9a}, {&(0x7f0000001740)=""/144, 0x90}, {&(0x7f0000001800)=""/53, 0x35}, {&(0x7f0000001840)=""/194, 0xc2}, {&(0x7f0000001940)=""/220, 0xdc}], 0x7, &(0x7f0000001ac0)=""/2, 0x2, 0xfffffffffffffff9}, 0x3}, {{&(0x7f0000001b00)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001d40)=[{&(0x7f0000001b80)=""/26, 0x1a}, {&(0x7f0000001bc0)=""/98, 0x62}, {&(0x7f0000001c40)=""/242, 0xf2}], 0x3, &(0x7f0000001d80)=""/197, 0xc5, 0x49fac798}, 0x3}, {{&(0x7f0000001e80)=@ax25, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001f00)=""/99, 0x63}], 0x1, &(0x7f0000001fc0)=""/36, 0x24, 0xfffffffffffffbff}, 0x6}, {{&(0x7f0000002000)=@can, 0x80, &(0x7f0000003300)=[{&(0x7f0000002080)=""/53, 0x35}, {&(0x7f00000020c0)=""/171, 0xab}, {&(0x7f0000002180)=""/168, 0xa8}, {&(0x7f0000002240)=""/133, 0x85}, {&(0x7f0000002300)=""/4096, 0x1000}], 0x5, &(0x7f0000003380)=""/174, 0xae, 0xfffffffffffffc01}, 0x4}], 0x5, 0x100, &(0x7f0000003580)={0x77359400}) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000080)={@dev={0xac, 0x14, 0x14, 0x1a}, @multicast2=0xe0000002, 0x0, 0x2, [@local={0xac, 0x14, 0x14, 0xaa}, @broadcast=0xffffffff]}, 0x18) 2018/03/31 10:50:59 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:50:59 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = epoll_create1(0x0) mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r4 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000240)={r5, 0x1}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:50:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:50:59 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="000002001800", @ANYBLOB], 0x6) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:50:59 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa030000", @ANYBLOB], 0xb) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:50:59 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) mprotect(&(0x7f00008a1000/0x1000)=nil, 0x1000, 0x3) [ 102.528540] binder: 8539:8542 Acquire 1 refcount change on invalid ref 0 ret -22 [ 102.548669] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:50:59 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x0, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:50:59 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:50:59 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa030000", @ANYBLOB], 0xb) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 102.573382] REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option "hash=r5" [ 102.587577] binder: 8539:8542 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 102.655730] xprt_adjust_timeout: rq_timeout = 0! [ 102.670102] REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option "hash=r5" [ 103.314971] binder: 8539:8586 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:00 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000200)="f20a80ecbdf242055a79a0435f209c56ec9998d8feb797d03bd2a5382c3ba5546c6709b36247b3f1138b9edb10374c4e2ca598a0fc12abb3c878d69396276119754bce1f70", 0x45, 0x5}, {&(0x7f0000000280)="3f54d40f30f9d55659801d185a835f2825d21a08f891714527e4dbf7896228d3d7ed9a6705e6e1b60b46602ebea4a15a61a5ce054388d8a1b787075f57ee0c5c5e4006805b28eacdb8e14dd5071994d63a8b6da0ec80db059743fa377d8f540c0284ca1ab48db4b093be6be8c1aeca74db94ca41e0ab8f3808796bf75b19381d88a1a1d32896a4cf079507139b4ef746b5cdd18828cdfb7a892b9f15af934bf23f7ac7c5f272242ac69d60fa526d61f857f9657d5605db498d525ffa9973df2fdfc9fe96ba9fcb1150c309831d01c1e4642dd17116f7d76d", 0xd8, 0x80}, {&(0x7f0000000380)="5583f05db6fadca3e5f926c977ecca28c1e8fa26a699da58e35fb8d8e50e9ce62a42d49e", 0x24, 0x10f}, {&(0x7f00000003c0)="e8a29725a79ff2c3907ca336a5908390aa8818d7ac8650cfb7b609f193f724e20a54bc3b93da68b1e87f836ce2f6cfbeab2e52390c2963eb6b1699ddcc929afb4cde1d9e5f118b8a02c46969e2b8b4989495e810342fa4183d13d2d0fb2548039943cdf70543cd9dfda66866e8893b9981659d3fa3ce4542", 0x78, 0xf99a}], 0x840, 0x0) r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c) r1 = socket$alg(0x26, 0x5, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x15) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x80000000}) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0) r3 = semget$private(0x0, 0x3, 0x4) semctl$IPC_STAT(r3, 0x0, 0x2, &(0x7f0000000100)) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000080)=0x9) accept$nfc_llcp(r0, 0x0, &(0x7f0000000140)) 2018/03/31 10:51:00 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:00 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03", @ANYBLOB], 0x9) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x0, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:00 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0xfffffffffffffffe, 0xa000c) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000080)) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:00 executing program 7: perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r0 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r0, &(0x7f00000001c0)={r4, r2}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:00 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:00 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03", @ANYBLOB], 0x9) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:00 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:00 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f00000000c0)) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) 2018/03/31 10:51:00 executing program 7: perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r0 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r0, &(0x7f00000001c0)={r4, r2}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 103.566670] binder: 8596:8598 Acquire 1 refcount change on invalid ref 0 ret -22 [ 103.574690] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:00 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$notify(r1, 0x402, 0x2) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:00 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03", @ANYBLOB], 0x9) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x0, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:00 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 103.614998] binder: 8596:8598 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:00 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x92) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000100)="9e4d953d49a0563fdf2a6e086a564b473e61cab02d5359585dd4706e5c375d98d6be492404f73b6d0088baf64603cbc86645d40714dbfdb3475e91770252c7bd1548edebd15bb83b72c1bbc11990811c94887094cfb6f188e5f74643f6de5c2954a1ed3c61bf6250c0441251dabd37c0696b3946e9376da92fcd73e0") r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000080)=0x9) 2018/03/31 10:51:00 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa030000", @ANYBLOB], 0xb) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x0, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:00 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 103.699382] xprt_adjust_timeout: rq_timeout = 0! [ 104.340295] binder: 8596:8663 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:01 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000040), &(0x7f0000000080)=0x4) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:01 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x8) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfe, 0x40400008}, 0xc) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000080)=0x9) 2018/03/31 10:51:01 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa030000", @ANYBLOB], 0xb) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:01 executing program 7: perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r0 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r0, &(0x7f00000001c0)={r4, r2}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:01 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:01 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x0, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:01 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:01 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:01 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, 0x0, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:01 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) mincore(&(0x7f0000aef000/0x4000)=nil, 0x4000, &(0x7f00000000c0)=""/187) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) 2018/03/31 10:51:01 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x10000, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:01 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa030000", @ANYBLOB], 0xb) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:01 executing program 7: ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r0 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r0, &(0x7f00000001c0)={r4, r2}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 104.572427] binder: 8674:8676 Acquire 1 refcount change on invalid ref 0 ret -22 [ 104.586422] binder: 8674:8676 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 104.595544] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:01 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)={0x0, 0x1}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) 2018/03/31 10:51:01 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 104.719968] xprt_adjust_timeout: rq_timeout = 0! [ 105.347213] binder: 8674:8723 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:02 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:02 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, 0x0, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:02 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'dummy0\x00', {0x2, 0x4e23, @multicast1=0xe0000001}}) 2018/03/31 10:51:02 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:02 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40000, 0x10c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000580)={0x73aa, 0x6, 0x3, 0x7, 0xfff, 0x8, 0x8001, 0x9, 0x1, 0x9, 0x5}, 0xb) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) r1 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x783b, 0x200000) execveat(r1, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000280)=[&(0x7f0000000140)='md5sum--(wlan0trustedselinux\x00', &(0x7f0000000180)=')vmnet0self]:\x00', &(0x7f00000001c0)='}proc\x00', &(0x7f0000000200)='\\\'\x00', &(0x7f0000000240)='md5sumprocvboxnet1ppp0(securityuserselinuxppp0&vboxnet0\x00'], &(0x7f0000000440)=[&(0x7f00000002c0)='/dev/rfkill\x00', &(0x7f0000000300)='systemposix_acl_access:\x00', &(0x7f0000000340)='/dev/rfkill\x00', &(0x7f0000000380)='/dev/rfkill\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000500)='/dev/rfkill\x00'], 0x1500) getsockopt$inet6_dccp_int(r1, 0x21, 0x1f, &(0x7f0000000040), &(0x7f00000004c0)=0x4) ioctl$RNDGETENTCNT(r1, 0x80045200, &(0x7f00000006c0)) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000640)={"6d616e676c6500000000000000000000000000000000000000000000b308b2e0", 0x3a3, [{}, {}]}, 0x48) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000480)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000540)=0x800000000009) 2018/03/31 10:51:02 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:02 executing program 7: ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r0 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r0, &(0x7f00000001c0)={r4, r2}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:02 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:02 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:02 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000, 0x0, &(0x7f0000bc1000/0x3000)=nil) getresgid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000240)=0x0, &(0x7f0000000280), &(0x7f00000002c0)) getresgid(&(0x7f0000000300)=0x0, &(0x7f0000000340), &(0x7f0000000380)) getgroups(0x4, &(0x7f00000003c0)=[r0, r1, r2, r3]) r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x800, 0x6c) ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, &(0x7f0000000440)=0x99d4) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r5, 0x4004ae86, &(0x7f0000000080)=0x9) 2018/03/31 10:51:02 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x68, &(0x7f0000000040)=[@in={0x2, 0x4e24, @multicast1=0xe0000001}, @in={0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e20, 0x893, @dev={0xfe, 0x80, [], 0x10}, 0x380000000}, @in={0x2, 0x4e23, @multicast2=0xe0000002}, @in6={0xa, 0x4e22, 0xbd, @empty, 0x8}]}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000200)={r1, 0x4, 0x30}, &(0x7f0000000240)=0xc) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:02 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, 0x0, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:02 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 105.600940] xprt_adjust_timeout: rq_timeout = 0! [ 105.610241] binder: 8739:8740 Acquire 1 refcount change on invalid ref 0 ret -22 2018/03/31 10:51:02 executing program 7: ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r0 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r0, &(0x7f00000001c0)={r4, r2}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:02 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f00000000c0)={0x20080522}, &(0x7f0000804000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) accept4$nfc_llcp(r0, &(0x7f0000000200), &(0x7f0000000080)=0x60, 0x80000) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000001c0)=0xfbffffffffffffc5) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000100)={[{0x2, 0xffff, 0x0, 0x0, 0x8, 0x10000, 0x1000, 0xff0, 0x7, 0xfffffffffffffffd, 0x7, 0x2, 0x80000000}, {0x0, 0x7ff, 0xbe4c, 0xff, 0x953, 0x1, 0xffffffff, 0x3, 0x9, 0x6, 0x80, 0x101, 0xbb}, {0x6, 0x6, 0xffffffff, 0x100000001, 0x8000, 0xffffffffffffd385, 0x6, 0x101, 0xea9, 0x2, 0x200, 0x800000, 0x7fffffff}], 0x2}) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f0000000000)) 2018/03/31 10:51:02 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 105.657290] binder: 8739:8740 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:02 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) clone(0x40000, &(0x7f0000000180)="69315f6cb8ef4ef2539c5a7e559d3828db0d212d2aa9974edbd80009fb0de5db1b6fc8e37629b3d6b09886037ed0d24243ae8909a44fd62ff30c8f01511e7c8d99a62cc95472a2857699c377aa653b4483c750cb699c9a856d7f3c401379fd58931a83bace6e88c71a4ffab9c28719743a9f5e369db6a6da880d1c8d04dfd2a8fb851e1af6ff072e9f90dc68494326fb5cc9240dd2abb7d2c210209c2233f8aec112a00a2304a1567eac7a542a27d3cd01dc870943604655b7fc920bc3bfe1d53cb2d3126a74c11a62154cef7ab5df0db6", &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000280)="23eed2dd4e285627c7f606eb3cc4d12f7ccb7d22ee479f5d09a4f26d3a1285a931fdb922fb1286aeaa9f565deb3385bcdc96a4c75e6ed92443a121d3f986876369ed6a6d4a0895bcbd39bf119ec830e5d1beaad33cf91ffb72c0f4ced6cfd85a19961db0336c82532b141dc477505e7b9fa7fb95541b9ec8c8fa4bc15413c8908f9a9790b3bf6cef2061bceb10db") [ 105.756974] xprt_adjust_timeout: rq_timeout = 0! [ 106.371675] binder: 8739:8789 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:03 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:03 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:03 executing program 3: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) shmget(0x0, 0x2000, 0x80, &(0x7f00006c2000/0x2000)=nil) getsockopt$inet_mreqsrc(r0, 0x0, 0x2f, &(0x7f00000000c0)={@local, @multicast1, @remote}, &(0x7f0000000100)=0xc) 2018/03/31 10:51:03 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:03 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x2, 0x0) setsockopt$inet6_dccp_int(r1, 0x21, 0x15, &(0x7f0000000080)=0xfffffffffffffffa, 0x4) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:03 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:03 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x0, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:03 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:03 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:03 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff020000000000000000000000000001000000000000000000000000000000000000000000efffffffffffffff00000000000000007e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:03 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:03 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x2100, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000140)=""/96) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000653000/0x2000)=nil}) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfff}) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f00000002c0)=""/98) ioctl$LOOP_CLR_FD(r0, 0x4c01) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) r2 = getpid() ioctl$LOOP_SET_FD(r1, 0x4c00, r1) prlimit64(r2, 0x3, &(0x7f00000001c0)={0x8, 0x6}, &(0x7f0000000200)) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000080)=0xa) getsockname$inet6(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, @loopback}, &(0x7f0000000280)=0x1c) [ 106.629755] binder: 8799:8808 Acquire 1 refcount change on invalid ref 0 ret -22 [ 106.652509] xprt_adjust_timeout: rq_timeout = 0! [ 106.654729] binder: 8799:8808 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 107.402433] binder: 8799:8838 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:04 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x0, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:04 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:04 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:04 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xbf, 0x0) 2018/03/31 10:51:04 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x0, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:04 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x1, 0x200000) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000001c0)={0x5, {{0x2, 0x4e20, @multicast1=0xe0000001}}, 0x1, 0x2, [{{0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}}, {{0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}}]}, 0x190) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x4}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000180)={r1, 0x400, 0x7fffffff, 0x0, 0x5, 0x80000000}, 0x14) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x200, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000080)=0x9) 2018/03/31 10:51:04 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:04 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mremap(&(0x7f00008a4000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000915000/0x4000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000180)="9706857f4e2af0ad788ad18a8b3da6b857144f0745f7302af25da6d16af257d4f881e15ace76072834944aab9117163193f4935f411de6af8c091b248666a8604ec54334205d1317bce96832a33ab82c91a134a74a5c5e07da6a3c60cad817d1e5201720a505639ff706eee1f54eb3cb17f183d6ff780c2f8e5aa82116c92d2b09e1b153a4e4f5213e265ebad60307e85daa438adc86d3371a", 0x99, 0xfffffffffffffff8) keyctl$get_keyring_id(0x0, r0, 0x5) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000080)=0x9) bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbff, 0x2000240}, 0xc) 2018/03/31 10:51:04 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:04 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x0, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:04 executing program 4: r0 = socket$inet6_sctp(0xa, 0x2, 0x84) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f0000000180)) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000580)={0xffffffffffffffff}) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f00000005c0)={{0x2, 0x4e22, @loopback=0x7f000001}, {0x6}, 0x64, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x19}}, 'vlan0\x00'}) r3 = dup2(r1, r0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x2, r1}) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) socket$packet(0x11, 0x2, 0x300) setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, &(0x7f0000000080)={0x6, 0x5}, 0x2) 2018/03/31 10:51:04 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:04 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x0, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 107.635401] binder: 8843:8855 Acquire 1 refcount change on invalid ref 0 ret -22 [ 107.669485] xprt_adjust_timeout: rq_timeout = 0! [ 107.674666] binder: 8843:8855 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 107.783883] xprt_adjust_timeout: rq_timeout = 0! [ 108.409179] binder: 8843:8894 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:05 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:05 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rfkill\x00', 0x422002, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) getpgrp(0x0) fcntl$getown(r0, 0x9) r1 = getpgrp(0x0) r2 = getpgrp(r1) capset(&(0x7f00000000c0)={0x19980330, r2}, &(0x7f0000000100)={0x10001, 0x8, 0xc781, 0x6, 0x6a17}) 2018/03/31 10:51:05 executing program 5: 2018/03/31 10:51:05 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x0, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:05 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x0, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:05 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:05 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mkdir(&(0x7f0000000040)='./file0\x00', 0x141) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYRES16=r0], 0x1) 2018/03/31 10:51:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:05 executing program 5: 2018/03/31 10:51:05 executing program 3: mremap(&(0x7f00000b7000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000100)={0xba, 0xf59, 0x4, 0x1, 0x8}) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0xf, 0x0, &(0x7f00000000c0)) 2018/03/31 10:51:05 executing program 5: 2018/03/31 10:51:05 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x0, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:05 executing program 4: r0 = socket$inet6_sctp(0xa, 0x800000005, 0x84) msync(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x80004) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000040)=0x9) sigaltstack(&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000080)) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:05 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x0, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:05 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 108.634983] binder: 8899:8901 Acquire 1 refcount change on invalid ref 0 ret -22 [ 108.654224] xprt_adjust_timeout: rq_timeout = 0! [ 108.668434] binder: 8899:8901 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:05 executing program 5: 2018/03/31 10:51:05 executing program 5: 2018/03/31 10:51:05 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000100)) 2018/03/31 10:51:05 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x0, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:05 executing program 5: 2018/03/31 10:51:05 executing program 6: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 108.771788] xprt_adjust_timeout: rq_timeout = 0! [ 109.412757] binder: 8899:8957 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:06 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x0, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:06 executing program 3: r0 = getpgrp(0x0) rt_sigqueueinfo(r0, 0xe, &(0x7f00000000c0)={0xc, 0x80, 0x5, 0x1a0}) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000, 0x0, &(0x7f0000aae000/0x3000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000080)=0x9) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000140)) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f0000000100)=""/57) 2018/03/31 10:51:06 executing program 5: 2018/03/31 10:51:06 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x0, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:06 executing program 6: 2018/03/31 10:51:06 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:06 executing program 4: r0 = socket$inet6_sctp(0xa, 0x4000000005, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:06 executing program 6 (fault-call:10 fault-nth:0): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:06 executing program 5 (fault-call:11 fault-nth:0): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:06 executing program 3: mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x101902, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000001140)={r0, r0, 0xb66d, 0x8000, &(0x7f0000000140)="872fba9b161248b068497e6194562ffa6a07fd4708606b64fe61b04a84ecc28232d4db111bba42cccdaadf57ea27dbfbf28719199886b24de3d3dbf556c913fe90a001993d68218c90425162caa4c1781e673ee9b3c51620ef809382a8532008ea261fda152111b67a69d326c8deb65b82b28a0c05d5f166a839ad98036282e8a3d26b5e8cd631810e074a0407b66aadd40b6ccb40926603e624b824c4b69f515d41b83d3a36be80a272b7823e45bbbcaa552fa8f5e39d36833b82c186dc6871231dc5b7523743c630ebe9a8ea5c6cde286de4adc1120918e5f3af2d2c6047914f578c1f5cb1524db7679f5988426396c9e78240b86b28930e583b6743a89101dab0e6d6c301d61f224e9a9aa99668316d01fbdc686f57ab5161d670b71787cdee430eb9c10213855f8af3eca49bbe4d3fa4b6fd08270d2da5997a46be2558fab5acf130b7fbc14f842f7ade8bce46172b3fbf10d8b8ba0dc177fd0520cf356ce8422c5d1baf8224945df4f583e9b0d57748873f85da693c47a6634e8939ffb3e95ea557673e69bdfca65f4cb9a44c517f4ab8fe8898861905fbcbc791ec8a2659a7a7004f6ced87554be65cb9c385a0ead1ae7a002b6cf3336b287e7cb05f3aa27ca2d808b9572f99bfe0dd690442da13a992cb03b32d2a6b2e8fff1b92429656a6fbabfcd37457d192ab363e24156733c36497d4fba3716054b0c3d61e8efef06fd57d8043abd939490be0b5fa05e553d763f106ef5ab51b21f41b6d9732e7c5a7118337c7d047eaacd09b122dd343ee8496bd805aa0460044087d43b4fc79f77661736b47c97c9c07c72c83f31dbe141fef5b23e528f50254f0054d095bce47e5dbd523206923563fd8915c4fc9a073e68a34bd8714818544a879e2456be3a9535aa3fac7a736e726fd4e756435f13b02773edd198c4c90d79cb515cca3ddf280e4f666a925175c565e966c5265a88e98915ac5658cdd08e9cd8fafd9cb70c609acc39c11e1e65d0791f05d330be1ed2d89a8aef92000694658e340ecede5ac7e071fa135353c32b63396b5863f17a1c2723b3d63d75a7c89b76feddd7573a8ec019ecd927b45e417d7ee0891da39542018ca611e792e15bc0a91bc1e6c2903198fb6284ab58aa105c9df77da765b55aa54d39540dfb63a99dafdfc59be229b7ba3f36fd2a858aea09d90c0a74ac6607ab719df94dbd7d5d86f0bd414f5f76ffbf5b25cf9054a449cee999bb53ac8cf42c243447acbbb852db08fa8e31cb7e382a04b36d00d740b79314d14a093ab88605063cb07f54cd0626dbc73ce5fea9e2c322f399f69107c0ab527845be4ce1cb191bcae21b7e68e595c7e65a1be4debbaf5ad0a478a203bfcde507860af43b94e49329e054d298cc1561a2a5de7f43f9284f0e618b61ca6c99212888c3e6c30647c90b8284f3a37fe7dc48340ad99bf48c3c1a82beb2da662e57033727d6044566601ca3986afb10c96549e67cc7db5f6f92083b84e12eef69a7496fff87fd296e4926a557521b93004e471ba71cc01505550a60a98b149e5d0182111c1f2e6ff1278ee124408ad5e6374af4fa63b3536f7385c8b6e1421e0b82406dafa49ced3ecfca1b6af206b39b75c30ce9d006fe1c5f90b15c2b66755c8c3bc7c260b3b7a3f20a6d7170db813f77401101a8b22e9d4bcaa94849153978ef0b0918d730a8d87561462946b656c100330df292bb4f786b5dc18440e2666eab8cd2f42323475efb2341ec81064e475c096e343599714f144f9453c344f8a0fcb7f604e22f6b7d16209726446f4437ea8de2b6a30ed145be33add3fab919594e916e8e83c3150a288273408f31673f19549fee3446af11a0312ac20e3b643fdf387aa49b9aa3e9ea71aa4b8b85947d9da6083e5a4fddab686c8a092a8d8ecc7ba6bb0d1128f738c92b47e65143b0055bdf5968469dee79ee00b69582820844d6c058988fa5b4d005956d6b983d02c7274437203fd625d8914465741502535182f37a629f2aac3b55b3aeaccfc4f4152c51d7b9fc186df6daff34f2fc5ae56a4b71c4cd67b05da03b350866c5a69c2a36204a588fc6e0040e4501aadd8075306abb86ba8f96e763bcb30a8d3c93bd6f5939ceae625b4d4c125834192d38995318a612a8fccb9e777bc4cef920d97bd46839ade4bec4f29e70b027283e151a96a0303c2f987e27ed10a04f1c4cd04ee13fa8bd536d3f727feaccfb15443f0f4c469f5f9419c93b423b80860d5ada50c5e28516f9f884c2f2f85c0d0c05f81ec5961669fef15097a6a6eae17dbc9a656b14afa194a905b523534bd9fab0b772170882f73f6c9c045e9681991180a35b7d8ecd4d1073ef0546e8311a5e9a8796aa008733bf2d69346f0f36abb79fb812a1989e9a8732b43ff145b65d29c15e1205973d6de6d86c199585bc23858dc2412cb5306c2870bb1fd12603ebe9a8d3a22e7a93dfeee57cf5afce29aff3b1912bfb03779556b18da346f46e1f25f3b1e049ab210c3f522a0f4f567fd9a4f4be7800a339a7bb5b1b58ea42250d080e5a425adf6142751567ad680fc6d96dee84e61ac9be32deeae7f6934ae2249ffea34efa7e029ce076a48e6da32cb98c2b92866b55a4d3952d9b084f81dfe45952537b4d8dd889f9195401e9239f72417b5a20094378dd1cfdc2a655ea44beec26c5e3b40c833e3567ce1feda5c68c692c17f68b6ba8713b761bada49fc153a75cf4d33ab60961d8bb17d8ffc8828ca5d42ef5344018c58e0f0b049cdb894fc6351e848e5853abbbb029fd092c8dacbe7d71537dd4f0a5b474c6e5f7963c41b617861717ed0dd8fbce259b1566936f8416bb9ad972b1b41fc51b4596f4339dc50614e2aefe7dea34816dc908fa931adeeaf7d71c9b72eb0847c020da3e9b72d60fea28b38267f71f6bb8bb841f4a8bd2beaa84888b29c9d24bf56babad0161b6fe63c540d65078b265c24ba356457f6133ac12a8343ca10f4bc3f0a0c5d745e6b4b4f59f01785dd050bc12841440c90522ce27e3873bbd48ce0bf272994ab7b05685e0d0398fa8658b25bfb6f63960fbbc75b7235cb9d6ab74da3dfabaa0ebd0982b643d2acb3c9af4a15de93515ceae71adcab5cfccf35a6d8e1ac14bc58e92ade2e48b4aba07b6eea6a1bb87bd06fc50aa79993df9f854c1654d404506885d75ef986c00dc20125089257c893f5dd259730395e52a2e4cdad37c735680e1fa0bbd55ab60a660e179097a54dd9feb2d8d18b68b4d89051ce8c16f0ebf57ccdc2d0cfd7e4a0959c3646155a6966210f0a85106ddf3fe9077ca7b89e1880b2434a660c90f1c5b18af4f41a539c55d0513581a5ed8c87bb73a3019094011657b631323f5bdd9306c03394b034710af8c4aa53cc598d8a933a8eba99654a92158d76f75190744d9a0d2a06b73f24972a8a6453ca0ba9e6c6e834d71b8faa91ac95faf0b602525e9aa5d500347d127642d07631e86c9e20e506a260cf0dfc9197f1101ecfb589e59b60cbe6f673e50ce16f9ecddec380427d7058984fc9c0036992db2445e762c6c3f5012e152f306d16fa4756c7af4147207a62e0e3db53decd6bac73cadb99f46f2e964a3c34505d336b628f0e1a5c426347fec7da655ee1d66204c01a71eeee944b546d5ca9b9c6c063a5d708ac26eefbdde8a4a68ebd2e8182886bf78e3ebccea5e9d6590f074f78f3ae0413a4bb0d06addba94d8997d63220b283ac94d56a2b038a7f911f3d33c34665aea308120b438b3c35a2541e283759c24cdf04800cfb8af51a73db59f24f40781f3fd94210eabfcd81c072103ab29a70a1a8d870b171ec45599250f40188bfd0bc1a39451d6e8e62140a41db87d5ae1cc68bd88423fdea12638810510822e91ef29c082845b928418b0e1f079187e7d8fddbe25c7ac8d522b394be2c5613255a37967ab3ff317a42a50ec0d93f2b207cfd999a5bf510d0c477be762db0c8b486891f27d7682a160677f750f0a9465d4a91d7c3c6fcbed23169e392e02e509b6cab5aad518d73e061a94261f9214b97c29e5ec8bae8ef21e57bfc6f21b30ba719b8a455e1e1a19b52219e8e77166e19ae845ec9af221b1d3d734e9b6396880af23eec606d65bcfa90a0707d15b9018516358587a8a8a779d151900bba3f3741ded3babe4369147832aeb88c5c0b369aa685af309ff39bdfb3e7d45dc7e08be81c168e345f2c2415eed5ed94664bb8baf10f17f7cd4cdda12312497b4bd34b7f01e81f1963175e8ca5acc8d3a3669698e16f831155c352e32ef9cb32b7321bec3ba30885c82263fdad3e433e50d8ec0e161139e9d94da5067a772220371b0fa152656a38bb41fbb2309484ba08c4a1d9d3563ea80c73c9f5fcfdebdc5cd219e42a28545705436d166b8032a3964ac12cc0b193bc741482750e76d873cf0f1c92ee894e9f0fda635101c857504def1eb81ae4933e49511037e68e55eeebaa81d1a8bd9eba0c12691ae517d8ad7c39f88dca0cafda4e01b01167ec492a43d61da75d1fe1ac76a485901e78e04e393cc2c0acd562f97a120ffe4f8bbdc0dbd4fee49eb9296b3ea5a0778901716b33f9013e6cc8ab649f8b30ae9580f52bc82a911d6894182a0310d71ad7c56667a4822c0ecce0eda0255fa153a7188721c6f2a60eb82049c52240821f64ef6bdb6d69cd8c8de37b79363a0fa8573f8e3840d898bdca304b7f0648dc071a84b8fda80cc92b67dd3eee5cb82b0d15b9a5d5c32baebfcc705e67edc59b0a800b1df36ee4b9f1e1060ab1d2ce188fcaff3e5ef9a9701b63562c46bca58ec51a1c37b2b2fa2f98908824aa941faa27c8bf3f840016a4a442390b6ba6746717afdede46983108cc62808065b7cae59a83c9aab9dbcdd5643825ba0068c2e212baaa4e424b8f6edf46bbe79c9565c56b0b1ae7020145e3dc78512a43db1cae611fed1934d64aedad68fd83d88e59c3deead89cd401bc04f47c582818c95c85c04f05fe0be5c9afa853ee1cc0d3ab8aa96c67d021a7dcc40ae1869e310a3ad7d30260a5e32cfc8d4d936851e8b8be203607394d33bcf952e9a21c18dba55b4ffe7e44d4f583f89289cde12818cbe4eaff1a640004d1f38bcb1487f6a105ba45d1b9dd8c483c5ac48f2f4f82b32a3fa9ca034c3ed4268ad0f494ea8bd3d335ccc6ce0e3e8e36e6b8862c9d40069461ab093d3d3d6ecec29c81fefac0dfeb8fd2dbbc4d7a4849a2ef77fa80e217de6f6964149bbb3b18b11633f4b7d886a824e0501ab56c40049cfa9516cbe12e14ea38f089931d1d5267215c69945af776f8b7c634636a34f21ffdfec00c8f7495eb5395f075dc04df581b966b07b88febf773a9f5c385190dfa49cf012b33771a7a6dedad992f42e102700cc7359b9265583ba8214db50a5d699c71e0438019431938265fbf2080b82be02b07bcd38f8e5935a93778a5802dbe37beb24d80b866d50ae57e746f9c1f1516fb1ee50c2c29a2ffc2c480cba487fd0257ac02281c00a70eecea41fe523be2687caf7814a5f4ad5f0eba6f27ab3ef4165dd80f63c20de3de23065d467e67cfa382b7771c464e7069c68df63be57a98ed045f3ce91c98179de79461233e73f762bbe759e7cfdd7a7aea70318f291fd1a3f839ff68aa54c1b4ab4f591366ea75b85dec43129ed4a3b0520dc045d0188100b2e48d3fef16211f808673e76a4b96c43f38cc7736e8fc020373cfbb7436e7247e16eb6c6f59d092f7729f7d60e7e35f81f4bb2c9c3afc8c2897fbdb7bd14fe2b6c8afd130f82ac447c3084fb74f404515c20a875b36f17a571478", 0x8, 0x3f, 0xfffffffffffffffb, 0x1, 0x19d, 0x4, 0x40, "ea3ba6dfd7b34c6b2995a272814b08e4de4b333256d87b104d8f252b4ec830fce40161cd6314e3664707a2e4a490deb87af0eb091e5de15d68da52c976fa597064e08fe82b396f832a8dfa0cd90663028b56ddeed6dde856c521a95f983786910b6a0d120f86457e36"}) getpid() ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000080)=0x9) fstat(r0, &(0x7f00000000c0)) 2018/03/31 10:51:06 executing program 4: r0 = socket$inet6_sctp(0xa, 0x9, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:06 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x0, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 109.697801] FAULT_INJECTION: forcing a failure. [ 109.697801] name failslab, interval 1, probability 0, space 0, times 1 [ 109.709128] CPU: 0 PID: 8978 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #8 [ 109.716295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.725626] Call Trace: [ 109.728197] dump_stack+0x194/0x24d [ 109.731285] xprt_adjust_timeout: rq_timeout = 0! [ 109.731806] ? arch_local_irq_restore+0x53/0x53 [ 109.738751] FAULT_INJECTION: forcing a failure. [ 109.738751] name failslab, interval 1, probability 0, space 0, times 1 [ 109.741226] should_fail+0x8c0/0xa40 [ 109.741238] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 109.741253] ? find_held_lock+0x35/0x1d0 [ 109.741271] ? find_held_lock+0x35/0x1d0 [ 109.769301] ? __lock_is_held+0xb6/0x140 [ 109.773349] ? check_same_owner+0x320/0x320 [ 109.777648] ? rcu_note_context_switch+0x710/0x710 [ 109.782560] should_failslab+0xec/0x120 [ 109.786522] kmem_cache_alloc+0x47/0x760 [ 109.790565] __split_vma+0x10b/0x7b0 [ 109.794262] ? find_vma_prev+0x140/0x140 [ 109.798297] ? __vma_adjust+0x1790/0x1790 [ 109.802419] ? lock_acquire+0x1d5/0x580 [ 109.806370] ? lock_acquire+0x1d5/0x580 [ 109.810494] ? do_mlock+0x236/0x770 [ 109.814099] split_vma+0x8f/0xc0 [ 109.817442] mlock_fixup+0x370/0x4f0 [ 109.821128] ? vmacache_update+0xfe/0x130 [ 109.825258] apply_vma_lock_flags+0x285/0x370 [ 109.829731] ? mlock_fixup+0x4f0/0x4f0 [ 109.833597] ? down_read_killable+0x180/0x180 [ 109.838072] do_mlock+0x2d8/0x770 [ 109.841500] ? __sb_end_write+0xa0/0xd0 [ 109.845450] ? apply_vma_lock_flags+0x370/0x370 [ 109.850095] ? SyS_write+0x184/0x220 [ 109.853788] ? SyS_read+0x220/0x220 [ 109.857397] SyS_mlock2+0x4b/0x70 [ 109.860823] ? SyS_mlock+0x30/0x30 [ 109.864338] do_syscall_64+0x281/0x940 [ 109.868203] ? vmalloc_sync_all+0x30/0x30 [ 109.872326] ? _raw_spin_unlock_irq+0x27/0x70 [ 109.876798] ? finish_task_switch+0x1c1/0x7e0 [ 109.881272] ? syscall_return_slowpath+0x550/0x550 [ 109.886178] ? syscall_return_slowpath+0x2ac/0x550 [ 109.891087] ? prepare_exit_to_usermode+0x350/0x350 [ 109.896082] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 109.901425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 109.906257] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 109.911425] RIP: 0033:0x454e79 [ 109.914589] RSP: 002b:00007f27d673fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000145 [ 109.922276] RAX: ffffffffffffffda RBX: 00007f27d67406d4 RCX: 0000000000454e79 [ 109.929525] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020a91000 [ 109.936777] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 109.944119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 109.951365] R13: 00000000000003f2 R14: 00000000006f7f50 R15: 0000000000000000 [ 109.958629] CPU: 1 PID: 8984 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 109.965736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.975070] Call Trace: [ 109.977639] dump_stack+0x194/0x24d [ 109.981246] ? arch_local_irq_restore+0x53/0x53 [ 109.985918] should_fail+0x8c0/0xa40 [ 109.989620] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 109.994706] ? page_add_new_anon_rmap+0x750/0x750 [ 109.999536] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.004705] ? perf_trace_lock+0xd6/0x900 [ 110.008831] ? find_held_lock+0x35/0x1d0 [ 110.012879] ? check_same_owner+0x320/0x320 [ 110.017188] ? rcu_note_context_switch+0x710/0x710 [ 110.022094] ? reacquire_held_locks+0x1f9/0x3e0 [ 110.026747] ? alloc_set_pte+0xefd/0x1590 [ 110.030887] should_failslab+0xec/0x120 [ 110.034839] kmem_cache_alloc_node+0x56/0x760 [ 110.039319] ? print_irqtrace_events+0x270/0x270 [ 110.044052] ? filemap_map_pages+0x919/0x15d0 [ 110.048528] copy_process.part.38+0x1a21/0x4bd0 [ 110.053183] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.058352] ? __lock_is_held+0xb6/0x140 [ 110.062396] ? __cleanup_sighand+0x40/0x40 [ 110.066614] ? __lock_acquire+0x664/0x3e00 [ 110.070829] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.075996] ? __lock_acquire+0x664/0x3e00 [ 110.080207] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.085374] ? perf_trace_lock+0xd6/0x900 [ 110.089502] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.094668] ? perf_trace_lock+0xd6/0x900 [ 110.098794] ? mntput_no_expire+0x130/0xa90 [ 110.103095] ? trace_event_raw_event_lock+0x340/0x340 [ 110.108259] ? perf_trace_lock+0xd6/0x900 [ 110.112394] ? lock_acquire+0x1d5/0x580 [ 110.116341] ? trace_hardirqs_off+0x10/0x10 [ 110.120641] ? __fdget_pos+0x12b/0x190 [ 110.124517] ? perf_trace_lock+0xd6/0x900 [ 110.128643] ? trace_event_raw_event_lock+0x340/0x340 [ 110.133820] ? find_held_lock+0x35/0x1d0 [ 110.137863] ? perf_trace_lock+0xd6/0x900 [ 110.141993] ? trace_event_raw_event_lock+0x340/0x340 [ 110.147159] ? _parse_integer+0x140/0x140 [ 110.151284] ? check_same_owner+0x320/0x320 [ 110.155589] ? find_held_lock+0x35/0x1d0 [ 110.159626] ? trace_hardirqs_off+0x10/0x10 [ 110.163923] ? get_pid_task+0x93/0x140 [ 110.167799] ? perf_trace_lock+0xd6/0x900 [ 110.171929] ? find_held_lock+0x35/0x1d0 [ 110.175972] ? __f_unlock_pos+0x19/0x20 [ 110.179923] ? lock_downgrade+0x980/0x980 [ 110.184044] ? get_pid_task+0xbc/0x140 [ 110.187904] ? proc_fail_nth_write+0x9b/0x1d0 [ 110.192373] ? map_files_get_link+0x3a0/0x3a0 [ 110.196843] ? handle_mm_fault+0x35b/0xb10 [ 110.201055] _do_fork+0x1f7/0xf70 [ 110.204489] ? fork_idle+0x2d0/0x2d0 [ 110.208181] ? wait_for_completion+0x770/0x770 [ 110.212756] ? __sb_end_write+0xa0/0xd0 [ 110.216713] ? fput+0xd2/0x140 [ 110.219883] ? SyS_write+0x184/0x220 [ 110.223573] ? SyS_read+0x220/0x220 [ 110.227176] SyS_clone+0x37/0x50 [ 110.230516] ? sys_vfork+0x30/0x30 [ 110.234035] do_syscall_64+0x281/0x940 [ 110.237898] ? vmalloc_sync_all+0x30/0x30 [ 110.242022] ? _raw_spin_unlock_irq+0x27/0x70 [ 110.246499] ? finish_task_switch+0x1c1/0x7e0 [ 110.250969] ? syscall_return_slowpath+0x550/0x550 [ 110.255874] ? syscall_return_slowpath+0x2ac/0x550 [ 110.260778] ? prepare_exit_to_usermode+0x350/0x350 [ 110.265772] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 110.271113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 110.275957] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 110.281139] RIP: 0033:0x454e79 [ 110.284308] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 110.291990] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 2018/03/31 10:51:06 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:06 executing program 3: r0 = userfaultfd(0x0) r1 = gettid() ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e8dfe8)={0xaa}) r2 = accept(r0, &(0x7f0000000140)=@nl, &(0x7f00000001c0)=0x80) setsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000200)=0x8, 0x1) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000c20000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f000075ef4e)=""/178, 0xb2}], 0x1000000000000363, &(0x7f000088efe0)=[{&(0x7f0000000040)=""/83, 0xfffffe83}], 0x1, 0x0) mmap(&(0x7f0000000000/0xfb2000)=nil, 0xfb2000, 0xfffffffffffffffd, 0x32, 0xffffffffffffffff, 0x0) close(r0) socketpair$inet6(0xa, 0xa, 0x3, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000100)={0x8, 0xa163, 0x3, 0x5}, 0x8) 2018/03/31 10:51:07 executing program 5 (fault-call:11 fault-nth:1): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 110.299236] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 110.306478] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 110.313725] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 110.320968] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000000 2018/03/31 10:51:07 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x0, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 110.364132] xprt_adjust_timeout: rq_timeout = 0! [ 110.397238] FAULT_INJECTION: forcing a failure. [ 110.397238] name failslab, interval 1, probability 0, space 0, times 0 [ 110.408655] CPU: 1 PID: 9007 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #8 [ 110.415739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.425070] Call Trace: [ 110.427639] dump_stack+0x194/0x24d [ 110.431248] ? arch_local_irq_restore+0x53/0x53 [ 110.435897] ? rcutorture_record_progress+0x10/0x10 [ 110.440900] should_fail+0x8c0/0xa40 2018/03/31 10:51:07 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x1) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000001300000028a4a78f27b1a9e4ccc9698d8375b0d70979aca727e8438ab36c1a9dfed9a234fdb46896f3bffcd1e7257d2d42941756cfacc2757b6ba5ab59e6da30263761ae5c1c32ca62f584fd920000000000000000000000000000000000000000000000000000000000000000000000"], 0x1) 2018/03/31 10:51:07 executing program 6 (fault-call:10 fault-nth:1): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:07 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:07 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) recvmmsg(r0, &(0x7f00000034c0)=[{{&(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000180)=""/1, 0x1}, {&(0x7f00000001c0)=""/74, 0x4a}, {&(0x7f0000000240)=""/150, 0x96}], 0x3, &(0x7f0000000340)=""/217, 0xd9, 0x7fffffff}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/4096, 0x1000}, {&(0x7f0000002440)=""/184, 0xb8}], 0x3, &(0x7f0000002540), 0x0, 0x875}, 0x9}, {{0x0, 0x0, &(0x7f0000002bc0)=[{&(0x7f0000002580)=""/219, 0xdb}, {&(0x7f0000002680)=""/213, 0xd5}, {&(0x7f0000002780)=""/244, 0xf4}, {&(0x7f0000002880)=""/67, 0x43}, {&(0x7f0000002900)=""/106, 0x6a}, {&(0x7f0000002980)=""/44, 0x2c}, {&(0x7f00000029c0)=""/240, 0xf0}, {&(0x7f0000002ac0)=""/198, 0xc6}], 0x8, &(0x7f0000002c40)=""/235, 0xeb, 0xfffffffffffffffd}}, {{&(0x7f0000002d40)=@ethernet, 0x80, &(0x7f0000003180)=[{&(0x7f0000002dc0)=""/89, 0x59}, {&(0x7f0000002e40)=""/192, 0xc0}, {&(0x7f0000002f00)=""/219, 0xdb}, {&(0x7f0000003000)=""/219, 0xdb}, {&(0x7f0000003100)=""/121, 0x79}], 0x5, &(0x7f0000003200)=""/223, 0xdf, 0x8}, 0xdb07}, {{&(0x7f0000003300)=@hci={0x0, 0x0}, 0x80, &(0x7f0000003400)=[{&(0x7f0000003380)=""/111, 0x6f}], 0x1, &(0x7f0000003440)=""/108, 0x6c, 0x4}, 0x8c5}], 0x5, 0x94c67843f14b0bc3, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000003600)={@empty, r1}, 0x14) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) [ 110.444589] ? kernel_text_address+0xd1/0xe0 [ 110.448976] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 110.454054] ? unwind_get_return_address+0x61/0xa0 [ 110.458956] ? __save_stack_trace+0x7e/0xd0 [ 110.463260] ? save_stack+0xa3/0xd0 [ 110.466869] ? save_stack+0x43/0xd0 [ 110.470479] ? kasan_kmalloc+0xad/0xe0 [ 110.474352] ? kasan_slab_alloc+0x12/0x20 [ 110.478475] ? kmem_cache_alloc+0x12e/0x760 [ 110.482779] ? __split_vma+0x10b/0x7b0 [ 110.486643] ? split_vma+0x8f/0xc0 [ 110.490159] ? mlock_fixup+0x370/0x4f0 [ 110.494019] ? apply_vma_lock_flags+0x285/0x370 [ 110.498662] ? do_mlock+0x2d8/0x770 [ 110.502266] ? SyS_mlock2+0x4b/0x70 [ 110.505884] ? do_syscall_64+0x281/0x940 [ 110.508788] FAULT_INJECTION: forcing a failure. [ 110.508788] name failslab, interval 1, probability 0, space 0, times 0 [ 110.509923] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 110.509935] ? percpu_ref_put_many+0x11a/0x220 [ 110.509945] ? lock_downgrade+0x980/0x980 [ 110.509954] ? lock_release+0xa40/0xa40 [ 110.509960] ? print_irqtrace_events+0x270/0x270 [ 110.509968] ? trace_hardirqs_off+0x10/0x10 [ 110.509980] ? __lock_is_held+0xb6/0x140 [ 110.552199] should_failslab+0xec/0x120 [ 110.556152] kmem_cache_alloc+0x47/0x760 [ 110.560196] ? __lock_is_held+0xb6/0x140 [ 110.564232] anon_vma_clone+0x139/0x700 [ 110.568183] ? unlink_anon_vmas+0x9f0/0x9f0 [ 110.572495] __split_vma+0x2f7/0x7b0 [ 110.576187] ? find_vma_prev+0x140/0x140 [ 110.580222] ? __vma_adjust+0x1790/0x1790 [ 110.584461] ? lock_acquire+0x1d5/0x580 [ 110.588413] ? lock_acquire+0x1d5/0x580 [ 110.592364] split_vma+0x8f/0xc0 [ 110.595705] mlock_fixup+0x370/0x4f0 [ 110.599391] ? vmacache_update+0xfe/0x130 [ 110.603519] apply_vma_lock_flags+0x285/0x370 [ 110.607993] ? mlock_fixup+0x4f0/0x4f0 [ 110.611871] ? down_read_killable+0x180/0x180 [ 110.616344] do_mlock+0x2d8/0x770 [ 110.619772] ? __sb_end_write+0xa0/0xd0 [ 110.623721] ? apply_vma_lock_flags+0x370/0x370 [ 110.631159] ? SyS_write+0x184/0x220 [ 110.634938] ? SyS_read+0x220/0x220 [ 110.638546] SyS_mlock2+0x4b/0x70 [ 110.641976] ? SyS_mlock+0x30/0x30 [ 110.645490] do_syscall_64+0x281/0x940 [ 110.649352] ? vmalloc_sync_all+0x30/0x30 [ 110.653476] ? _raw_spin_unlock_irq+0x27/0x70 [ 110.657947] ? finish_task_switch+0x1c1/0x7e0 [ 110.662419] ? syscall_return_slowpath+0x550/0x550 [ 110.667323] ? syscall_return_slowpath+0x2ac/0x550 [ 110.672229] ? prepare_exit_to_usermode+0x350/0x350 [ 110.677221] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 110.682570] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 110.687403] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 110.692568] RIP: 0033:0x454e79 [ 110.695743] RSP: 002b:00007f27d673fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000145 [ 110.703425] RAX: ffffffffffffffda RBX: 00007f27d67406d4 RCX: 0000000000454e79 [ 110.710671] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020a91000 [ 110.717917] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 110.725162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 110.732409] R13: 00000000000003f2 R14: 00000000006f7f50 R15: 0000000000000001 [ 110.739668] CPU: 0 PID: 9014 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 110.746778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.756108] Call Trace: [ 110.758679] dump_stack+0x194/0x24d [ 110.762281] ? arch_local_irq_restore+0x53/0x53 [ 110.766958] should_fail+0x8c0/0xa40 [ 110.770666] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 110.775755] ? percpu_ref_put_many+0x132/0x220 [ 110.780319] ? memcg_kmem_charge_memcg+0x74/0x110 [ 110.785139] ? percpu_ref_tryget_live+0x2f0/0x2f0 [ 110.789963] ? find_held_lock+0x35/0x1d0 [ 110.794014] ? check_same_owner+0x320/0x320 [ 110.798313] ? rcu_note_context_switch+0x710/0x710 [ 110.803228] should_failslab+0xec/0x120 [ 110.807178] kmem_cache_alloc+0x47/0x760 [ 110.811217] ? percpu_ref_put_many+0x132/0x220 [ 110.815782] ? rcu_pm_notify+0xc0/0xc0 [ 110.819649] prepare_creds+0x78/0x360 [ 110.823422] ? abort_creds+0x130/0x130 [ 110.827284] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 110.832280] copy_creds+0x7b/0x3a0 [ 110.835792] ? lockdep_init_map+0x9/0x10 [ 110.839827] copy_process.part.38+0xb64/0x4bd0 [ 110.844387] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.849558] ? __lock_is_held+0xb6/0x140 [ 110.853598] ? __cleanup_sighand+0x40/0x40 [ 110.857814] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.862982] ? __lock_acquire+0x664/0x3e00 [ 110.867193] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.872359] ? perf_trace_lock+0xd6/0x900 [ 110.876484] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 110.881648] ? perf_trace_lock+0xd6/0x900 [ 110.885775] ? mntput_no_expire+0x130/0xa90 [ 110.890081] ? trace_event_raw_event_lock+0x340/0x340 [ 110.895246] ? perf_trace_lock+0xd6/0x900 [ 110.899370] ? lock_acquire+0x1d5/0x580 [ 110.903328] ? trace_hardirqs_off+0x10/0x10 [ 110.907625] ? __fdget_pos+0x12b/0x190 [ 110.911487] ? perf_trace_lock+0xd6/0x900 [ 110.915614] ? trace_event_raw_event_lock+0x340/0x340 [ 110.920780] ? find_held_lock+0x35/0x1d0 [ 110.924817] ? perf_trace_lock+0xd6/0x900 [ 110.928947] ? trace_event_raw_event_lock+0x340/0x340 [ 110.934119] ? _parse_integer+0x140/0x140 [ 110.938246] ? check_same_owner+0x320/0x320 [ 110.942548] ? trace_hardirqs_off+0x10/0x10 [ 110.946867] ? get_pid_task+0x93/0x140 [ 110.950732] ? perf_trace_lock+0xd6/0x900 [ 110.954861] ? find_held_lock+0x35/0x1d0 [ 110.958904] ? __f_unlock_pos+0x19/0x20 [ 110.962858] ? lock_downgrade+0x980/0x980 [ 110.966984] ? get_pid_task+0xbc/0x140 [ 110.970854] ? proc_fail_nth_write+0x9b/0x1d0 [ 110.975326] ? map_files_get_link+0x3a0/0x3a0 [ 110.979802] ? handle_mm_fault+0x35b/0xb10 [ 110.984021] _do_fork+0x1f7/0xf70 [ 110.987459] ? fork_idle+0x2d0/0x2d0 [ 110.991325] ? wait_for_completion+0x770/0x770 [ 110.995902] ? __sb_end_write+0xa0/0xd0 [ 110.999857] ? fput+0xd2/0x140 [ 111.003026] ? SyS_write+0x184/0x220 [ 111.006729] ? SyS_read+0x220/0x220 [ 111.010340] SyS_clone+0x37/0x50 [ 111.014428] ? sys_vfork+0x30/0x30 [ 111.017950] do_syscall_64+0x281/0x940 [ 111.021820] ? vmalloc_sync_all+0x30/0x30 [ 111.025943] ? _raw_spin_unlock_irq+0x27/0x70 [ 111.030414] ? finish_task_switch+0x1c1/0x7e0 [ 111.034888] ? syscall_return_slowpath+0x550/0x550 [ 111.039797] ? syscall_return_slowpath+0x2ac/0x550 [ 111.044715] ? prepare_exit_to_usermode+0x350/0x350 [ 111.049723] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 111.055068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.059898] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 111.065061] RIP: 0033:0x454e79 [ 111.068226] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 111.075915] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 111.083172] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 111.090420] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 111.097675] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 111.104924] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000001 [ 111.120425] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:07 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:07 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x0, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:07 executing program 6 (fault-call:10 fault-nth:2): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:07 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:07 executing program 3: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x100, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000040)={0x153}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x3, &(0x7f0000000140)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x15, 0x25}, [], {0x95}}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 2018/03/31 10:51:07 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x87}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) write$eventfd(r1, &(0x7f0000000080)=0x200, 0x8) 2018/03/31 10:51:07 executing program 5 (fault-call:11 fault-nth:2): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 111.154073] xprt_adjust_timeout: rq_timeout = 0! [ 111.209956] FAULT_INJECTION: forcing a failure. [ 111.209956] name failslab, interval 1, probability 0, space 0, times 0 [ 111.221347] CPU: 0 PID: 9043 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 111.229050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.238385] Call Trace: [ 111.240960] dump_stack+0x194/0x24d [ 111.244565] ? arch_local_irq_restore+0x53/0x53 [ 111.249215] should_fail+0x8c0/0xa40 [ 111.252906] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 111.257990] ? lock_downgrade+0x980/0x980 [ 111.262115] ? lock_release+0xa40/0xa40 [ 111.266068] ? do_raw_spin_trylock+0x190/0x190 [ 111.270626] ? find_held_lock+0x35/0x1d0 [ 111.274753] ? check_same_owner+0x320/0x320 [ 111.279049] ? mntput+0x66/0x90 [ 111.282303] ? rcu_note_context_switch+0x710/0x710 [ 111.287203] ? path_put+0x50/0x70 [ 111.290632] should_failslab+0xec/0x120 [ 111.294583] kmem_cache_alloc+0x47/0x760 [ 111.298616] ? rcu_pm_notify+0xc0/0xc0 [ 111.302482] create_user_ns+0x224/0xc30 [ 111.306432] ? kmem_cache_alloc+0x466/0x760 [ 111.310732] ? userns_put+0x90/0x90 [ 111.314338] ? security_prepare_creds+0x89/0xb0 [ 111.318990] ? prepare_creds+0x2ba/0x360 [ 111.323025] ? abort_creds+0x130/0x130 [ 111.326887] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 111.331883] copy_creds+0x2c4/0x3a0 [ 111.335487] ? lockdep_init_map+0x9/0x10 [ 111.339526] copy_process.part.38+0xb64/0x4bd0 [ 111.344085] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 111.349249] ? __lock_is_held+0xb6/0x140 [ 111.353285] ? __cleanup_sighand+0x40/0x40 [ 111.357496] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 111.362664] ? __lock_acquire+0x664/0x3e00 [ 111.366872] ? perf_trace_lock+0x900/0x900 [ 111.371080] ? perf_trace_lock_acquire+0xe3/0x980 [ 111.375901] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 111.381062] ? perf_trace_lock_acquire+0xe3/0x980 [ 111.385878] ? print_irqtrace_events+0x270/0x270 [ 111.390605] ? perf_trace_lock+0x900/0x900 [ 111.394814] ? lock_acquire+0x1d5/0x580 [ 111.398765] ? trace_hardirqs_off+0x10/0x10 [ 111.403060] ? __fdget_pos+0x12b/0x190 [ 111.406923] ? perf_trace_lock_acquire+0xe3/0x980 [ 111.412433] ? __lock_acquire+0x664/0x3e00 [ 111.416644] ? perf_trace_lock+0x900/0x900 [ 111.420860] ? find_held_lock+0x35/0x1d0 [ 111.424898] ? trace_hardirqs_off+0x10/0x10 [ 111.429196] ? _parse_integer+0xe9/0x140 [ 111.433232] ? trace_hardirqs_off+0x10/0x10 [ 111.437526] ? _parse_integer+0x140/0x140 [ 111.441649] ? trace_hardirqs_off+0x10/0x10 [ 111.445944] ? get_pid_task+0x93/0x140 [ 111.449807] ? lock_downgrade+0x980/0x980 [ 111.453928] ? find_held_lock+0x35/0x1d0 [ 111.457962] ? __f_unlock_pos+0x19/0x20 [ 111.461909] ? lock_downgrade+0x980/0x980 [ 111.466027] ? get_pid_task+0xbc/0x140 [ 111.469894] ? proc_fail_nth_write+0x9b/0x1d0 [ 111.474366] ? map_files_get_link+0x3a0/0x3a0 [ 111.478833] ? handle_mm_fault+0x35b/0xb10 [ 111.483044] _do_fork+0x1f7/0xf70 [ 111.486472] ? fork_idle+0x2d0/0x2d0 [ 111.490158] ? wait_for_completion+0x770/0x770 [ 111.494715] ? __lock_is_held+0xb6/0x140 [ 111.498762] ? __sb_end_write+0xa0/0xd0 [ 111.502713] ? fput+0xd2/0x140 [ 111.505880] ? SyS_write+0x184/0x220 [ 111.509566] ? SyS_read+0x220/0x220 [ 111.513169] SyS_clone+0x37/0x50 [ 111.516506] ? sys_vfork+0x30/0x30 [ 111.520020] do_syscall_64+0x281/0x940 [ 111.523891] ? vmalloc_sync_all+0x30/0x30 [ 111.528013] ? _raw_spin_unlock_irq+0x27/0x70 [ 111.532485] ? finish_task_switch+0x1c1/0x7e0 [ 111.536955] ? syscall_return_slowpath+0x550/0x550 [ 111.541856] ? syscall_return_slowpath+0x2ac/0x550 [ 111.546759] ? prepare_exit_to_usermode+0x350/0x350 [ 111.551750] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 111.557088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.561909] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 111.567071] RIP: 0033:0x454e79 [ 111.570232] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 111.577913] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 111.585157] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 111.592401] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 111.599647] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 2018/03/31 10:51:08 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000006280)={{{@in=@local, @in=@loopback}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000006380)=0xe8) sendmmsg(0xffffffffffffffff, &(0x7f0000006680), 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xe24, 0x400) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) getpid() setns(0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000700)={0x0, 0x0}, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000480)) ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f0000000040)={0xfff6, 0x20, 0x2, 0x2, 0x9}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r3, r3, 0xfffffffffffffffd) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000460fe4)={0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}) 2018/03/31 10:51:08 executing program 6 (fault-call:10 fault-nth:3): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 111.606898] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000002 2018/03/31 10:51:08 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x0, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:08 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) dup2(r1, r0) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x0, 0x0) 2018/03/31 10:51:08 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x0, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 111.638378] xprt_adjust_timeout: rq_timeout = 0! [ 111.658484] FAULT_INJECTION: forcing a failure. [ 111.658484] name failslab, interval 1, probability 0, space 0, times 0 [ 111.669873] CPU: 1 PID: 9064 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 111.676950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.686282] Call Trace: 2018/03/31 10:51:08 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'system.', 'security.capability\x00'}, &(0x7f0000000080)='-usermime_type\x00', 0xf, 0x2) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 111.688852] dump_stack+0x194/0x24d [ 111.692462] ? arch_local_irq_restore+0x53/0x53 [ 111.697110] ? create_user_ns+0x642/0xc30 [ 111.701237] ? is_bpf_text_address+0xa4/0x120 [ 111.705721] should_fail+0x8c0/0xa40 [ 111.709429] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 111.714508] ? __debug_object_init+0x235/0x1040 [ 111.719162] ? find_held_lock+0x35/0x1d0 [ 111.723221] ? check_same_owner+0x320/0x320 [ 111.727525] ? rcu_note_context_switch+0x710/0x710 [ 111.732437] should_failslab+0xec/0x120 2018/03/31 10:51:08 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) msync(&(0x7f0000a93000/0x3000)=nil, 0x3000, 0x4) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 111.736390] __kmalloc_track_caller+0x5f/0x760 [ 111.740952] ? ida_simple_get+0x176/0x220 [ 111.745076] ? setup_userns_sysctls+0x50/0x190 [ 111.749637] kmemdup+0x24/0x50 [ 111.752811] setup_userns_sysctls+0x50/0x190 [ 111.757203] create_user_ns+0x6d0/0xc30 [ 111.761158] ? userns_put+0x90/0x90 [ 111.764782] ? security_prepare_creds+0x89/0xb0 [ 111.769433] ? prepare_creds+0x2ba/0x360 [ 111.773468] ? abort_creds+0x130/0x130 [ 111.777333] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 111.782330] copy_creds+0x2c4/0x3a0 [ 111.785940] ? lockdep_init_map+0x9/0x10 [ 111.790086] copy_process.part.38+0xb64/0x4bd0 [ 111.794653] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 111.799826] ? __lock_is_held+0xb6/0x140 [ 111.803872] ? __cleanup_sighand+0x40/0x40 [ 111.808091] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 111.813259] ? __lock_acquire+0x664/0x3e00 [ 111.817487] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 111.822657] ? perf_trace_lock+0xd6/0x900 [ 111.826793] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 111.831956] ? perf_trace_lock+0xd6/0x900 [ 111.836081] ? mntput_no_expire+0x130/0xa90 [ 111.840381] ? trace_event_raw_event_lock+0x340/0x340 [ 111.845541] ? perf_trace_lock+0xd6/0x900 [ 111.849667] ? lock_acquire+0x1d5/0x580 [ 111.853617] ? trace_hardirqs_off+0x10/0x10 [ 111.857913] ? __fdget_pos+0x12b/0x190 [ 111.861780] ? perf_trace_lock+0xd6/0x900 [ 111.865910] ? trace_event_raw_event_lock+0x340/0x340 [ 111.871077] ? find_held_lock+0x35/0x1d0 [ 111.875124] ? perf_trace_lock+0xd6/0x900 [ 111.879250] ? trace_event_raw_event_lock+0x340/0x340 [ 111.884416] ? _parse_integer+0x140/0x140 [ 111.888539] ? check_same_owner+0x320/0x320 [ 111.892842] ? trace_hardirqs_off+0x10/0x10 [ 111.897141] ? get_pid_task+0x93/0x140 [ 111.901006] ? perf_trace_lock+0xd6/0x900 [ 111.905134] ? find_held_lock+0x35/0x1d0 [ 111.909173] ? __f_unlock_pos+0x19/0x20 [ 111.913124] ? lock_downgrade+0x980/0x980 [ 111.917247] ? get_pid_task+0xbc/0x140 [ 111.921129] ? proc_fail_nth_write+0x9b/0x1d0 [ 111.925625] ? map_files_get_link+0x3a0/0x3a0 [ 111.930107] ? handle_mm_fault+0x35b/0xb10 [ 111.934320] _do_fork+0x1f7/0xf70 [ 111.937769] ? fork_idle+0x2d0/0x2d0 [ 111.941463] ? wait_for_completion+0x770/0x770 [ 111.946042] ? __sb_end_write+0xa0/0xd0 [ 111.949998] ? fput+0xd2/0x140 [ 111.953177] ? SyS_write+0x184/0x220 [ 111.956870] ? SyS_read+0x220/0x220 [ 111.960478] SyS_clone+0x37/0x50 [ 111.963824] ? sys_vfork+0x30/0x30 [ 111.967344] do_syscall_64+0x281/0x940 [ 111.971210] ? vmalloc_sync_all+0x30/0x30 [ 111.975358] ? _raw_spin_unlock_irq+0x27/0x70 [ 111.979833] ? finish_task_switch+0x1c1/0x7e0 [ 111.984308] ? syscall_return_slowpath+0x550/0x550 [ 111.989214] ? syscall_return_slowpath+0x2ac/0x550 [ 111.994121] ? prepare_exit_to_usermode+0x350/0x350 [ 111.999124] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 112.004471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 112.009296] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 112.014464] RIP: 0033:0x454e79 [ 112.017632] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 112.025320] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 112.032667] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 112.039916] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 112.047163] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 112.054413] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000003 [ 112.137098] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 112.191117] binder: undelivered death notification, 0000000000000000 [ 112.202950] binder: BINDER_SET_CONTEXT_MGR already set [ 112.208464] binder: 9109:9110 ioctl 40046207 0 returned -16 [ 112.217729] binder: 9109:9110 Acquire 1 refcount change on invalid ref 0 ret -22 [ 112.225515] binder: 9109:9110 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 113.002664] binder: 9109:9112 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:09 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:09 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) write$rdma_cm(r0, &(0x7f0000002b80)=@create_id={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000002b40)={0xffffffff}, 0x13f, 0xf}}, 0x20) r4 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x8, 0x20000) setsockopt$RDS_RECVERR(r4, 0x114, 0x5, &(0x7f0000000040)=0x1, 0x4) write$rdma_cm(r2, &(0x7f0000002bc0)=@connect={0x6, 0x118, 0xfa00, {{0xde8c, 0x1, "7560b5a0f8c4f24fe86ffcddef3ba4f77b8919b6427d2c7fe79204ce380b39f338e7f9f7a9adab341ea26773b0c6a97be5e6b780cc2151885df5538cd394323f4f20f5f945fdac56852c8350abec9e1ca31ff332adda353c8e02661d82e3d1078ba4a648d8c0013d8a1f99d8d250c3ab6d4c741e3526b64fa1d539e3cd99f08f9acfae42eab3d152cbdb565e6e69593e3adb30b0d542a14180c8cd890d85ba2460bac90998b8994bb4c0df1fa02bc28c1b3729ac093afe198488c7a6766d7025704f3b93c67d582ccb8d433300b16064ddf4a5b51b66a9d8a9973cd90f055956a4f509b12cdb61dad52188cf360aa69ac50b9699804f56825870b48b0eab79ac", 0x9e, 0xfffffffffffffffb, 0x7e, 0xd, 0xffffffffffffff8e, 0xdc7, 0x7, 0x1}, r3}}, 0x120) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) flistxattr(r2, &(0x7f0000000700)=""/4096, 0x1000) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:09 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x673f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000040)={0x0, 0x19, "8abf99e90623fcdf45f03e151ade0ba6dd16076a2b3803a08a"}, &(0x7f0000000080)=0x21) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000200)={r1, 0x7, 0x6}, &(0x7f0000000240)=0x8) 2018/03/31 10:51:09 executing program 6 (fault-call:10 fault-nth:4): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:09 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x0, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:09 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:09 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x0, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 113.174595] FAULT_INJECTION: forcing a failure. [ 113.174595] name failslab, interval 1, probability 0, space 0, times 0 [ 113.185913] CPU: 1 PID: 9122 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 113.193020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.202381] Call Trace: [ 113.204979] dump_stack+0x194/0x24d [ 113.208618] ? arch_local_irq_restore+0x53/0x53 [ 113.213282] ? kernel_text_address+0xd1/0xe0 [ 113.217686] ? __unwind_start+0x169/0x330 [ 113.221840] should_fail+0x8c0/0xa40 [ 113.225546] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 113.230639] ? save_stack+0xa3/0xd0 [ 113.234248] ? save_stack+0x43/0xd0 [ 113.237857] ? kasan_kmalloc+0xad/0xe0 [ 113.241724] ? __kmalloc_track_caller+0x15e/0x760 [ 113.246545] ? kmemdup+0x24/0x50 [ 113.249892] ? setup_userns_sysctls+0x50/0x190 [ 113.254458] ? create_user_ns+0x6d0/0xc30 [ 113.259284] ? find_held_lock+0x35/0x1d0 [ 113.263370] ? check_same_owner+0x320/0x320 [ 113.267679] ? rcu_note_context_switch+0x710/0x710 [ 113.272608] should_failslab+0xec/0x120 [ 113.276568] __kmalloc+0x63/0x760 [ 113.280015] ? rcu_read_lock_sched_held+0x108/0x120 [ 113.285022] ? __register_sysctl_table+0xca/0x10b0 [ 113.289940] ? __kmalloc_track_caller+0x46a/0x760 [ 113.294777] __register_sysctl_table+0xca/0x10b0 [ 113.299517] ? setup_userns_sysctls+0x50/0x190 [ 113.304094] setup_userns_sysctls+0xbc/0x190 [ 113.308505] create_user_ns+0x6d0/0xc30 [ 113.312474] ? userns_put+0x90/0x90 [ 113.316084] ? security_prepare_creds+0x89/0xb0 [ 113.320744] ? prepare_creds+0x2ba/0x360 [ 113.324787] ? abort_creds+0x130/0x130 [ 113.328661] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 113.333668] copy_creds+0x2c4/0x3a0 [ 113.337275] ? lockdep_init_map+0x9/0x10 [ 113.341321] copy_process.part.38+0xb64/0x4bd0 [ 113.345895] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 113.351067] ? __lock_is_held+0xb6/0x140 [ 113.355121] ? __cleanup_sighand+0x40/0x40 [ 113.359351] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 113.364529] ? __lock_acquire+0x664/0x3e00 [ 113.368745] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 113.373917] ? perf_trace_lock+0xd6/0x900 [ 113.378056] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 113.383226] ? perf_trace_lock+0xd6/0x900 [ 113.387358] ? mntput_no_expire+0x130/0xa90 [ 113.391670] ? trace_event_raw_event_lock+0x340/0x340 [ 113.396840] ? perf_trace_lock+0xd6/0x900 [ 113.400976] ? lock_acquire+0x1d5/0x580 [ 113.404931] ? trace_hardirqs_off+0x10/0x10 [ 113.409233] ? __fdget_pos+0x12b/0x190 [ 113.413105] ? perf_trace_lock+0xd6/0x900 [ 113.417238] ? trace_event_raw_event_lock+0x340/0x340 [ 113.422412] ? find_held_lock+0x35/0x1d0 [ 113.426461] ? perf_trace_lock+0xd6/0x900 [ 113.430595] ? trace_event_raw_event_lock+0x340/0x340 [ 113.435767] ? _parse_integer+0x140/0x140 [ 113.439899] ? check_same_owner+0x320/0x320 [ 113.444208] ? trace_hardirqs_off+0x10/0x10 [ 113.448513] ? get_pid_task+0x93/0x140 [ 113.452384] ? perf_trace_lock+0xd6/0x900 [ 113.456516] ? find_held_lock+0x35/0x1d0 [ 113.460566] ? __f_unlock_pos+0x19/0x20 [ 113.464524] ? lock_downgrade+0x980/0x980 [ 113.468656] ? get_pid_task+0xbc/0x140 [ 113.472527] ? proc_fail_nth_write+0x9b/0x1d0 [ 113.477010] ? map_files_get_link+0x3a0/0x3a0 [ 113.481494] ? handle_mm_fault+0x35b/0xb10 [ 113.485718] _do_fork+0x1f7/0xf70 [ 113.489156] ? fork_idle+0x2d0/0x2d0 [ 113.492853] ? wait_for_completion+0x770/0x770 [ 113.497437] ? __sb_end_write+0xa0/0xd0 [ 113.501395] ? fput+0xd2/0x140 [ 113.504570] ? SyS_write+0x184/0x220 [ 113.508270] ? SyS_read+0x220/0x220 [ 113.511882] SyS_clone+0x37/0x50 [ 113.515225] ? sys_vfork+0x30/0x30 [ 113.518748] do_syscall_64+0x281/0x940 [ 113.522614] ? vmalloc_sync_all+0x30/0x30 [ 113.526743] ? _raw_spin_unlock_irq+0x27/0x70 [ 113.531220] ? finish_task_switch+0x1c1/0x7e0 [ 113.535701] ? syscall_return_slowpath+0x550/0x550 [ 113.540616] ? syscall_return_slowpath+0x2ac/0x550 [ 113.545530] ? prepare_exit_to_usermode+0x350/0x350 [ 113.550532] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 113.555883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 113.560717] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 113.565887] RIP: 0033:0x454e79 2018/03/31 10:51:10 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000fec000/0x14000)=nil, 0x14000) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)=ANY=[@ANYPTR64, @ANYRES16=r0, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYPTR=&(0x7f0000000000)=ANY=[@ANYRES64=r0]], @ANYBLOB="708ca5b4b1c5c77f671bbd6aa3f8a1105b3563f4c8f37d2e8a8607fac69c8ca58b069ca4697224b2cb512b66d90cc24a8fbb9758ecb4e8ba5d4a13c1d8f299863f2dcca0595415cf006751ed3bee25af1f5ab9bfac3ff5b70ace0c52f7d11ffb2c0661cfb19d4ca75f1cbfc74d62b8146dae25f716340513daf85bb85618e9596312b48f", @ANYRES64=r0, @ANYBLOB="5571aa1f07372a5e224cac13706af4afafdb671cd076290f205a137ad156148cb83ac22d1ca4ad64ad98927e338684937e2545778b5912a90ea5e01673b4e60e3ce20853b93f5ea25f9cf33f7410042c3864d138bd354ae1c824a1a0f862cd9ff8e1016d9f7432115c6e7c1e0d131c7f4ed4059b8a417794459ec8fa72a941e807f5960d8f3779dc", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB="ab608384c395aee5b2e2f0f19b42712f0d2fdd3e8b5309794d5fb6de22e3e4691dbc1a4fc14899fc2752692708543f351a2e2e120619584eec4d44c562624588d573e328284c1e73e6e1c38b4affdd7c4d425e8203a83154fffabb2065fa865ebba6382c054a934d00cd09d99d8e4b", @ANYRES16, @ANYPTR=&(0x7f0000000080)=ANY=[@ANYPTR], @ANYRES64], @ANYPTR=&(0x7f0000000700)=ANY=[@ANYBLOB="bf89b57a6010cb0448f438f43c2e1d0ce001570b3d227bef073515ea0e199cac3ffc32daf94040d05e9e3c830be2a90cfbe21fe3d03be008328b30486b71057abf240077a618c6f96cb1f101ccc4db90807664b5682ae968afa6ddb6fe6d4dfe155222229aa1ac2bb259b091cef273723eeda17345f2f7fa46811399f5c3bf9219c684421579b8d4c2f993c071594e5ea6c2d815f770abe56a75f31c45219160aa1fe29c84387a9fb01533f45b40cfadc0d63479f2a8aff504a5434e55396c79d48a89e5f3a1ff098de2c961453f16dbc938a854d6dba9b608788a", @ANYRES16=r0, @ANYRES64, @ANYRES64]], 0x136) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(r1, 0x40000000) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:10 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x100, 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, &(0x7f00000001c0)=""/22, &(0x7f0000000180)=0x12) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) [ 113.569057] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 113.576749] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 113.583998] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 113.591254] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 113.598501] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 113.605755] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000004 [ 113.617263] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:10 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x0, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:10 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x0, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:10 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x2) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 113.681884] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:10 executing program 6 (fault-call:10 fault-nth:5): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:10 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 113.784558] xprt_adjust_timeout: rq_timeout = 0! [ 113.791312] FAULT_INJECTION: forcing a failure. [ 113.791312] name failslab, interval 1, probability 0, space 0, times 0 [ 113.802628] CPU: 0 PID: 9163 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 113.809730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.819090] Call Trace: [ 113.821690] dump_stack+0x194/0x24d [ 113.825336] ? arch_local_irq_restore+0x53/0x53 [ 113.830022] ? __save_stack_trace+0x7e/0xd0 [ 113.834369] should_fail+0x8c0/0xa40 [ 113.838096] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 113.843209] ? trace_event_raw_event_lock+0x340/0x340 [ 113.848401] ? __kmalloc+0x162/0x760 [ 113.852121] ? setup_userns_sysctls+0xbc/0x190 [ 113.856700] ? create_user_ns+0x6d0/0xc30 [ 113.860838] ? copy_creds+0x2c4/0x3a0 [ 113.864626] ? copy_process.part.38+0xb64/0x4bd0 [ 113.869373] ? SyS_clone+0x37/0x50 [ 113.872901] ? do_syscall_64+0x281/0x940 [ 113.876948] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 113.882296] ? kmemdup+0x24/0x50 [ 113.885647] ? setup_userns_sysctls+0x50/0x190 [ 113.890216] ? find_held_lock+0x35/0x1d0 [ 113.894279] ? check_same_owner+0x320/0x320 [ 113.898597] ? __register_sysctl_table+0x90b/0x10b0 [ 113.903610] ? rcu_note_context_switch+0x710/0x710 [ 113.908531] should_failslab+0xec/0x120 [ 113.912490] __kmalloc+0x63/0x760 [ 113.915925] ? find_entry.isra.14+0x1d0/0x1d0 [ 113.920405] ? rcu_read_lock_sched_held+0x108/0x120 [ 113.925401] ? __register_sysctl_table+0x91d/0x10b0 [ 113.930405] __register_sysctl_table+0x91d/0x10b0 [ 113.935231] ? setup_userns_sysctls+0x50/0x190 [ 113.939803] setup_userns_sysctls+0xbc/0x190 [ 113.944205] create_user_ns+0x6d0/0xc30 [ 113.948166] ? userns_put+0x90/0x90 [ 113.951775] ? security_prepare_creds+0x89/0xb0 [ 113.956431] ? prepare_creds+0x2ba/0x360 [ 113.960483] ? abort_creds+0x130/0x130 [ 113.964355] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 113.969361] copy_creds+0x2c4/0x3a0 [ 113.972970] ? lockdep_init_map+0x9/0x10 [ 113.977028] copy_process.part.38+0xb64/0x4bd0 [ 113.981598] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 113.986768] ? __lock_is_held+0xb6/0x140 [ 113.990813] ? __cleanup_sighand+0x40/0x40 [ 113.995048] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.000225] ? __lock_acquire+0x664/0x3e00 [ 114.004441] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.009611] ? perf_trace_lock+0xd6/0x900 [ 114.013746] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.018915] ? perf_trace_lock+0xd6/0x900 [ 114.023047] ? mntput_no_expire+0x130/0xa90 [ 114.027355] ? trace_event_raw_event_lock+0x340/0x340 [ 114.032525] ? perf_trace_lock+0xd6/0x900 [ 114.036664] ? lock_acquire+0x1d5/0x580 [ 114.040620] ? trace_hardirqs_off+0x10/0x10 [ 114.045009] ? __fdget_pos+0x12b/0x190 [ 114.048884] ? perf_trace_lock+0xd6/0x900 [ 114.053023] ? trace_event_raw_event_lock+0x340/0x340 [ 114.058202] ? find_held_lock+0x35/0x1d0 [ 114.062250] ? perf_trace_lock+0xd6/0x900 [ 114.066386] ? trace_event_raw_event_lock+0x340/0x340 [ 114.071560] ? _parse_integer+0x140/0x140 [ 114.075694] ? check_same_owner+0x320/0x320 [ 114.080002] ? trace_hardirqs_off+0x10/0x10 [ 114.084328] ? get_pid_task+0x93/0x140 [ 114.088204] ? perf_trace_lock+0xd6/0x900 [ 114.092337] ? find_held_lock+0x35/0x1d0 [ 114.096388] ? __f_unlock_pos+0x19/0x20 [ 114.100344] ? lock_downgrade+0x980/0x980 [ 114.104472] ? get_pid_task+0xbc/0x140 [ 114.108340] ? proc_fail_nth_write+0x9b/0x1d0 [ 114.112815] ? map_files_get_link+0x3a0/0x3a0 [ 114.117293] ? handle_mm_fault+0x35b/0xb10 [ 114.121515] _do_fork+0x1f7/0xf70 [ 114.124951] ? fork_idle+0x2d0/0x2d0 [ 114.128644] ? wait_for_completion+0x770/0x770 [ 114.133230] ? __sb_end_write+0xa0/0xd0 [ 114.137188] ? fput+0xd2/0x140 [ 114.140362] ? SyS_write+0x184/0x220 [ 114.144062] ? SyS_read+0x220/0x220 [ 114.147699] SyS_clone+0x37/0x50 [ 114.151050] ? sys_vfork+0x30/0x30 [ 114.154578] do_syscall_64+0x281/0x940 [ 114.158448] ? vmalloc_sync_all+0x30/0x30 [ 114.162595] ? _raw_spin_unlock_irq+0x27/0x70 [ 114.167080] ? finish_task_switch+0x1c1/0x7e0 [ 114.171566] ? syscall_return_slowpath+0x550/0x550 [ 114.176476] ? syscall_return_slowpath+0x2ac/0x550 [ 114.181390] ? prepare_exit_to_usermode+0x350/0x350 [ 114.186390] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 114.191741] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.196573] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 114.201742] RIP: 0033:0x454e79 [ 114.204912] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 114.212607] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 114.219858] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 114.227108] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 114.234358] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 114.241608] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000005 [ 114.249536] sysctl could not get directory: //user -12 [ 114.256417] CPU: 0 PID: 9163 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 114.263523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.272882] Call Trace: [ 114.275480] dump_stack+0x194/0x24d [ 114.279121] ? arch_local_irq_restore+0x53/0x53 [ 114.283794] ? __register_sysctl_table+0x88e/0x10b0 [ 114.288812] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 114.293835] ? trace_hardirqs_on+0xd/0x10 [ 114.297990] __register_sysctl_table+0x893/0x10b0 [ 114.302837] ? setup_userns_sysctls+0x50/0x190 [ 114.307432] setup_userns_sysctls+0xbc/0x190 [ 114.311857] create_user_ns+0x6d0/0xc30 [ 114.315842] ? userns_put+0x90/0x90 [ 114.319474] ? security_prepare_creds+0x89/0xb0 [ 114.324154] ? prepare_creds+0x2ba/0x360 [ 114.328221] ? abort_creds+0x130/0x130 [ 114.332114] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 114.337143] copy_creds+0x2c4/0x3a0 [ 114.340773] ? lockdep_init_map+0x9/0x10 [ 114.344842] copy_process.part.38+0xb64/0x4bd0 [ 114.349427] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.354629] ? __lock_is_held+0xb6/0x140 [ 114.358703] ? __cleanup_sighand+0x40/0x40 [ 114.362959] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.368159] ? __lock_acquire+0x664/0x3e00 [ 114.372389] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.377588] ? perf_trace_lock+0xd6/0x900 [ 114.381732] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.386907] ? perf_trace_lock+0xd6/0x900 [ 114.391040] ? mntput_no_expire+0x130/0xa90 [ 114.395348] ? trace_event_raw_event_lock+0x340/0x340 [ 114.400515] ? perf_trace_lock+0xd6/0x900 [ 114.404651] ? lock_acquire+0x1d5/0x580 [ 114.408605] ? trace_hardirqs_off+0x10/0x10 [ 114.412909] ? __fdget_pos+0x12b/0x190 [ 114.416779] ? perf_trace_lock+0xd6/0x900 [ 114.420911] ? trace_event_raw_event_lock+0x340/0x340 [ 114.426084] ? find_held_lock+0x35/0x1d0 [ 114.430133] ? perf_trace_lock+0xd6/0x900 [ 114.434269] ? trace_event_raw_event_lock+0x340/0x340 [ 114.439439] ? _parse_integer+0x140/0x140 [ 114.443568] ? check_same_owner+0x320/0x320 [ 114.447878] ? trace_hardirqs_off+0x10/0x10 [ 114.452184] ? get_pid_task+0x93/0x140 [ 114.456058] ? perf_trace_lock+0xd6/0x900 [ 114.460190] ? find_held_lock+0x35/0x1d0 [ 114.464239] ? __f_unlock_pos+0x19/0x20 [ 114.468210] ? lock_downgrade+0x980/0x980 [ 114.472338] ? get_pid_task+0xbc/0x140 [ 114.476206] ? proc_fail_nth_write+0x9b/0x1d0 [ 114.480682] ? map_files_get_link+0x3a0/0x3a0 [ 114.485159] ? handle_mm_fault+0x35b/0xb10 [ 114.489378] _do_fork+0x1f7/0xf70 [ 114.492819] ? fork_idle+0x2d0/0x2d0 [ 114.496513] ? wait_for_completion+0x770/0x770 [ 114.501355] ? __sb_end_write+0xa0/0xd0 [ 114.505313] ? fput+0xd2/0x140 [ 114.508488] ? SyS_write+0x184/0x220 [ 114.512185] ? SyS_read+0x220/0x220 [ 114.515796] SyS_clone+0x37/0x50 [ 114.519143] ? sys_vfork+0x30/0x30 [ 114.522664] do_syscall_64+0x281/0x940 [ 114.526532] ? vmalloc_sync_all+0x30/0x30 [ 114.530666] ? _raw_spin_unlock_irq+0x27/0x70 [ 114.535143] ? finish_task_switch+0x1c1/0x7e0 [ 114.539620] ? syscall_return_slowpath+0x550/0x550 [ 114.544529] ? syscall_return_slowpath+0x2ac/0x550 [ 114.549440] ? prepare_exit_to_usermode+0x350/0x350 [ 114.554448] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 114.559795] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.564627] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 114.569797] RIP: 0033:0x454e79 [ 114.572964] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 114.580662] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 2018/03/31 10:51:10 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000003c80)=ANY=[@ANYPTR=&(0x7f00000016c0)=ANY=[], @ANYPTR64=&(0x7f0000001800)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYRES16=r0, @ANYPTR=&(0x7f0000001700)=ANY=[@ANYPTR, @ANYRES32, @ANYRES64=r0, @ANYRES32=r0, @ANYPTR64, @ANYRES32=r0, @ANYBLOB="d119fba92af4fe7f52f44745da9223eec86ec572e208e4a6910d3d6448bedea3039195cb410e316b913ab25049710ba71f3c56a716e3e7ddc65ba591d0b0ee365fa570b8e427c85b7d0ea8ff07411b8243dbe6b3316b3adc106d0dc0b6fce25db1b75ebb91520fe2e0724b32cd81c487f313cdaebe716f087c2c9f41da8dd0e50b7b309ac96e000daa3055ce89c316a4fa7f812325a615d71718025e4ac90451d577fa77fd4cb0"], @ANYRES16=r0], @ANYRES16=r1, @ANYRES64=r0, @ANYRES32=r0, @ANYRES64=r1, @ANYPTR64=&(0x7f0000003a00)=ANY=[@ANYPTR=&(0x7f0000001840)=ANY=[@ANYPTR64], @ANYRES64=r1, @ANYPTR64=&(0x7f0000001880)=ANY=[@ANYRES32, @ANYPTR, @ANYPTR, @ANYBLOB="69243a13aa399070049a9457d0d4e5ef5c327bdf673e3f52f3faaad328d1ed6da30210c86cafb538c9b614237de6b06bc968bf890a144e9db672ef631145cd59881d3a89322b1f3eaf2a9e6bc455bd05f9bc", @ANYRES32=r1, @ANYRES64, @ANYBLOB="73aa044d4a9ac0b4f010ed6d46055aea64bed6709f0832b82d0e7e6d5fd5da7b0810e7c86fa495b8ba4233ddd153253d5daf920314ae7cd61da8d51a3b5ce1489cd4d24387c5d7ec9ce8b6a111b40e4b08d4e1f56ebfe3b401b01a6e0b45e3c4215fc7d9e965c0043080cb44bd4091ee5e8cd7da9abbba1e9053826c908ccef385b1838464433e469821e068056358999fe00c5023b440cf128d6a6eb003e0a7ce37f7b7599bc1b5c85b6a58aa623b415b507fa17c0b384506eb19a5b250ac70299a90b2457c1d405bcc7037cfbeae1f459c", @ANYBLOB="ace0a99c115a2ad7d26ce8cfb55c466c2404c1b6c2de0fd5f8d3a4e3f95dd53fb71ddc842ead52de9e2ade5ada04547a6bbfcca87a27de131cd5ca99c08f1307e5d7352a2119ad42b18986c5a4a4a36a7285d933fd7242713652af23da29e372999894370c377a22abe6492b251d5875f7b7617daeb6137e841abfeba065680ec9d309572d2268f15b2619f32810389d84a2cb92c70bc0ffdcf6d1fa80053892cd8d8860ae8f7444c581ac71a167be8dcc26f4faa1c08f2d4688b0503768e23ff6964d2979942b9ad2e51c2193f4dafee125b0d78eb90ab08a91b08cdab22751220ac1c2728bc026332652e555cf01c5a2b14e1c1e041c04fd19b1c2ff118a2a43c9cd787224f29a67a51f3572ee8116cea986be673b886d89589750e1e471d1eb4d610c09cbe69cdcca0310d929b03e63f13086bebe1e57793281ae2fbff4b1ace79e34e6b97ad20ec6a9f26baefcb60af5a0a1d9d75277f9c5ac04ac55106cd2310fe3474b0ff9e425b5c068a7836b90d421c7622b752a4d4a510d81e32351327db0d65aa1c7a9cb578e6aefedaf03cf7dc319459b686e4b458ad7ca98b041cf3ccfd910346b95da57fee2e24974dc278647cb938c61c86902de5c03a57c6d0aa2449cd0bcfceb0e8e2484237af0a817e23235df1aa5dfa91eeef102886299e2962760f2fdc54f944fb20f54b39b8d11273a428eb74901b82285debd2f6abc80c142a19f8a94a8d2f19f62468476ce688a61ef58da2a56f200450042c21135579dbc1428d6eb8b4d3026ce48983d0d93a115bd77617648d71d2554907ba6bb77a9f81ca064716e04ea5c1b3fe20471ceed436ba51e8939802d0b463b88bca996b392b2fc04ae24e3e1956261f2c1347094e8d2c2572108cd8809af1e3de63a896c584f75b50a14542ba52b12d65d8f10ff252bfe39b5e37e95f14ef902f595db04a7e533f2dd1af8d20b2e7c6d0222c7a970cc4b53a6a1e8897bd80cc5bc0d75bcbe53020eae0caeb32e04795c1b73246b20f252e33b8106cd7ac5ea8b88b97c213a6057480c0006c21216023b26e63bad29ee6cb2fca245654933158c46691a9a87e9d102fb0f82659327467bbd36e374bce4622eb7da318241d6cb29c46d64b5b3da838475fd3c0f21d8f41cc1f35b07754bce3386761cfdbc01816fea6017556488493788aa6f2a037b249141486dc5c61720bc686e87b5ac5c2dca0c483a9c65b68f97b8f0dfa0637e34bc9f8b531d71f9ed8471377d7a327646d2c4ad82d2a0f19da8f3fdd2d099e3d9ce7b4a2cb9f3170e930c8346d6d9d5ea06870a76af340ce4780bc3aa27885cfcf6b9ff8b7ba580bd856ad7dfa5d7b7838cdad554d68db7185b4c8ac79e4ae3808f314de19683217f7838fb5700c0afe79cad4ef1d5417b931a8d06d8943769b39a8f5736403b7ffbc0b65846909adcaeb27cf6230b863923d848d6f944482c7c89696df062661b7532ca651161c197cdc2e8c7d927118da05e1ac66956076550bbd1dc4f96eb92f528631e1b2a00246156b5a38a8268684894821bc5cf0d11b51dfdfc875297f240933940ccf408c0aa8e4ec10ab06665a2b4643a5f2618f3e1a49875d29b8bbe90baeeabf024a0a64146f2f62910329acfd80fbe67a4497a0f84e0574e988f175313f1cb1bf724295e7f8af2f425d5937c7f01106ea3f219b7ef7756f7ba1ad92a6eb28cf1b66ec4e5b99f50b31d2ea1856baa4db9750738aa44c14a6a3ca84f0e39631913d14e682167cababa3ae6f8d68a8c8d27fc2cd385442cbe4e160040b449fe0b9cc9e3306ca82f6a5bdd256e72d8daae2a52be164ab1d4449f93d8d18dc97a315f751d54f13996de2aaeb66929243f79183f653af3e8360c33fa196470dbe02193e31bf1f1d8744dfd89f643da012969e12d41035f873df150b371d41b4536c8810e02229dfb8618960f3c69f53ba2bba55f1c4e3b68c53136c694c8935a8f95bda1fce31ca511fd2b85760e4206b72abb11fd95c2023a4efd9f5b00cd564f2cbc24a5cbeaf9e4f8acb321d94fdbbd60f51e7249bba0c7f8b8ba3cf64fe4ee89c61a0020e3c437b2f25d70aa71e35e912c5534a2818444f36d24171b25f6a327c8ebeb4d0b6ff2441c0b2e46f7023736eaacb427379db2f774ad52f58be30ed36401d117d90d4ea26d8223e5b9c00ca8332526df2726a8bae6015ee2f4dcb0ba53010a42a22487281a2c4bf02cd95341d0a9589ee423867875adcf35e162209679d9ef4cd7a03727e27475ad7efde2b8b5cb4dce8b8030ab8d3809f203915970fa7b0af0b5dc7d61fdd6ec94ac641b300dc93a7fab0669777afd2ab19cbfa1b31d67f7e911242f9f5947543527ae20f9ebc4064c9fed81619416186b37a624d355bc365eeb78a6c4d06507a4944f7214fbc9355ae8e7f56c4a44a6616c881c8a55fedf1dd80962d2a81e1fdfabb41f4eafde0ee1c57c39094e7e1b01655f8f4eb6cdfb76e9737a6d039fbee7f435b50bcc1265fbd1ebc741dcac22815ae8cd522e0fd613a6c190a61c4940ce748df47c77561a88065163465d885c4e536b4cfd5ea1e90b98c6765bd814a2e34e9f29692f5b3ab487646ff165c37b5a2a90f266131e127a06aedd40b35ca5a6c06eef4792a6ac7491035e853ee2b529f67c097f8299fcba77bbea8c89b3a77bcbdd3f84c3b89155a189201cf4d5a8795d26957ba52a1e2cb842e59325316654d5db39b9f383a1ead24731629973acc41107cfb4dc06b6f725143b7feb8b5af36c610f060096bf95e6286af777423a23e9ca18f323feecd3556f008c7b86ad9b9d0e44c2e9714d1a859d3b98993de6b3393a49dcefacc22a86d779658fc48c5d071c894a60b462be7923c1780d5ea08b3e4362713071dd4ff4b6e474f4fd86725d1849c371a15891b46eba486159408fb36216ba967877fe4d3e0355a3ce33ce32b1fd795293446a90dcbae380f02fc8daf2c7f2541ba8452379a88cfc9309735c61c6dd13c7454917b8a551ed0551318ace42534864bd8682e0a6cc0861c86eea03253da4a97823e01f75d08de7969b577b979385cdfb347929b23b4940c6d553b1686524fdc9024f3fbb5a40f56748b6f572b292e3cf798b096e13d70e212bc2f4bf857f2ad4417756bfc8b8f47d5d84c6d20a810b867472638967cd64d6e68704fb25bd5e7d98dabee67b89a638495b3ec26129e15a5e3eb53c94e0ed730d61593435a1f6f9621808380d7ca730c4042cefde0796124d361fe892de150334dbb0575e3b66ccc537ea222fb89a5ff2fb79a29fc150be309b164062668038eb43d2b1c699a5593c7a874851d4bfcf982dc100b3464e092ede0b4abd833fd723fe8ffd9304b9167a31ebba85381f15645c2ab4f4ece9dbec0ba85fc29b2ed4c5be7e4abaaa62edc4d8e526045465b01bda360183df8eb510ea577b4ee430cbe53a81e4c6eec0818299e81a18fec59af06546187b843778cfb12d806eb6e59c27b6a63d05583f58617cea8fadf58c3817a8cc73421e7be54bfc62e2487c5f6f483ac34a95c3126028fe93807e3d76de340d1d7fa050db8a36dbbf520caceffa0e2594f7b6e4cbcb2ca66f18d5078db18414310e113c57ee1f7653882399d69b9d251332f075c62cf876a11660d41838ecfff4a47a5c2739223437779eb56636fc013f3b8c100e6b44cdd6aed9a04d3471268dafa1725bcfe013f4ecd716601dd7b4b70c6168a80c8252a084581c23cb156761012e04e1090a31165faf83be91727ca5ee2696447b8f5bc5f0c01bdcbe8728d438e13222603a03db3bcad28733e2cdd7af541624f945eda43bfc3e14f9a6d7027339e29706a5fc417516ac0838f7522c232b43ca809088577f6e74071626f5f9fa856916c5da4123b6980fbdfb221bcd0a18eb979fc56b7232703012fac7c3d257d062be47da51b1cec9bf034b31e57683a49e1addda75961992021337b00497468a99b44456361482efe428b87478d4b78d3b11996675361c401716331f63f81eb3fcfb3b9f5c0008e4c4abffc0f1fa1961d8dabf13e11bb30044eeaf913ac3a1646d6b6da9f90a6a8fc6135b96cb5ac251976cbde8e94c02687f46252103a49613f77af642a23a33626d1f58a6c6bec03c94d1a640f55445184ae2b18ceb1e44af76547416a59c28574154c70259da9bd1868c5fdbc24b2d0f89a12061a3cd8bf5a22053d8513861be3b1638f835d59577f3f8113890b7c6ad36c16c942207210f151eb68b38e7191b9c48cdd5a53fb4a4e856db9dbf68270bfebfd9d5581c51eaa7a1a8891de7c116a1fcf73548a8994590e441e0c36cc9cd8e59f4b177fdf208db16e98f08f605cf789e3aee57419d9fcaf116c141c6c2787c1c406041ec17d609205d96c8587e989f875e6ee3ad8de1c65c243a32dc7f455ba2df0dde719b6a3c63109ad233275ff03ffcd425327986303898131912e0721c789870c7d96bffa8868b343c716f9b3e1ae34b3536940bd924736de4b99a077ba60b589b6a391d63cef3db786cf2fb7e80deb2cc27aa55bee19942ec5476c8a475c5ee8f097b0e2d566c73cfaf234470a678d519af2ef39eaea2a578d5917ee2062c9f5a36039a58fc03424ef066496cc733e83a102db75490ad125028a835f75acff6aade20e6c74891de79fb32f99332a1a6ac0870670fa0e7962d58e3002b9ba2cf37bce17bdc96893d22388275d5c75146de9b2935d25ca671e6876479d78fc530e851c606b68fcb57e4f75ed136783e5c2e4c04036da8e6c809fbc9afab9a4f22413a7def9f0e3676eb01a63e49a6d4c583621639841a3e8631ecc5297328f0006c6cbd133b748fce289c02c49bd4ed11447f67a71042ed016a58b187b1723a474353ea910715c3d06dec9d5fb37a67fd53b5cb12f723e1d4f62b6d37e92d1119756e8c18c02b8b934d57e33ddc000b9148525a137aeb3e56bfd117a38b95c77c79afc2266e94f145e0ac38fe9d3aadf25e1a73986bff3cf8969308b12c1e541f077fc0a30cc9a752ae797fe989be5c29d045b0a77326235429a70abb9bb393457438fe1287627938cf8f161f166393d8a4cd33d473eecf1af4e8e6b937425b734dffaa3e5489e8de5900a200c1a5646b6f9cf6ae5d912d8bbf0c025c90104d97787f36aba4153103b0ca126baba3d098cadb800ed4e0effae2b5cf35983d584cc3766af24f6ea9467c36bc3ec8ae174742090c87045135d094ea157ee0db352ffd5c5570c76dd8b55ae8f1510f10e11df4d034b1ed2c4ff6aded32f8029288456eee1f087608beb4071e8b5e77e602364beff4bc51593fa5a52dcaffb57470d36bb451039a051f7ac72f6d56bd6ee0fdb20ebb9c4ae201d5fe7bb4b3a5a993485d9837d7665edbb464898e86310ad02146b1d47e85a60b94a72441245f4facec324c53ddfde099f3034ceb7b621488acf5a32b9cc12a07f20e600df8254302ed0fa8678cd176311d0b5b3252806a2a95847ab7ffcf029b39060136995a919c0e499083bdf7ef6fa686f105968e32b6fa9fe9e7454c8bab5f5b94cb3d064e730854ac565ca45d1e1132642ba5fce98336e7ecac3c4ef5df90cde0af93cd8ede00980810c216d0a81ac8f3bb4cf71e37647b015fc218ae36e1b023989deb5e32225771c0d3bf24a23bf8542b7b9fd6580ca88427a423b48eefa0cd48fe8667e66ea208022f30e1286742a7f165d4a386b552d25b624587078ad379b61ec9f7b623509d9fc2b20eb26fc29cda672e0ca6e6fd29aa2efa4733d1e0d2c177b44323468fd3ca95aa113959ec8a611e", @ANYBLOB="f53e8d5fcdc93c3658c51bef76102a90025cb8c99931b26fe89e465fab33d23660078241d28c0d6fc8b1140c5e71d58a3215441ec3c8775549b286eac058b7ba6d54f938f7e31b43994e91ada14a22772a329efc6fa8c6c47aee72b3e1a0992718d58881ca4b747812fa181e62e7585dd136922b00c636d4389170e0713931f94e9d8eb76e54445b6826cb4f4b5c44b5b0e4b2ad04d74ab1e6acc28e4440bbf6fcfdd77f94b4ae1e84f0c789c4b8f8221b8212767712cdfb0b265c0b10ad9eaf2878ae90078066b1bc515826d1410ad38311a74323cf1e3d6173c5cac62eaa14aaf4844e8def01045f5cf494dcfab65214d41d322136b9fc3aef6b30385eb6796f36838f1beee9b7df86b6891793943e4da99090f9d3e8b7fe883272ade5f12743101754147b33886d6352fa0455c61b93f93f5aa73167c2d4513f9a3e6941f6d0e4e9c3a469d40bfc6ef4aa490f05a3ecb9a7d735d77c0e46e5390c0fb5d2ce6dcd5d3bbd9aafb8d2dafc6ad925a28737c03c1452417c91846e2c6b9ecc12eee24ced91fb02616fdb3ac70a3b02d54042de204bae5dc3ebe25a2c61de7e133e5599ccf8fa9083a90d7b77009492b3c44ba9543424f2d2bf50e91c6c86ad3c2e09082e4fc46df25dc9ebd5f0d89f8b9e47318871a7d729817ab00ca41df0786e4f84716a5cd105ffee850b62b62560cc6c1cb5580db1913dfcb3887034b252c2fa99fcc155d6c5a89d08386ab79f44251c7839b3c0fc1650f987781b5ebb1949902004f2d580da738b773e513ba59b1577e0b0da06232ea34a0a3db92810fbac18bca36d54ef6539a3a612b74f818c8885a3ae7e6eb6a32df786cf12cfb4f1fae1791975a0720ed5d362d5af1d3a46d52b2597f76c700a98561839a79eac5b038fba010fa060b14442987b8bdc74564403266ab1597257ab2261258862f2bc42943c17182fcaa15c397407ceab00f63e70f3963ca1c054fd98802f59a02ebacb99d32a1e80996be5b969077e54de0b0d649b342f15fb412bef39cc472a0a98da3bd6e9f6c5eb3391a745ff580062a6295302327542a683ecacb0134fa3721b5dca449c490cbcd0152ec43d4c292cd56e450c0f73d422d1d0cff9134818554e6d9dcb08403326aed3a251ad4a5c688e9c5b386327c2f3be3be65042057fe6ba4509fb2f3dc908278eff3f9f1ab3df62108135eec5a40eeba0290ed74b1506fbfcbe0933c96d576d82b3ae10e6a563f23ea4720a1248892a0c5d05d483950e618ae6437aac73a0f978fba9133efc64c7eefcce14a941082285968233baf41e6b2728ecea0e1b2d7e5419160c6e976795a9fc3c134defacd8e842728117837ecf630ccd2e54d6507826d894eb097e42b6f18cd6e87d60fc2aef54e6d4a64b66ccee59522d3032776b1c65b743074aff4adbb95c22975489d615ebd4a7ded614a0fbc31ffa2c05c550906823b1a8e2573667071e79c13cdf7b21fe4a30c3fa655bde76735cd4e1c6809abba5eaece8a4f4969f263caf175da72983aff6cb3ad5d7dd21cca2bff9c7f3acc1f1b3f82ae0b32662be543cef5a46244288b0d3cd06a25ca97ef6449b69b788a861798eeb5a2b1774f8bcf3c684a867092cc96ea1bfad835ea964e09323fcb5849c5610283023d86b961d81cfa143448239623b4ef811e0aba03b6998a641c52ca93a823b81a6f1cbd66b58c5bf5a76dae928dc238962772315b1b3bffd82ac4a18229e51ca53fa88a3c59bc4e1e8cf3f123c89b5d94645ac8ee688dd11416d87cf72b01aa1abd014c40486a38a238d7e8a3fa6fa0642df17d0745162f5e5108af3a253decd5210ef595c9bed59c3e810977d51d79c23d03a323df95aa7c4358a05c884a20673c07aaba372cf22f16fd388ec14f6807e2f6c881c019b4bee4f6e8307f72ee1fe2bdf5341e4667cb4a05cd540566a463e7d6bfe0860f8c07074e97fd4d900a274e769b9f1cb666c3a8682bca991e439c8c9e27c38f01a75584ab8b77626d7305c08bbc1d126d4515fe206c6a2d6f6e2762dd49ad3e789f73043842153161bb10992159a65e07784466ad403f44f88367d65fafea0d9b032410e24ebcfce4015c706e92e28fa3cea0ae0b11e9bb8adb254393d024f383cbe59e478525039ed7dc84313c0382891ff97d8f0ba8967ce85c9d3bdffd31fb421de3ca38bf9d70e8fb03f1b2a1d64fe3add28830b0a26d2ae305ede1ead33ec66809c7dfba0fb948d8eb0a622af9df58597181c5eac13eb6ff4cc12a7dbd5e93b3f5727178f3614415c378c8f20718a7261da241661de0bceddc14ada8047aab60d1cc40e7e23ada0ad469be4c0443f74e16ebe1943cf3e5b81ea5bc68dd291e707f62b6da89235d8d067f01f2c504dc19edbfaaf83b1fbaf0e7dd45e81caeec7fd20d3b9beccb7a909d8ec28d7c342d01b72cb34f4201cbd0eb2100cde014a2e0defcb4e91dfaab44ef25db7f2675e58994b3aee5a718eed9926af4e0ebc1d399f8e7c082ec4e8d18bbfd05b831ed97f02db1ddb8e9f31fe5d74e34f2ad0cfd2c5c3822a3dc5e9757695aa285798de0f98b825cc671c607007d454ccdedd6280e62840a6aa5bf026a9b801a3ba7214d535bfaeb98556d5dad23b3e8dab8caf37f31ee88e0fc6b5963f0991162e7e5f0cc8bee166bd8a3d5720730701e182667082ebcdc76940ab5ddfcc1ba7766ea16d9e1eb4415f55c0d170e878d8dd1aec04aa6c74879ee6d5b11bfc96fe385cf58356da7e17829f12b4083def0d21c79b3c110d5f01a6b192fadaeed11643e746a3685af5140f2912f62675d7f489d083b24404f2a00df5c391a5786b02d7456e84b490ab75e07619727e316f96a80cdcb6a35203b11431a2eaf655e88075e20d7c1ba5551fdf25a75fff5f5aa3420d1509c386fd71f1aa503a91720e492fa155153d9ac6777ac5fb67db71944b0208ca201ebda4f59aa8322877f0027cc61ac76c609847dc5e570e4560e7bb51dcf6306dbaae12fff272d39d1ee6fc76b53c8c4610e3d971f6dd4c7f6afc086436e29f3d496c4adb3ecb1aee963b9e2465dfbc449905f6d7ed3cefdbbbbeebc8da63d421091c1a553df3e34e81170b2776d3a0831cc6cb209a8955c97e2da471d4229735da7ef20e4e97e06feb95cc107eac39fc163623c1e0b1806fbc25c9525eed9d54c02c687338bdcac03cc2599739c8446421031e36704c50447c003ef9d5692c757adffe5307154eeada6e509be6f5ce7a929d01866210e1b067cab3694b64aa0b9cef5f13eb97ceb038eb88316785dd317c8ebaf2920e675eeda27fed4a79d0620509e85857257a4a59382886b26060646b58abfe672995cc4f263f1039e35466fbdda176a04729990530423e70b6753249d789a19f2371301101352647840f5109920e1636df53c214142560fc14f138f66f38b2f79f3c21c2eb077c02c85fa36cdaaba033de629894bd62a53aee3909e1b8d59fab12ceb689c0a4b6b4260b93a20455dae7502095d21044d2ef332f60f3bce5af988cef00e2f396ad92e41dbce8e4fd8d028c0e5f3cd7cc3fc0ff5b3c72746dc8c8f88e3aa8b49a36b226ccefd1968abd1c45fe6c4012ff7756caec834ff8f780f21aca5727c97b71638232df88f19fa738f40abc9f39e1f7519107126691046e3dfe8df42610e01101ea3722366e2fc8e7559f0cd659a45633b8fe84f3b07fc8ce7097f87bc8cfd1928f1604b66e0ac0300a138b2137a7b4f346606f0c50fc809b47a628f95fd4854c86bf39b946487b4bf05e02a3204b64c89d9a4debd00989dc32462e34a8602868c7350ff59b65d35a2ac7b312c568ce97c935bf3cb3b609f84124c27f4f0f3e9b6b5cf3b8f4b8c8127fafec9c86375af3406c1b777c764cb733cf8a91db747ab58f7179cc3e97237bb27a853b8118fc8d4f29b6c1dfbcebc9f168ca1e27a0a6a3942165588ccaaabcac471052b3dc110a53a9e9b69cb72547710f7d9ae483d39aee00c60241064618d389b5ecf4d9fa1e9d7f4816abb38058b864c7e1688b3fe4efe6c73ecf053c2c07bec9b67fa819da464f592555a49f14389a1b0d155279c0602d7864f10486de1d5b7266cb63b6c66009a9a2b8f56cd011ba7b56d4a1f2199d52fc5f6b64e81769f8de1381903b0a2ab83cc87338da8ab24e4ba4230e96de98ff9f56d42861ae567c9f675d2f1288c92ba168a099ccfceff616da51d6a1b2eb30309ddd29565121db29f2c28e7ff4119da5cb419557ec83afc1eed1ac7ede039276ae8692ad2b0bf6e49fb73b718fa7c768e804f08fc2b7d33d7143fd1ac4ecf295906d80efca2c8afc8880ccdb95dc9e021d2e2c76bd8a62d1d0f76a903715e74cee0c769e766707e28ddeb77206c94ef382e7f19fd207d36ca882a16cde3b59672d1339b60c6717a09faea84c3e402c583cac97cd34bb41677e51b65a3fa73520efb012c1e512a4db2d0c8ca844ace37d715c72f7a1a874823be23dc738f840919b415f2d61dbce5ab437ccf38420afb98e63daa1e6a55e1eeef3939125424cefabf73b1f3029bf25a44979414edc1df350d59cf6d2464ef768362ec1a19fcde20f7360c9d60f7b174e8206c9e8125b3c81995ec49ef74ad488c748db05b44a57eb14bde0474a8653e13936741b78507e46b80f6fe072392a8c00dfa438c4b6bc034dd74ab98a6be602d91195e3f9ac2e4946777831eeee0a4c97be6746f1d056f7d6f63ef56d77fe5707515ed0a4315ec865582ed245f298bd01596c0278431b311a0a6d514c8d0fedc17f2fbb07f11b46e9ff03a7743236c73f554be160a585e50657547a7bcb941b5a63c0aee991ebbca6d55933f48f3ec0b1df27964473e5bf78a28aca2b5e617615dc5b64b841563d4ec2b8e5c6a2afc24077b0e26ae8ee8893a006a8a56e149e970d6dd7759b714450975058ca45cd3bf7c339a17c5581e4555c7a132db8b5c3ccecf522ab49709a05df31db918ad2ecf0741f673a0ebaa8e581762e97d65d5618025305bef012ca24ee479396962b76efcf140c1b18a7526e19bdc55d11a088bc12686d64661f5d9c1ad43ab0a14537d97ac3801329490c739dc89a0c17e1ccdb16b378e4969b988c2ee2c2a52e66cf03862f62631adfe55b138339c8299250f973e913cae02c1f22a9cd252589fe52ebdb431bae9d8188c6d8c92f3271bab6941bea287f63c3b3127c14dfdc4c9b8b86ea9bd695357ff733454bc13ad61c1d7724e6f1e538f5ccb11775929e9706e31882bb97bd1f6e6a7704ce20fd66425e6a8cb5f10ec3259a2061d4c2ea0ded6654f14d150d958b2157117c62fca573d9c8a007e685fac6de574cfe2388aff498019325ee633de4b2fa32410ca9ec3f09b8e3f94017f49c1d8387671b8cb5c551e9aa289651ad9b0a06441f7052bc3b74f0311ef1290e687def65eb03145579d7b67db4083b477593be66f1e4b6c7efc83ea362d5dc50abe26a383cbfe5e1a0a915b61c67c33b82af556c762d48f810a00577a1a8b2e16197f4caf3f672f3b692309dabaeca86e479f76c6357900b8cd86481be3cc8dde6c8ff3f0ab81e3cbe5175fb61dbf9d65a99aa50728156daa3a3dce4bb3f07f4fde550611791b4d3941e77e4265e34006a10d71e68c120ad85c763473ec388d96658697aac4252332e82b3b66d159693a92cf275db508d7f2847c915a036a6f85232f7b14471f23b6624b9ef364c596bb93f81e2172981e9260a745cf7dd2fba7b3274b21807af59ae7f8069c56429057d30be89300d8aa1535c5f57829d31c2f1eba1579ce9b61ff73237"], @ANYBLOB="47abf3bed9697818bbca1845c3aba06051abe17b73ef41836e88b4df3c5e0a9de496f99164e066d3964238b8ab68bcdb58d506a69e9cff0cc3736e006f1a84bdc05a34d0b0b2905107137b72a5990b1014eae48194cca713f8d64365522802d26611e95a66c7da17cf0009996828744671946ee6c78d1217afbdaaa7290c461e5ae6d959f8d49ae0bb46238d9160f7f03f60208cb9a4438d4b1f00", @ANYRES64, @ANYBLOB="600a612d3133aadeb40ceac29d9ddfed785947bca90654b89d290aaf3264eb356c26f0857743727f480f59dd489fe01c844f386b56f675b6c187cd3e8c30f4b5fd9e24f23742d2166ef1b7190c365ad4274ea09e91924b1a1a7708a84eac6c8f33bde449fd1eba998f29f9bfd23f1058950e8a4b0bd88c00c7af6219d9e999049e355ddbadb4fceb6fae916dc3369f219181b47c18ccfcf3885c942263d4fe0d88f3df0debbd0d52c9fee85f318e0cadcc29d723359bb5a4a681ea31f05aa146578a7da3e785b05ddbe89e8109b5fede2212f45392a287bff96fa91e50858f3781f444c4523dba5b0fc05db0", @ANYRES32=r1, @ANYBLOB="ce23ecca0dd371d8542b3d0ec27724da17f91cfcd399d8f764f261e32bc947d3616d3bebc81b725d5fbeff78d8c3d3f2f10c1b88aa9241cde793eda4f32a6a0b40e78fd42652dc2dd0c26efe141cee5f0f89beb89563464f3086caf37c8e64f68e6ce48525499c746ad07a4cf068d17a92136de3d99a43bfd2bdeee31388"]], 0x7) close(r0) [ 114.587911] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 114.595159] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 114.602406] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 114.609667] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000005 2018/03/31 10:51:11 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x0, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:11 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) gettid() perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:11 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) open(&(0x7f0000000000)='./file1\x00', 0x400001, 0x52) 2018/03/31 10:51:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:11 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:11 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:11 executing program 6 (fault-call:10 fault-nth:6): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:11 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create1(0x0) r5 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) r6 = mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000ae0000)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r7 = dup2(r5, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 114.663779] xprt_adjust_timeout: rq_timeout = 0! [ 114.696757] FAULT_INJECTION: forcing a failure. [ 114.696757] name failslab, interval 1, probability 0, space 0, times 0 [ 114.708328] CPU: 1 PID: 9180 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 114.715431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.724787] Call Trace: [ 114.727392] dump_stack+0x194/0x24d [ 114.731032] ? arch_local_irq_restore+0x53/0x53 [ 114.735730] should_fail+0x8c0/0xa40 [ 114.739465] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 114.744565] ? do_raw_spin_trylock+0x190/0x190 [ 114.749142] ? unregister_sysctl_table+0x1a0/0x1a0 [ 114.754077] ? rcu_read_lock_sched_held+0x108/0x120 [ 114.759090] ? find_held_lock+0x35/0x1d0 [ 114.763157] ? check_same_owner+0x320/0x320 [ 114.767462] ? userns_put+0x90/0x90 [ 114.771068] ? rcu_note_context_switch+0x710/0x710 [ 114.775981] ? security_prepare_creds+0x89/0xb0 [ 114.780640] should_failslab+0xec/0x120 [ 114.784596] kmem_cache_alloc+0x47/0x760 [ 114.788636] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 114.793637] ? key_put+0x28/0x80 [ 114.796988] __delayacct_tsk_init+0x20/0x80 [ 114.801293] copy_process.part.38+0x1ccf/0x4bd0 [ 114.805948] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.811118] ? __lock_is_held+0xb6/0x140 [ 114.815165] ? __cleanup_sighand+0x40/0x40 [ 114.819394] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.824568] ? __lock_acquire+0x664/0x3e00 [ 114.828788] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.833966] ? environ_open+0x80/0x80 [ 114.837763] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 114.842937] ? __lock_acquire+0x664/0x3e00 [ 114.847156] ? mntput_no_expire+0x130/0xa90 [ 114.851464] ? print_irqtrace_events+0x270/0x270 [ 114.856203] ? trace_hardirqs_off+0x10/0x10 [ 114.860513] ? lock_acquire+0x1d5/0x580 [ 114.864467] ? trace_hardirqs_off+0x10/0x10 [ 114.868767] ? __fdget_pos+0x12b/0x190 [ 114.872640] ? trace_hardirqs_off+0x10/0x10 [ 114.876944] ? __lock_acquire+0x664/0x3e00 [ 114.881157] ? check_same_owner+0x320/0x320 [ 114.885465] ? find_held_lock+0x35/0x1d0 [ 114.889514] ? trace_hardirqs_off+0x10/0x10 [ 114.893817] ? _parse_integer+0xe9/0x140 [ 114.897869] ? trace_hardirqs_off+0x10/0x10 [ 114.902181] ? _parse_integer+0x140/0x140 [ 114.906308] ? check_same_owner+0x320/0x320 [ 114.910617] ? trace_hardirqs_off+0x10/0x10 [ 114.914924] ? get_pid_task+0x93/0x140 [ 114.918792] ? lock_downgrade+0x980/0x980 [ 114.922929] ? find_held_lock+0x35/0x1d0 [ 114.926980] ? __f_unlock_pos+0x19/0x20 [ 114.930937] ? lock_downgrade+0x980/0x980 [ 114.935065] ? get_pid_task+0xbc/0x140 [ 114.938936] ? proc_fail_nth_write+0x9b/0x1d0 [ 114.943411] ? map_files_get_link+0x3a0/0x3a0 [ 114.947910] ? handle_mm_fault+0x35b/0xb10 [ 114.952139] _do_fork+0x1f7/0xf70 [ 114.955593] ? fork_idle+0x2d0/0x2d0 [ 114.959300] ? wait_for_completion+0x770/0x770 [ 114.963876] ? __lock_is_held+0xb6/0x140 [ 114.967937] ? __sb_end_write+0xa0/0xd0 [ 114.971900] ? fput+0xd2/0x140 [ 114.975080] ? SyS_write+0x184/0x220 [ 114.978778] ? SyS_read+0x220/0x220 [ 114.982392] SyS_clone+0x37/0x50 [ 114.985739] ? sys_vfork+0x30/0x30 [ 114.989260] do_syscall_64+0x281/0x940 [ 114.993132] ? vmalloc_sync_all+0x30/0x30 [ 114.997260] ? _raw_spin_unlock_irq+0x27/0x70 [ 115.001741] ? finish_task_switch+0x1c1/0x7e0 [ 115.006219] ? syscall_return_slowpath+0x550/0x550 [ 115.011130] ? syscall_return_slowpath+0x2ac/0x550 [ 115.016046] ? prepare_exit_to_usermode+0x350/0x350 [ 115.021052] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 115.026405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.031233] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 115.036404] RIP: 0033:0x454e79 [ 115.039573] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 2018/03/31 10:51:11 executing program 6 (fault-call:10 fault-nth:7): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:11 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="270fb1720648d98694dcb8f47ae57230d07adf816487a7c372c131208904295359c0e7b18daeb4716fbfc7aedd91baf3f13905f09229091fe58fc8dbe01352e2741ba35834f8751d02312855860c60e70d879be361524a7ecf7ec0cdcba3897554348b2f80b33dd1204ee47ded364d23ad5ca56ee4a02ff4aadc3d498df4344a3db3a139284752bbc9240bc6873245ea6d32b9ba7e1f3237683de8f6f3da0cfeda03c30314826f8f6d766abf31b95f3e753d7b18b4cd4c03b463b8f3d6e9b75487f09127c216c33931345e1108b067c54aaf8d239967258102a4f2f136a9244f39780c671f6dc1d8bb2dd395528f2510b9fbbaa302a2d9c395b72c46086b86c468e30ba01461dc2a9dfb373a49315dc216c8ad43055163f4fe9c8507a0e775a5edb5c3dc9f1e2037ed6b81035f9a5dbf61e30bf38919af7b21d1d9a197779559294f14b3a58f1478cd77fc8b117f35e4642997bb2530ebfe7997538c29851ae8dbed9586a16fa4147db8def15bd751559e2b57c1cb3558e3530b80d4d88f7ca5ad2aff8cf494fe0add485e46fe8bd2565c320734dcb0074b2b72425c4b176ac7deb2f70cf7397b41f8c5ee07c2a7d40cba58d1e6f0de90430145ca95fc3f7cd6624f557434b0a1e5dbabc8aa55b915809c5a51ff63addfdeab8f931c1181892a983ca19a3e2112b8c2cf8b86dfdb9c4eb944b9f3f6f49413b5e9fe950451a442ff180b4462ba383c0ae5e7b210fbe715285f727884998626c6116608b49522c593915ac0b1e82bfd37bd6e42f583fafd2bdd91bd1e30cbf52c3a1d300deb04200faeef39168a279969dba950725d4053729221a379613a5896fb8ad314ab475df3169b9d04feb780db328bcd729bb5eb62ba6ef90e483316d5afd867f6852aaa1686dce46f7fa7c7a21bb95e6593826edeb21b91b6feb3e49aa6243e5a516e4772ff8a3c2c51ce097d53c7c969abfe784f7a96585e42b84ac0b892b9aa4b1c28404687519a2db0b191e5c3b8cc4a63293208be391564a54bc119f5559e890352343e947a47b668a903b7551a4f576bf75d52f720ba70597af6abc67e61ebda76527c48ce766684018a1fa82f4f638f1a7f7a30bf11aebeeca0c2d9be9cc7506f05ba87348f48d3b85a25236eb81b5b6c7521b4f428d6692ea229aea5ec1ad233763844b02be008872300d070c033fbbd1cca52f1dbef4dbd509522b1bbf822a9377d323504558bd854ce36d304716d5e25a15aa0ef68f3b51c60392bb5e741a3a025970e172f80208256b2380253458c8e217965fe1efbc9997bbc50d5fbecabbef365c020ca76805b973235bd9035d3700abbb06d185048a1d1e0f14e8493d965e40037c7035635029eaaee90fba1bb5498075387f21004bc12ba9c4749ef10543295b3cd136f82941f60f4e171df60843b72702a4e01941b4514a031ba1e4aa9545eef5a35b2513fe4b2892635f894cf236338ad06a9854755b5a56fcb3af269d5ef656fb2949a98696c2e78b148ecc957b9eae26e277f47ed4134f04146f4a917bbf3153a8f2cfe2eb08e8088688c782f2c3ba4c0f3bd702195d4c16575fbd5270eb4ac132c57a3374832ada20e4a08a9f5b7cf8a7b52eabbd6ea69273701ef80610b891b662a728ba32fafafe46d8132e3b63ee224ac5aa087c0230674543b7d5a90f026b865a443cb2eae164e5e3edf96df215b230d7ce66b46e005ed29e90ba8bfae24982b7a2c9f528c046ff694d4dd0e7ffa1a2be4da06a074bba6b742317c77d22fbab3207571202fc9b8cdc36fc34bb180f70a29b85ebb4550b8525f0f779fc1f8587fe7e30e7d4b30326ec43fadbd31127f7309d29d5dd5425e38db5775fd665eb73b6b0b0d81efd2f56dfb280e04ca15fe56b48dbf0bb77c047d2a5ed100a04b172a369d08918c5c38a446a03775646eb485d7c4ad11795bffba08c1fea2a128c17edd1950e538517ff57506e720636a00cc1a7cf5e4fafe1214048fdd84ffa242d5770e2a8e06c593ac22a47489e1f349085421308f4a81e35aa5c5e20f96476947ad2b1047f31fc4911f8d6f367f3ee408fac6f48627d0bf86dc70149a34ad3477dbb2ba70b84e6312ca43ac9828a2dab58bb4585439cea8101b2ce2f53dff1b9c82971209f4b94735d9bb967b96cef8532fddc6471b1b7576c1282fe416270153a25bed1b4b7b23285d1abfe5b71140f950c8d45d01df0a9752c57674c088478212b3c02d5976feb3d1e3aafdf07663744d26a754cbdee2499f90dbdb17399892761582a07c97dc88b99dcefb4fa2df336f4b3d3a4baaa6e2f9a48f91aa17bff4698a4ed34771f0cede6cf9aca84aae09d392bebfb07344e8ca646c57d3f704983586aa6d9543eadc6bbd79bff326218ac3b9421acf4db93cc3de9789c4711f473704afb118b30d5b8ad10087cf8a04da6843ffd1ac691a99b92d421b4aab96884043f9a229361ac72fd228e325b0ff1e33b19d2497ef4f53922b4e35b38ecc4d402ee407031e3b2942ffe221d862ac763c0958360f690e82b2344c87a14e339d96fa0c745e6a79b3555707514039357d390da2ce2138a40c3305d96e09503dbb26ef1a616171d59f6b30d3f66fdbb42c5c195435e8002e40e44d5a7c2cab2a83e9bf47d71e83aca5b863dc8c5c0f44c14bd4d0c7f034e93b98313c90f4a821c7167ec8896b7d196b22a661c1a32a8ac9c706e72316a6aacb25546a5f0a60851a15e014ad91a6e03f11d968366cd24db826f49262ea99c0153a3cbe1a0a0b505827cc4acf7608f2ffddfb53fbf879f6f70ce415290d176d161c8973a1b09108e1f3b82838222c5f8fa0a04ea5854a77b0043627f4a03c4a1f570c5727866886772d5d3fa4e92b9c71f707b53029fc97206e71bd2e89e678e0ee250f796842a95aa14c514b55d4fa2d10226acbc685562e648b8133451df0562469f23cfe74b1102ff47d5a1c854b6e50e09e0210e305c8707e43532f0981f1cb4e2611f68a7736c46f2248ee303508fc7bc8f14b24ff5961b00663f294f96dcee847f2b45d62e61c38f01c43145d46555816f3a235a1728febdbca6875156b31991b2249ebac9d7c8734409a14597bafcf515bd66dd4d341bd34df8c74ef7fcfecb480700464c3cda8950ef9c62279b209380dbce93fc0a3640695791deaeba46c8dfe12b86d5f815ab85d9bfde64c8316351cec5f9bdb73b278d9ab661529f40cf7229d8ae3ad37afa4bc388b18b5dcd0cc4a4ea7f249306f770ff2a367604f8e907aa14944ce251e23d6e1974203b2efadde036c1c129da11efeb4706eb45b523db4775c0d97715e2eab6a5fe51f284c4d17ecfe93e4c1cd18154a6bd8de9a9e155190dd3146f6548547716a32c4f0ae6ffe73a301b4401ca632b2fdb2e83c48026a3f7ec295536d2564cd6c474ec5d63a882be9da9cf4be071154e720914c2fc71f44dff0c861a94c3d3c3e14819c048f8bfdfd1809b6d1bc1c41c8553dc90a4c7d0600f1be92889453623919a8e3ab78108fb5c5af989e708643e301bbaaef992cb5deb0563f6cee721392890c91052d30299d813466697dce0346c80ba0ed76407d7179b0bc8860097f8ba526025d4363f4ea4309a2c9118e56f8a152f29bead7569f0019167b3fed17e4a2455ca38a89f3984050b23b4830ed4fad5e8d26915d700c4e10cac5d9412a13000e54aaf7c3ffef0c12cd9852cee7b47e3d2c7f74d37f7275c04101710240e7dccfe550cf3f4e27fe9fb7b4830e2dea4b21e90027d8411dfea2019167fc06ad2bc20aa713c8f096ac2621d5a16a82bec26cb8b71239fdddf90a9072192396a0567071ea31d80349a76046a5fd7c47bd2fdfd0c31686167434dc79d81aab4d76d051b892fb97a2055a526f99eb86e75ba7e8902a9d2d6ef19be2e888bab39aa02a5614c1e23c61575040411b3756e728febaa5ad27771cd63afebc9aaa17e35cc278dbf2484dad5244ba6df067ec7d6e0b7512b7ddb46759ae11b238d70b547972545b2aa9a7c09560a47e1d10b80a02d046b1e9a29d4161f7c2aa6a98e32dd49c3175c2427dbc0be8c2c3429e85a73f3df41b4bcc944ee29c43c271558a5aff695b0df9cac27b72bca630b81163a5a8472c5e76ca718892f623beda8a65a56feefd1196de2b455d2f9b431f8f1c6c74618615485c8a25fd2d1d844f800bca68deeab806cfff3790c1bbd7a987638f6f7ef10f873cc1b5348f9eb5ccec6fe77982208e40c1892a172974f81f0acca9ff5e0c99bbfc3a15659baebf94feb9f32eaa6cbecbb3c916488e8fa1f09a0f9bbb317686dbe0261b5220b1e98e587395fcaa9bbe3538257434dff0cf79b6ebe0389a8b82286f4e4e9f11d7430243c9269717ee218bc86d692d0947b023be1bee55341d43f5575f8571eb9f116c8f244b930e614cdf1acb3ac2955d2b28399b29f6df3c1eec02c0ef36bba44a234c1d114d6540515fafc07f92ec3f0dd400ac83fb525cf6f8d021627c8bd3216fa6294848eda4d0e8ffbd09c8e2a95e060b78b453ce7b24a2f44e37936efa611d60ba306c82b5310c0c5b793210fbb5d71e67bf48a50b6a2cd94f72ad5103bd49abc84b6c3e6442dfc68be9b4d4475239da1959329b6b20b51803a628b92a06601b107ad4c269b3ad84ecd1c28bbc8361fe8177b59a6224d104b0a610531f01bb1330aff22ca261b7b4e470c3b36657e70aa031c4dc7a5ed5bc4e9aa91158c9e9250461b089531e7dbf1254a8f280702e892a25cd80a819bfb8365f0510f1cf6ad759bb18ac49de2631b9b7d5b22dbb49c3774d4a4db40f745736a175c152f8d53f1cf7eb6ebb2e6639b01233f12995b110ca8c1cc377f82f1317192ea39f77e5df5425f64fae86a09f91b6c2210af03228b12b188e9f8d7286401f018a8d13f6e9384c5184443e6720b1591f56323dffa208f96e619e01fda15a3e1676d26d0b61786729a4b30434ef55c12f5482bccead507093989dda0c514e1ddfd79322dd9e80894830ac02ffe15d61d6c4fd49967d8884db5ad7b11038a9eaffdf100c046cc8ea56a05368f4d13b4068cc2bc8891fa3a02ee33c299e796a19006168324356f11ab3e46aba205ee765c31d0a78d3b6ce03c0bd230e1ab8d577ef56b2146ee77c59cf3a3f73cc88cf7fed95b1e269797314ed8e3224bf4d4d0bd7879bbb13bc5873f7e60ce94799cb6b816690ccafc01f559277f0e39eb58750230a342cd97b3661a30be403c09c7d44227553c23500cdaa5a1493a3deff2403a26232777f5674443a7adb7fa73ec003b45fb5b54d92132f2c8da33041270fe815c4a055891db3565eafb2fdb0be20ec2b5583a66db7e574b9859babd45551d24d0275f162f7f6995e376986daca5b17008836992d5653d458c4544ef74d18f1cfd0251aaa50aef407918be4bd6bb2dcfbfa95e72b6c2c1190610a80424343e9926c897574516a0fdf92261bef29631eed48b4a20d5db024b51f051fd22305101fed246b94e430a2c62971d09307899703acda1312ef5e32f4325e10777d2fe0d20c976cf59a29654090f0ead8a3bd10be3dde83c6b4ed1d4f7145e1a69633757dda2f7af1b321d0dee5956ea3b1093042a47a63b504a003e14c25a3bcf6fb82541445be9a8ebce556a3f3b9d597b6fab5cf1d7b3bf6a3bf92ee894fd6dee036c407578bf56a8aff9de7bc0a6af13a42d93f59526553aad019d6a7e211c7d84f90cacd6886c1dcdcc4680c3b4b650c14f358f2a81a13230e27fdc4db0c1ae95da28e9c2d8366a2a4599d02bc6fa8a73847010d25bcb2491c55a692"], 0x1) writev(r0, &(0x7f0000001440)=[{&(0x7f00000000c0)="c5c2fda87c6d326d3e4642f5806a92408ee7f855622104002f84dbd41c37bae81c69", 0x22}, {&(0x7f0000001180)="9edb81083df2887713b8de7fdbdab4d3489b52e2b3be98acfed4208b983a58497cba8e6343bdbe72277021d9b8cea102b92b65408dfcf79387530331bfb6e28e01f3b0267929f987f4b8e94a325e703d20bff22c8b76e81706f6ae380da3aa7489c8b20623a38d82518b3138936a9aa59fd8d1e9a24a629c55d3064b14bf1c778ecb5bc0f2425d4d0e6b32ce9bb54edbfeda677e8e0cfbc4e48d0269536c36f0570ceb3a7068ae7626cf71fe8f585d88037c6c1acd1e9ebc5843eabf9795ce32fdce43e37e90bdfde85797426f08a8cc08a34347a604d51ed575d5572e188ddb51ef3994c16a5275b3068b4f185e2034110247fdc85547cb2c1a98e893", 0xfd}, {&(0x7f0000000100)="bdaab11852192154acfa36e10b9611709d898299edba19ed830cfae44aacec6a16ddc8de96259c500435734872f6a819eb6f98aab7c761aa0627c97d7f8add", 0x3f}, {&(0x7f0000001280)="07d9fd89469d1be5b7f3e7e762627d0cffd287b7b0102ca56108cbd9a96552a29c31366f5c6b48f5ae72ec486273e43a6474a156c43361ca60d452e526b1b90beb817e671d17c73cccd0c4b96de59d010cfc6e0dc9228401c87121376f9f979a01a2965e7a1160100aa227912538c2dae310e282f16a1e7e94a10a68a24eeb4b1252534bfb03e2a614e33954499733b6ee0738351dc06afc563abceaed40227f73eab50a20f5959fec3efb96330addf5e88d3b9fa0d55eaa675b219f7227851e", 0xc0}, {&(0x7f0000001340)="0f62e725f7d568599efe8b37bcdcbf6620c1f9526856b91ff39455b367172f1207b197836bbbebac43881e02a2ad7b1c38769b98da652d8d960d34f3509658a205e8fe09572b71ba0a0c668232e5e20bda2d0e2271381c72db04506e5f1be881dac4a93988405e3f88a6b35e389b3def13e92df41747cacffe8583babc60f4f3d8e41382a6893b82ad0ab3c7b3733651c10b6314aa4f8fd00284704f739ff5bd23e736c3a979bab1bb5395dfdcb759f3ce22d563286606b8db3435cfad4ca2961705257eed6f0ac5da9ed23df48a24e33cf5955da038791b2e4e13650ec1814ac72a777b0e7968890958a03b", 0xec}], 0x5) r1 = dup(r0) ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000040)=0x5) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x90000, 0x0) [ 115.047264] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 115.054513] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 115.061768] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 115.069021] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 115.076277] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000006 [ 115.127146] xprt_adjust_timeout: rq_timeout = 0! [ 115.180675] FAULT_INJECTION: forcing a failure. [ 115.180675] name failslab, interval 1, probability 0, space 0, times 0 [ 115.192102] CPU: 1 PID: 9208 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 115.199214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.208574] Call Trace: [ 115.211171] dump_stack+0x194/0x24d [ 115.214801] ? arch_local_irq_restore+0x53/0x53 [ 115.219470] ? find_held_lock+0x35/0x1d0 [ 115.223533] should_fail+0x8c0/0xa40 [ 115.227242] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 115.232332] ? trace_event_raw_event_lock+0x340/0x340 [ 115.237510] ? perf_trace_lock+0xd6/0x900 [ 115.241646] ? find_held_lock+0x35/0x1d0 [ 115.245706] ? check_same_owner+0x320/0x320 [ 115.250014] ? debug_mutex_init+0x1c/0x60 [ 115.254153] ? rcu_note_context_switch+0x710/0x710 [ 115.259066] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 115.264086] should_failslab+0xec/0x120 [ 115.268051] kmem_cache_alloc+0x47/0x760 [ 115.272096] ? __mutex_init+0x1c7/0x2a0 [ 115.276054] ? SyS_membarrier+0x700/0x700 [ 115.280187] dup_fd+0x110/0xdf0 [ 115.283453] ? audit_alloc+0xdc/0x850 [ 115.287236] ? __fdget+0x20/0x20 [ 115.290589] ? perf_event_init_task+0x1ce/0x890 [ 115.295240] ? sched_fork+0x476/0xc10 [ 115.299035] ? ktime_get_with_offset+0x2c1/0x420 [ 115.303776] ? copy_semundo+0xb5/0x320 [ 115.307643] ? SyS_semop+0x30/0x30 [ 115.311170] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 115.316177] ? __lockdep_init_map+0xe4/0x650 [ 115.320571] ? security_task_alloc+0x81/0xb0 [ 115.324967] copy_process.part.38+0x20c4/0x4bd0 [ 115.329643] ? __cleanup_sighand+0x40/0x40 [ 115.333873] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 115.339048] ? __lock_acquire+0x664/0x3e00 [ 115.343265] ? perf_trace_lock+0x900/0x900 [ 115.347484] ? perf_trace_lock+0xd6/0x900 [ 115.351615] ? perf_trace_lock_acquire+0xe3/0x980 [ 115.356447] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 115.361626] ? perf_trace_lock+0xd6/0x900 [ 115.365758] ? perf_trace_lock_acquire+0xe3/0x980 [ 115.370585] ? trace_event_raw_event_lock+0x340/0x340 [ 115.375757] ? perf_trace_lock+0x900/0x900 [ 115.379986] ? lock_acquire+0x1d5/0x580 [ 115.383944] ? trace_hardirqs_off+0x10/0x10 [ 115.388249] ? perf_trace_lock+0xd6/0x900 [ 115.392468] ? perf_trace_lock_acquire+0xe3/0x980 [ 115.397301] ? perf_trace_lock+0x900/0x900 [ 115.401516] ? find_held_lock+0x35/0x1d0 [ 115.405568] ? perf_trace_lock+0xd6/0x900 [ 115.409702] ? trace_event_raw_event_lock+0x340/0x340 [ 115.414875] ? _parse_integer+0x140/0x140 [ 115.419034] ? trace_hardirqs_off+0x10/0x10 [ 115.423342] ? get_pid_task+0x93/0x140 [ 115.427213] ? perf_trace_lock+0xd6/0x900 [ 115.431343] ? find_held_lock+0x35/0x1d0 [ 115.435388] ? __f_unlock_pos+0x19/0x20 [ 115.439340] ? lock_downgrade+0x980/0x980 [ 115.443466] ? get_pid_task+0xbc/0x140 [ 115.447333] ? proc_fail_nth_write+0x9b/0x1d0 [ 115.451809] ? map_files_get_link+0x3a0/0x3a0 [ 115.456287] ? handle_mm_fault+0x35b/0xb10 [ 115.460506] _do_fork+0x1f7/0xf70 [ 115.463943] ? fork_idle+0x2d0/0x2d0 [ 115.467638] ? wait_for_completion+0x770/0x770 [ 115.472220] ? __sb_end_write+0xa0/0xd0 [ 115.476173] ? fput+0xd2/0x140 [ 115.479347] ? SyS_write+0x184/0x220 [ 115.483051] ? SyS_read+0x220/0x220 [ 115.486664] SyS_clone+0x37/0x50 [ 115.490015] ? sys_vfork+0x30/0x30 [ 115.493548] do_syscall_64+0x281/0x940 [ 115.497415] ? vmalloc_sync_all+0x30/0x30 [ 115.501548] ? _raw_spin_unlock_irq+0x27/0x70 [ 115.506034] ? finish_task_switch+0x1c1/0x7e0 [ 115.510514] ? syscall_return_slowpath+0x550/0x550 [ 115.515426] ? syscall_return_slowpath+0x2ac/0x550 [ 115.520338] ? prepare_exit_to_usermode+0x350/0x350 [ 115.525343] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 115.530693] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.535528] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 115.540698] RIP: 0033:0x454e79 [ 115.543883] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 115.551573] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 115.558827] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 115.566083] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 115.573334] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 115.580599] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000007 [ 115.628378] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:12 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x0, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:12 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000)=0xfffffffffffff801, 0x4) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) lseek(r2, 0x0, 0x3) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:12 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:12 executing program 4: syz_mount_image$bfs(&(0x7f0000000040)='bfs\x00', &(0x7f0000000080)='./file0\x00', 0x40, 0x2, &(0x7f0000000280)=[{&(0x7f0000000180)="02d3c7ab084f4c847ad959b0f8cfb0899b6607dc8085e25019531835945a69b9aa034a9e52b64f50ad5062639cfe7f6fba725aae", 0x34, 0x8}, {&(0x7f00000001c0)="0472a1abddf49db5b1f9e1ee0d8d6bb9ddaf6b552861989f9fce3e45d5834609a29d6fa540dd97fb5df44e62ce6c6efe7d7215c10be89d816e95dd97bc943b428a34931d7415631b8539867df94dba1341f42e9ca52cf99eab9f45be89ce53b90137e83788ba4d34da08a97ffa614277b764e6ed5c73717c75d3f863680b82858a65b9e88279e98f622b8e1d58d7d9f3013da7190a11c043eddb3887494d435caa004f8c49df0ba24b590c5d996d093ed59b33b1671bbeef57914dfc7dd6ea89", 0xc0, 0x5}], 0x40000, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)) r2 = dup2(r1, r0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000000c0)={0x0, 0x0, 0x7}) recvmsg$kcm(r2, &(0x7f0000000580)={&(0x7f00000002c0)=@can={0x0, 0x0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000340)=""/156, 0x9c}, {&(0x7f0000000400)=""/33, 0x21}], 0x2, &(0x7f0000000480)=""/227, 0xe3, 0x2}, 0x40000000) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000005c0)={@multicast1=0xe0000001, @broadcast=0xffffffff, r4}, 0xc) ioctl$DRM_IOCTL_GEM_CLOSE(r2, 0x40086409, &(0x7f0000000100)={r3}) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x80000000}, 0x1c) 2018/03/31 10:51:12 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) 2018/03/31 10:51:12 executing program 6 (fault-call:10 fault-nth:8): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:12 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) r4 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r5 = dup2(r4, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 115.733280] binder: undelivered death notification, 0000000000000000 [ 115.781355] FAULT_INJECTION: forcing a failure. [ 115.781355] name failslab, interval 1, probability 0, space 0, times 0 [ 115.792666] CPU: 1 PID: 9232 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 115.799774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.809131] Call Trace: [ 115.811713] dump_stack+0x194/0x24d [ 115.815328] ? arch_local_irq_restore+0x53/0x53 [ 115.819985] ? __kernel_text_address+0xd/0x40 [ 115.824485] should_fail+0x8c0/0xa40 [ 115.828187] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 115.833273] ? save_stack+0xa3/0xd0 [ 115.836887] ? trace_event_raw_event_lock+0x340/0x340 [ 115.842060] ? dup_fd+0x110/0xdf0 [ 115.845491] ? copy_process.part.38+0x20c4/0x4bd0 [ 115.850313] ? _do_fork+0x1f7/0xf70 [ 115.853918] ? SyS_clone+0x37/0x50 [ 115.857439] ? do_syscall_64+0x281/0x940 [ 115.861483] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 115.866837] ? find_held_lock+0x35/0x1d0 [ 115.870897] ? check_same_owner+0x320/0x320 [ 115.875204] ? rcu_note_context_switch+0x710/0x710 [ 115.880116] ? dup_fd+0x882/0xdf0 [ 115.883652] should_failslab+0xec/0x120 [ 115.887611] kmem_cache_alloc_trace+0x4b/0x740 [ 115.892179] ? do_raw_spin_trylock+0x190/0x190 [ 115.896746] ? __lock_is_held+0xb6/0x140 [ 115.900795] alloc_fdtable+0x7f/0x280 [ 115.905041] dup_fd+0x8b8/0xdf0 [ 115.908312] ? __fdget+0x20/0x20 [ 115.911669] ? perf_event_init_task+0x1ce/0x890 [ 115.916320] ? sched_fork+0x476/0xc10 [ 115.920107] ? ktime_get_with_offset+0x2c1/0x420 [ 115.924848] ? copy_semundo+0xb5/0x320 [ 115.928718] ? SyS_semop+0x30/0x30 [ 115.932243] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 115.937338] ? __lockdep_init_map+0xe4/0x650 [ 115.941727] ? security_task_alloc+0x81/0xb0 [ 115.946123] copy_process.part.38+0x20c4/0x4bd0 [ 115.950787] ? __cleanup_sighand+0x40/0x40 [ 115.955026] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 115.960205] ? __lock_acquire+0x664/0x3e00 [ 115.964448] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 115.969621] ? perf_trace_lock+0xd6/0x900 [ 115.973761] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 115.978933] ? perf_trace_lock+0xd6/0x900 [ 115.983063] ? mntput_no_expire+0x130/0xa90 [ 115.987372] ? trace_event_raw_event_lock+0x340/0x340 [ 115.992545] ? perf_trace_lock+0xd6/0x900 [ 115.996679] ? lock_acquire+0x1d5/0x580 [ 116.000634] ? trace_hardirqs_off+0x10/0x10 [ 116.004938] ? perf_trace_lock+0xd6/0x900 [ 116.009084] ? find_held_lock+0x35/0x1d0 [ 116.013143] ? perf_trace_lock+0xd6/0x900 [ 116.017277] ? trace_event_raw_event_lock+0x340/0x340 [ 116.022450] ? _parse_integer+0x140/0x140 [ 116.026585] ? trace_hardirqs_off+0x10/0x10 [ 116.030894] ? get_pid_task+0x93/0x140 [ 116.034766] ? perf_trace_lock+0xd6/0x900 [ 116.038911] ? find_held_lock+0x35/0x1d0 [ 116.042964] ? __f_unlock_pos+0x19/0x20 [ 116.046921] ? lock_downgrade+0x980/0x980 [ 116.051052] ? get_pid_task+0xbc/0x140 [ 116.054924] ? proc_fail_nth_write+0x9b/0x1d0 [ 116.059404] ? map_files_get_link+0x3a0/0x3a0 [ 116.063884] ? handle_mm_fault+0x35b/0xb10 [ 116.068117] _do_fork+0x1f7/0xf70 [ 116.071556] ? fork_idle+0x2d0/0x2d0 [ 116.075252] ? wait_for_completion+0x770/0x770 [ 116.079836] ? __sb_end_write+0xa0/0xd0 [ 116.084839] ? fput+0xd2/0x140 [ 116.088042] ? SyS_write+0x184/0x220 [ 116.091739] ? SyS_read+0x220/0x220 [ 116.095353] SyS_clone+0x37/0x50 [ 116.098702] ? sys_vfork+0x30/0x30 [ 116.102226] do_syscall_64+0x281/0x940 [ 116.106093] ? vmalloc_sync_all+0x30/0x30 [ 116.110220] ? _raw_spin_unlock_irq+0x27/0x70 [ 116.114696] ? finish_task_switch+0x1c1/0x7e0 [ 116.119175] ? syscall_return_slowpath+0x550/0x550 [ 116.124087] ? syscall_return_slowpath+0x2ac/0x550 [ 116.129004] ? prepare_exit_to_usermode+0x350/0x350 [ 116.134018] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 116.139375] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 116.144376] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.149546] RIP: 0033:0x454e79 [ 116.152716] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 116.160404] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 116.167655] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 116.174905] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 2018/03/31 10:51:12 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x0, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 116.182158] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 116.189408] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000008 2018/03/31 10:51:12 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000007c0)={{{@in=@local, @in6=@local}}, {{@in6=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000080)=0xe8) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000008c0)=ANY=[@ANYBLOB="0300004700df35254c17b8e9ca47b41d5398d811b936f9a731a6c8e6d305e3e47416ab13360a97eca9bd1f9763f823f7bf954d8562d7c0bb3d0292cd499314ade0a7f6bebd285074aa15d5484a18ac0e374677f0774f85375d2e028763c203c1ba7e62d4565175c1c9c4d971781e5a37c7cd44f979a797926186934f18238297a88285112981e495a471418d884d00a24e7fc311018c05c54867ecf868ebd0544e27d0d0e8b178eb62a56ede20e28ff2f7ab070000004b495f1129975d302d58282d3934c20c50d8e2016d48f8a16ba10000000322cb3b5166ce920846b2ee2b8287b55f99739ca2394f42bc3ca1ccad6646d15813cd888045045b2aaf40778b33f86c0b0cdf63e60d5d0cf010c71897dde669eb18ce58139b09ad17f0fd5cca"], 0x120) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x300000ff, &(0x7f0000000700)="ee08551b499a51914e68e23b4677c1ddd35233d0d3614d5d462d48122174611d7b6179e9e852fc0ce78f8389dde9d2de0bc6f1565c8cd519674adcc0435aa0051d0a9ddbb137de42472ffcb776eebfd51bcfef894b9325a17867ff036c8c2fbfce956d86d46130339a91ad512bbbb78f7a46466187610707f1c3959287393a997c306d1076efc834fbb8da883f6d34489e39840f99f0b72c0b03100bc07cdcafe8", &(0x7f00009c4ffc), &(0x7f0000000040), &(0x7f0000000540)="3e96fb18604de12845f46319d52d093b182eb5590c594f6f4ff643e71453c3e9be5d9e05318df803104448f7ef48c90ba5d77c798e415c6716c2cf10286b9c498e15cbe2ad37baec96edb924c131b231b4a7ba1148339a441edd2465513118c1013fa9514484685550e23f31c13b77814edf715457b4b29a49f7b8023e6fa68674b86b9cadb480943bff93515b1fd2cb9622d1bb567251da9a96715827f0bd224886c468c68c4befb8906027aa4bef49d59c69b3219154250034ddde059d11e36075ddf9abc7ac654dd2e739") mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x17, &(0x7f0000000000)=0x4, 0x4) 2018/03/31 10:51:12 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) [ 116.225680] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_icmp(0x2, 0x2, 0x1) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = eventfd(0x0) ppoll(&(0x7f0000000400)=[{r0, 0x28}, {r1, 0x8}, {r2, 0x8204}, {r4, 0x1004}], 0x4, &(0x7f0000000440)={0x77359400}, &(0x7f0000000480)={0x978c}, 0x8) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000080)=0x0) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x280000, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000000540), 0x4) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x7, 0xfff, 0x1, 0x200, 0x0, 0x10001, 0x100, 0x2, 0xffffffffffffffb9, 0x691, 0xfffffffffffff727, 0x1, 0x8001, 0x7f, 0x8, 0x6, 0x40, 0x100000000, 0xffffffffffffff80, 0x23df, 0x7bffa824, 0xffff, 0x0, 0xffff, 0x3, 0x7, 0x9, 0x100000000, 0x6, 0x7fff, 0x3, 0x401, 0x1000, 0x9, 0x3, 0x7, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000040), 0x6}, 0x20000, 0x5, 0x80000000, 0x3, 0x0, 0x92, 0x7}, r5, 0x9, r6, 0xa) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) pselect6(0x40, &(0x7f0000000240)={0x0, 0x3, 0x7fffffff, 0x10000, 0xfc, 0x5, 0x9, 0x918}, &(0x7f0000000280)={0x4ca, 0x6483, 0x8, 0x8000, 0x1000, 0x1bba, 0x5, 0x5}, &(0x7f00000002c0)={0x7, 0x8, 0x9, 0x80000001, 0x9, 0x0, 0x101, 0x7fff}, &(0x7f0000000300)={0x0, 0x1c9c380}, &(0x7f0000000380)={&(0x7f0000000340)={0x8}, 0x8}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f00000004c0), &(0x7f0000000500)=0x4) setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:12 executing program 6 (fault-call:10 fault-nth:9): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:12 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x0, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:12 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 116.361168] FAULT_INJECTION: forcing a failure. [ 116.361168] name failslab, interval 1, probability 0, space 0, times 0 [ 116.372602] CPU: 0 PID: 9260 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 116.379705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.389043] Call Trace: [ 116.391618] dump_stack+0x194/0x24d [ 116.395229] ? arch_local_irq_restore+0x53/0x53 [ 116.399878] ? is_bpf_text_address+0xa4/0x120 [ 116.404360] should_fail+0x8c0/0xa40 [ 116.408059] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 116.413145] ? save_stack+0xa3/0xd0 [ 116.416753] ? save_stack+0x43/0xd0 [ 116.420357] ? kasan_kmalloc+0xad/0xe0 [ 116.424312] ? kmem_cache_alloc_trace+0x136/0x740 [ 116.429138] ? find_held_lock+0x35/0x1d0 [ 116.433186] ? check_same_owner+0x320/0x320 [ 116.437497] ? rcu_note_context_switch+0x710/0x710 [ 116.442412] should_failslab+0xec/0x120 [ 116.446367] kmem_cache_alloc_node_trace+0x5a/0x760 [ 116.451368] ? alloc_fdtable+0x7f/0x280 [ 116.455329] __kmalloc_node+0x33/0x70 [ 116.459110] kvmalloc_node+0x99/0xd0 [ 116.462803] alloc_fdtable+0xcf/0x280 [ 116.466582] dup_fd+0x8b8/0xdf0 [ 116.469842] ? __fdget+0x20/0x20 [ 116.473191] ? perf_event_init_task+0x1ce/0x890 [ 116.477841] ? sched_fork+0x476/0xc10 [ 116.481623] ? ktime_get_with_offset+0x2c1/0x420 [ 116.486358] ? copy_semundo+0xb5/0x320 [ 116.490221] ? SyS_semop+0x30/0x30 [ 116.493746] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 116.498746] ? __lockdep_init_map+0xe4/0x650 [ 116.503133] ? security_task_alloc+0x81/0xb0 [ 116.507524] copy_process.part.38+0x20c4/0x4bd0 [ 116.512179] ? __cleanup_sighand+0x40/0x40 [ 116.516399] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 116.521576] ? __lock_acquire+0x664/0x3e00 [ 116.525790] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 116.530958] ? perf_trace_lock+0xd6/0x900 [ 116.535089] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 116.540257] ? perf_trace_lock+0xd6/0x900 [ 116.544383] ? mntput_no_expire+0x130/0xa90 [ 116.548685] ? trace_event_raw_event_lock+0x340/0x340 [ 116.553856] ? perf_trace_lock+0xd6/0x900 [ 116.557986] ? lock_acquire+0x1d5/0x580 [ 116.561941] ? trace_hardirqs_off+0x10/0x10 [ 116.566242] ? perf_trace_lock+0xd6/0x900 [ 116.570383] ? find_held_lock+0x35/0x1d0 [ 116.574442] ? perf_trace_lock+0xd6/0x900 [ 116.578571] ? trace_event_raw_event_lock+0x340/0x340 [ 116.583744] ? _parse_integer+0x140/0x140 [ 116.587876] ? trace_hardirqs_off+0x10/0x10 [ 116.592177] ? get_pid_task+0x93/0x140 [ 116.596043] ? perf_trace_lock+0xd6/0x900 [ 116.600171] ? find_held_lock+0x35/0x1d0 [ 116.604219] ? __f_unlock_pos+0x19/0x20 [ 116.608173] ? lock_downgrade+0x980/0x980 [ 116.612298] ? get_pid_task+0xbc/0x140 [ 116.616165] ? proc_fail_nth_write+0x9b/0x1d0 [ 116.620641] ? map_files_get_link+0x3a0/0x3a0 [ 116.625116] ? handle_mm_fault+0x35b/0xb10 [ 116.629334] _do_fork+0x1f7/0xf70 [ 116.633202] ? fork_idle+0x2d0/0x2d0 [ 116.636897] ? wait_for_completion+0x770/0x770 [ 116.641471] ? __sb_end_write+0xa0/0xd0 [ 116.645431] ? fput+0xd2/0x140 [ 116.648605] ? SyS_write+0x184/0x220 [ 116.652296] ? SyS_read+0x220/0x220 [ 116.655903] SyS_clone+0x37/0x50 [ 116.659245] ? sys_vfork+0x30/0x30 [ 116.662763] do_syscall_64+0x281/0x940 [ 116.666631] ? vmalloc_sync_all+0x30/0x30 [ 116.670756] ? _raw_spin_unlock_irq+0x27/0x70 [ 116.675227] ? finish_task_switch+0x1c1/0x7e0 [ 116.679792] ? syscall_return_slowpath+0x550/0x550 [ 116.684702] ? syscall_return_slowpath+0x2ac/0x550 [ 116.689608] ? prepare_exit_to_usermode+0x350/0x350 [ 116.694606] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 116.699950] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 116.704776] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.709944] RIP: 0033:0x454e79 [ 116.713109] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 116.720799] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 116.728049] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 116.735297] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 116.742546] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 116.749797] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000009 [ 116.816192] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xb) sendmsg$nl_crypto(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)=@upd={0x120, 0x12, 0x400, 0x70bd25, 0x25dfdbfb, {{'xts(camellia)\x00'}, [], [], 0x2400, 0x2000}, [{0x8, 0x1, 0x40}, {0x8, 0x1, 0x401}, {0x8, 0x1, 0x401}, {0x8, 0x1}, {0x8, 0x1, 0x101}, {0x8, 0x1}, {0x8, 0x1, 0x2}, {0x8, 0x1, 0x8001}]}, 0x120}, 0x1, 0x0, 0x0, 0x4040}, 0x20000000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) pipe(&(0x7f00000000c0)) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000300)=ANY=[@ANYBLOB="3d8c0f0f00000000200000000a000000ffffffffff02060000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:13 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x80020000, &(0x7f0000000540)="615c14eba3f71cfbea81f965ec605b07936947fef096966f054ec2410e84c132d2fdb6db7d51ecebae381d615e110432fc623cefbc27c456ccd1bb8f86759da91bbc449c6e3c0fcb218dd90d02418349d067642354acbd667beb35b91782a6b03d5bcba7cae301317bba67fca62597b467db5a67d49c7fe774fbbb94bb577641b9d87aa38dfd833a8d0c16a70cfc237f2fb6fd54431101882831139421c6df1be8e778f876daab8e2d709b93c415e4f2224b96dcec9c083f1388dcacb9b0e3958c14b3767a4acc3b19c8952ddeba34af9a028b2302ba8b7d4246368cc3fc55eed5f3f36932acdeee1a3d814ad92844e88d18341fa8af737646d60d4810dd8a5b1fd39e490963a854db37a630c911c184", &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:13 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) r4 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r5 = dup2(r4, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:13 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) 2018/03/31 10:51:13 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x0, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:13 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x0, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:13 executing program 6 (fault-call:10 fault-nth:10): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 116.932939] FAULT_INJECTION: forcing a failure. [ 116.932939] name failslab, interval 1, probability 0, space 0, times 0 [ 116.944309] CPU: 1 PID: 9295 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 116.951409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.960764] Call Trace: [ 116.963360] dump_stack+0x194/0x24d [ 116.967001] ? arch_local_irq_restore+0x53/0x53 [ 116.971698] should_fail+0x8c0/0xa40 [ 116.975426] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/03/31 10:51:13 executing program 5: accept(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @dev}}}, &(0x7f0000000080)=0x80) accept$unix(r0, &(0x7f00000001c0)=@abs, &(0x7f0000000280)=0x6e) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f0000000040)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 116.980542] ? save_stack+0xa3/0xd0 [ 116.984179] ? find_held_lock+0x35/0x1d0 [ 116.988260] ? check_same_owner+0x320/0x320 [ 116.992596] ? rcu_note_context_switch+0x710/0x710 [ 116.997546] should_failslab+0xec/0x120 [ 117.001529] kmem_cache_alloc_node_trace+0x5a/0x760 [ 117.006557] ? kasan_unpoison_shadow+0x35/0x50 [ 117.011160] __kmalloc_node+0x33/0x70 [ 117.014974] kvmalloc_node+0x99/0xd0 [ 117.018675] alloc_fdtable+0x13b/0x280 [ 117.022546] dup_fd+0x8b8/0xdf0 [ 117.025811] ? __fdget+0x20/0x20 [ 117.029160] ? perf_event_init_task+0x1ce/0x890 [ 117.033811] ? sched_fork+0x476/0xc10 [ 117.037591] ? ktime_get_with_offset+0x2c1/0x420 [ 117.042327] ? copy_semundo+0xb5/0x320 [ 117.046189] ? SyS_semop+0x30/0x30 [ 117.049710] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 117.054712] ? __lockdep_init_map+0xe4/0x650 [ 117.059098] ? security_task_alloc+0x81/0xb0 [ 117.063487] copy_process.part.38+0x20c4/0x4bd0 [ 117.068142] ? __cleanup_sighand+0x40/0x40 [ 117.072363] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 117.077535] ? __lock_acquire+0x664/0x3e00 [ 117.081750] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 117.086931] ? perf_trace_lock+0xd6/0x900 [ 117.091069] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 117.096238] ? perf_trace_lock+0xd6/0x900 [ 117.100368] ? mntput_no_expire+0x130/0xa90 [ 117.104673] ? trace_event_raw_event_lock+0x340/0x340 [ 117.109840] ? perf_trace_lock+0xd6/0x900 [ 117.113982] ? lock_acquire+0x1d5/0x580 [ 117.117935] ? trace_hardirqs_off+0x10/0x10 [ 117.122236] ? perf_trace_lock+0xd6/0x900 [ 117.126636] ? find_held_lock+0x35/0x1d0 [ 117.130852] ? perf_trace_lock+0xd6/0x900 [ 117.134982] ? trace_event_raw_event_lock+0x340/0x340 [ 117.140150] ? _parse_integer+0x140/0x140 [ 117.144282] ? trace_hardirqs_off+0x10/0x10 [ 117.148583] ? get_pid_task+0x93/0x140 [ 117.152450] ? perf_trace_lock+0xd6/0x900 [ 117.156577] ? find_held_lock+0x35/0x1d0 [ 117.160620] ? __f_unlock_pos+0x19/0x20 [ 117.164582] ? lock_downgrade+0x980/0x980 [ 117.168716] ? get_pid_task+0xbc/0x140 [ 117.172587] ? proc_fail_nth_write+0x9b/0x1d0 [ 117.177062] ? map_files_get_link+0x3a0/0x3a0 [ 117.181538] ? handle_mm_fault+0x35b/0xb10 [ 117.185760] _do_fork+0x1f7/0xf70 [ 117.189198] ? fork_idle+0x2d0/0x2d0 [ 117.192894] ? wait_for_completion+0x770/0x770 [ 117.197470] ? __sb_end_write+0xa0/0xd0 [ 117.201425] ? fput+0xd2/0x140 [ 117.204594] ? SyS_write+0x184/0x220 [ 117.208288] ? SyS_read+0x220/0x220 [ 117.211903] SyS_clone+0x37/0x50 [ 117.215267] ? sys_vfork+0x30/0x30 [ 117.218786] do_syscall_64+0x281/0x940 [ 117.222655] ? vmalloc_sync_all+0x30/0x30 [ 117.226780] ? _raw_spin_unlock_irq+0x27/0x70 [ 117.231257] ? finish_task_switch+0x1c1/0x7e0 [ 117.235733] ? syscall_return_slowpath+0x550/0x550 [ 117.240646] ? syscall_return_slowpath+0x2ac/0x550 [ 117.245557] ? prepare_exit_to_usermode+0x350/0x350 [ 117.250553] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 117.255915] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 117.260739] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 117.265918] RIP: 0033:0x454e79 [ 117.269085] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 117.276781] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 2018/03/31 10:51:13 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000092c3fc909f032c9548a54b6cb3c0cb2879db45c8212d39073e9421520000000000000000010000000000000000c974a103024690a2e1a850222bb1000000000000000000000000100b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000bd8cce2859896e532398cbc783466590018eed32db18f086eaf3a0d816b48f3632ce3700000000000000a3ebbaa5782ea17af06fe07fb7e581dedf1b28f320c1ec2b3b301fedc658d88178bba4191989275df94dba83f8210396813f4ff22fa7e11048bdfecbc13288fa6f6c5a014dd7f55ef937c781a1e4ddb8ef8dd99c4f3fd38a2090ce1d19e31fea4f3f208670e429c6052039cf3fe8496029dae661be3946df636821a692c73ff9f90d943f9facc82320e45273f237228a65748c2442aaac078fa976a50d3811f53bb2fae55d4725c927bc42fca4bf227faf7942f2f4ed461a31eeb80d1be8d149c13fc321215160319580651bdd297a2b561c56ddd31a8540dfda4d61ee7c4590dba2191e0c4783367d05f92e8d936eb9f0f380f5ec2c46fb011a5de3e1d123b0d427c2c619fc6050b7"], 0x1) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)) [ 117.284033] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 117.291282] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 117.298529] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 117.305787] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000000a 2018/03/31 10:51:13 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:14 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000040)=0xfffffe27) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) openat(r1, &(0x7f0000000000)='./file1\x00', 0x80, 0x10) [ 117.334777] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:14 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x0, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 117.433137] xprt_adjust_timeout: rq_timeout = 0! [ 117.814269] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:14 executing program 6 (fault-call:10 fault-nth:11): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:14 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff0200000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000130000003d6e3fb6c544f73f3bf353991a5c03f73e991a7a1857f5ccd2c8537e97c740261b598d476368f83494d8c5ffe4541d26eff1ba8f9bd6daa0d300000000000000000000000000"], 0x1) 2018/03/31 10:51:14 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x0, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:14 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:14 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) r4 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r5 = dup2(r4, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:14 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) accept(r0, &(0x7f0000000000)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @dev}}}, &(0x7f0000000080)=0x80) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000100)) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)=ANY=[@ANYBLOB="000002001800974a39a3000094adcaa97b9324336b4ba7b60d65fcaf0dbf600b2c411640a0a9b2c5dc224e246a471a7a9f414c381cd02691e3e38ac1bc044dc44d0766faa2e3e3a0c5a811537c346f513a9ccebdd2ca85dbb849dd2c16cfc16baa75a7895ecc3850296dd67ac8b7ae71e00740186df6d44b"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:14 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 117.936015] FAULT_INJECTION: forcing a failure. [ 117.936015] name failslab, interval 1, probability 0, space 0, times 0 [ 117.947369] CPU: 1 PID: 9349 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 117.954472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.963826] Call Trace: [ 117.966422] dump_stack+0x194/0x24d [ 117.970060] ? arch_local_irq_restore+0x53/0x53 [ 117.974749] should_fail+0x8c0/0xa40 [ 117.978480] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/03/31 10:51:14 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:14 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 117.983599] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 117.988374] ? find_held_lock+0x35/0x1d0 [ 117.992468] ? check_same_owner+0x320/0x320 [ 117.996803] ? rcu_note_context_switch+0x710/0x710 [ 118.001759] ? perf_event_init_task+0x1ce/0x890 [ 118.006439] should_failslab+0xec/0x120 [ 118.008261] xprt_adjust_timeout: rq_timeout = 0! [ 118.010413] kmem_cache_alloc+0x47/0x760 [ 118.010430] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 118.010449] copy_fs_struct+0x48/0x2d0 [ 118.010466] copy_process.part.38+0x2070/0x4bd0 [ 118.010490] ? __cleanup_sighand+0x40/0x40 [ 118.010513] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 118.010527] ? __lock_acquire+0x664/0x3e00 [ 118.023365] xprt_adjust_timeout: rq_timeout = 0! [ 118.024332] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 118.024347] ? perf_trace_lock+0xd6/0x900 [ 118.024370] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 118.024380] ? perf_trace_lock+0xd6/0x900 [ 118.024394] ? mntput_no_expire+0x130/0xa90 [ 118.024413] ? trace_event_raw_event_lock+0x340/0x340 [ 118.024422] ? perf_trace_lock+0xd6/0x900 2018/03/31 10:51:14 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x0, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:14 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)=ANY=[@ANYBLOB="007f5e990e705a76dcd700fa03fdff00"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 118.024438] ? lock_acquire+0x1d5/0x580 [ 118.088275] ? trace_hardirqs_off+0x10/0x10 [ 118.092615] ? perf_trace_lock+0xd6/0x900 [ 118.096777] ? find_held_lock+0x35/0x1d0 [ 118.100847] ? perf_trace_lock+0xd6/0x900 [ 118.105002] ? trace_event_raw_event_lock+0x340/0x340 [ 118.110191] ? _parse_integer+0x140/0x140 [ 118.114327] ? trace_hardirqs_off+0x10/0x10 [ 118.118629] ? get_pid_task+0x93/0x140 [ 118.122495] ? perf_trace_lock+0xd6/0x900 [ 118.126624] ? find_held_lock+0x35/0x1d0 [ 118.130672] ? __f_unlock_pos+0x19/0x20 [ 118.134626] ? lock_downgrade+0x980/0x980 [ 118.138754] ? get_pid_task+0xbc/0x140 [ 118.142621] ? proc_fail_nth_write+0x9b/0x1d0 [ 118.147095] ? map_files_get_link+0x3a0/0x3a0 [ 118.151569] ? handle_mm_fault+0x35b/0xb10 [ 118.155782] _do_fork+0x1f7/0xf70 [ 118.159218] ? fork_idle+0x2d0/0x2d0 [ 118.162910] ? wait_for_completion+0x770/0x770 [ 118.167488] ? __sb_end_write+0xa0/0xd0 [ 118.171447] ? fput+0xd2/0x140 [ 118.174618] ? SyS_write+0x184/0x220 [ 118.178314] ? SyS_read+0x220/0x220 [ 118.181947] SyS_clone+0x37/0x50 [ 118.185291] ? sys_vfork+0x30/0x30 [ 118.188815] do_syscall_64+0x281/0x940 [ 118.192686] ? vmalloc_sync_all+0x30/0x30 [ 118.196814] ? _raw_spin_unlock_irq+0x27/0x70 [ 118.201290] ? finish_task_switch+0x1c1/0x7e0 [ 118.205768] ? syscall_return_slowpath+0x550/0x550 [ 118.210678] ? syscall_return_slowpath+0x2ac/0x550 [ 118.215588] ? prepare_exit_to_usermode+0x350/0x350 [ 118.220586] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 118.225938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 118.230764] entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 10:51:14 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 118.235938] RIP: 0033:0x454e79 [ 118.239105] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 118.246795] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 118.254057] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 118.261308] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 118.268554] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 118.275802] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000000b 2018/03/31 10:51:14 executing program 6 (fault-call:10 fault-nth:12): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:14 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:15 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000f803000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 118.390153] FAULT_INJECTION: forcing a failure. [ 118.390153] name failslab, interval 1, probability 0, space 0, times 0 [ 118.401466] CPU: 0 PID: 9383 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 118.408571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.417926] Call Trace: [ 118.420518] dump_stack+0x194/0x24d [ 118.424155] ? arch_local_irq_restore+0x53/0x53 [ 118.428829] ? perf_trace_lock_acquire+0xe3/0x980 [ 118.433685] should_fail+0x8c0/0xa40 2018/03/31 10:51:15 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:15 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x420000, 0x0) getsockopt$nfc_llcp(r1, 0x118, 0x3, &(0x7f0000000080)=""/31, 0x1f) r2 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000200)="cac4d754d832b92239ddccdbc9714b91249582be11bf1ea5b6a0e8ff0360ed86c37973d300d86af303761edd865c07beb9cdbed231ec06a49ce004b7f2a0c989a346b51c19b35b7cb0646bd60ae893cf3001f794224e0ddbd0835edd98c02a739343881a42", 0x65, 0x0) keyctl$setperm(0x5, r2, 0x8030404) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="80000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) seccomp(0x0, 0x1, &(0x7f0000000300)={0x9, &(0x7f0000000280)=[{0x8, 0x401, 0x3ff}, {0x10000, 0x6, 0x8, 0x5}, {0xffffffff, 0x7, 0x80000001, 0xfffffffffffeffff}, {0x7, 0x1, 0xffffffff, 0x2}, {0x6, 0x10001, 0xfffffffffffffffb, 0xfffc000000000000}, {0x100000001, 0x9, 0x6f22, 0x10000}, {0x10001, 0xfffffffffffffffd, 0x4}, {0x2, 0x81, 0x8ae, 0xfffffffffffffff7}, {0x8ba, 0x8, 0x4, 0x1}]}) [ 118.437402] ? trace_event_raw_event_lock+0x340/0x340 [ 118.442620] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 118.447729] ? do_syscall_64+0x281/0x940 [ 118.451799] ? trace_hardirqs_off+0x10/0x10 [ 118.456140] ? find_held_lock+0x35/0x1d0 [ 118.460227] ? check_same_owner+0x320/0x320 [ 118.464562] ? rcu_note_context_switch+0x710/0x710 [ 118.465006] xprt_adjust_timeout: rq_timeout = 0! [ 118.469499] should_failslab+0xec/0x120 [ 118.469514] kmem_cache_alloc+0x47/0x760 [ 118.469532] ? _raw_spin_unlock+0x22/0x30 [ 118.469546] ? copy_fs_struct+0x247/0x2d0 [ 118.469562] copy_process.part.38+0x2148/0x4bd0 [ 118.469581] ? __cleanup_sighand+0x40/0x40 [ 118.476797] xprt_adjust_timeout: rq_timeout = 0! [ 118.478302] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 118.478320] ? __lock_acquire+0x664/0x3e00 [ 118.478332] ? perf_trace_lock+0x900/0x900 [ 118.478344] ? perf_trace_lock+0xd6/0x900 [ 118.478356] ? perf_trace_lock_acquire+0xe3/0x980 [ 118.478378] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 118.532028] ? perf_trace_lock+0xd6/0x900 [ 118.536181] ? perf_trace_lock_acquire+0xe3/0x980 [ 118.541031] ? trace_event_raw_event_lock+0x340/0x340 [ 118.546228] ? perf_trace_lock+0x900/0x900 [ 118.550474] ? lock_acquire+0x1d5/0x580 [ 118.554462] ? trace_hardirqs_off+0x10/0x10 [ 118.558787] ? perf_trace_lock+0xd6/0x900 [ 118.562960] ? perf_trace_lock_acquire+0xe3/0x980 [ 118.567816] ? perf_trace_lock+0x900/0x900 [ 118.572035] ? find_held_lock+0x35/0x1d0 [ 118.576085] ? perf_trace_lock+0xd6/0x900 [ 118.580219] ? trace_event_raw_event_lock+0x340/0x340 [ 118.585391] ? _parse_integer+0x140/0x140 [ 118.589526] ? trace_hardirqs_off+0x10/0x10 [ 118.593834] ? get_pid_task+0x93/0x140 [ 118.597704] ? perf_trace_lock+0xd6/0x900 [ 118.601837] ? find_held_lock+0x35/0x1d0 [ 118.605889] ? __f_unlock_pos+0x19/0x20 [ 118.609842] ? lock_downgrade+0x980/0x980 [ 118.613968] ? get_pid_task+0xbc/0x140 [ 118.617838] ? proc_fail_nth_write+0x9b/0x1d0 [ 118.622314] ? map_files_get_link+0x3a0/0x3a0 [ 118.626792] ? handle_mm_fault+0x35b/0xb10 [ 118.631020] _do_fork+0x1f7/0xf70 [ 118.634464] ? fork_idle+0x2d0/0x2d0 [ 118.638162] ? wait_for_completion+0x770/0x770 [ 118.642747] ? __sb_end_write+0xa0/0xd0 [ 118.646705] ? fput+0xd2/0x140 [ 118.649881] ? SyS_write+0x184/0x220 [ 118.653577] ? SyS_read+0x220/0x220 [ 118.657208] SyS_clone+0x37/0x50 [ 118.660557] ? sys_vfork+0x30/0x30 [ 118.664087] do_syscall_64+0x281/0x940 [ 118.667955] ? vmalloc_sync_all+0x30/0x30 [ 118.672082] ? _raw_spin_unlock_irq+0x27/0x70 [ 118.676570] ? finish_task_switch+0x1c1/0x7e0 [ 118.681049] ? syscall_return_slowpath+0x550/0x550 [ 118.685961] ? syscall_return_slowpath+0x2ac/0x550 [ 118.690872] ? prepare_exit_to_usermode+0x350/0x350 [ 118.695871] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 118.701219] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 118.706052] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 118.711228] RIP: 0033:0x454e79 [ 118.714398] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 118.722089] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 118.729340] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 118.736592] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 118.743841] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 118.751092] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000000c [ 118.884124] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:15 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x0, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:15 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsync(r1) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000040)=0x81, 0x4) 2018/03/31 10:51:15 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:15 executing program 6 (fault-call:10 fault-nth:13): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:15 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0x0, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:15 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) r4 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r5 = dup2(r4, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:15 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0xa, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) fcntl$getownex(r1, 0x10, &(0x7f0000000100)={0x0, 0x0}) ptrace$cont(0x3f, r2, 0x10001, 0x9) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x881, 0x2002) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x9ca, 0x8, 0x9, 0x5, 0x5, 0x7, 0x8}, 0x1c) rt_sigsuspend(&(0x7f0000000380)={0x2}, 0x8) getpeername(r3, &(0x7f00000001c0)=@nfc_llcp, &(0x7f0000000140)=0x80) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r4 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'ip6tnl0\x00', 0x600}) mlock2(&(0x7f0000a95000/0x1000)=nil, 0x1000, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) 2018/03/31 10:51:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:15 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0x0, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:15 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000040)=0x80000001) [ 119.013118] xprt_adjust_timeout: rq_timeout = 0! [ 119.030968] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:15 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x0, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:15 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 119.081996] FAULT_INJECTION: forcing a failure. [ 119.081996] name failslab, interval 1, probability 0, space 0, times 0 [ 119.093400] CPU: 0 PID: 9435 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 119.100534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.109895] Call Trace: [ 119.112492] dump_stack+0x194/0x24d [ 119.116147] ? arch_local_irq_restore+0x53/0x53 [ 119.120836] should_fail+0x8c0/0xa40 [ 119.124562] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 119.129679] ? is_bpf_text_address+0x7b/0x120 [ 119.134191] ? lock_downgrade+0x980/0x980 [ 119.138351] ? lock_release+0xa40/0xa40 [ 119.142348] ? find_held_lock+0x35/0x1d0 [ 119.146443] ? check_same_owner+0x320/0x320 [ 119.150774] ? __save_stack_trace+0x7e/0xd0 [ 119.155096] ? rcu_note_context_switch+0x710/0x710 [ 119.160028] should_failslab+0xec/0x120 [ 119.164003] kmem_cache_alloc+0x47/0x760 [ 119.168073] ? save_stack+0x43/0xd0 [ 119.171683] ? kasan_kmalloc+0xad/0xe0 [ 119.175554] ? kasan_slab_alloc+0x12/0x20 [ 119.179684] ? kmem_cache_alloc+0x12e/0x760 [ 119.184000] ? copy_process.part.38+0x2148/0x4bd0 [ 119.188833] ? _do_fork+0x1f7/0xf70 [ 119.192620] ? SyS_clone+0x37/0x50 [ 119.196159] ? do_syscall_64+0x281/0x940 [ 119.200225] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 119.205591] copy_signal+0xfe/0xa11 [ 119.209218] ? set_ti_thread_flag+0x1d/0x1d [ 119.213538] ? lock_downgrade+0x980/0x980 [ 119.217688] ? lock_release+0xa40/0xa40 [ 119.221650] ? memcg_kmem_get_cache+0x443/0x890 [ 119.226314] ? percpu_ref_put_many+0x132/0x220 [ 119.230890] ? rcu_pm_notify+0xc0/0xc0 [ 119.234771] ? copy_process.part.38+0x2148/0x4bd0 [ 119.239599] ? rcu_read_lock_sched_held+0x108/0x120 [ 119.244599] ? kmem_cache_alloc+0x466/0x760 [ 119.248912] ? _raw_spin_unlock+0x22/0x30 [ 119.253059] copy_process.part.38+0x1fb0/0x4bd0 [ 119.257725] ? __cleanup_sighand+0x40/0x40 [ 119.261958] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 119.267130] ? __lock_acquire+0x664/0x3e00 [ 119.271344] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 119.276523] ? perf_trace_lock+0xd6/0x900 [ 119.280684] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 119.285862] ? perf_trace_lock+0xd6/0x900 [ 119.289991] ? mntput_no_expire+0x130/0xa90 [ 119.294309] ? trace_event_raw_event_lock+0x340/0x340 [ 119.299488] ? perf_trace_lock+0xd6/0x900 [ 119.303626] ? lock_acquire+0x1d5/0x580 [ 119.307591] ? trace_hardirqs_off+0x10/0x10 [ 119.311901] ? perf_trace_lock+0xd6/0x900 [ 119.316052] ? find_held_lock+0x35/0x1d0 [ 119.320102] ? perf_trace_lock+0xd6/0x900 [ 119.324231] ? trace_event_raw_event_lock+0x340/0x340 [ 119.329429] ? _parse_integer+0x140/0x140 [ 119.333571] ? trace_hardirqs_off+0x10/0x10 [ 119.337874] ? get_pid_task+0x93/0x140 [ 119.341741] ? perf_trace_lock+0xd6/0x900 [ 119.345874] ? find_held_lock+0x35/0x1d0 [ 119.349919] ? __f_unlock_pos+0x19/0x20 [ 119.353876] ? lock_downgrade+0x980/0x980 [ 119.358016] ? get_pid_task+0xbc/0x140 [ 119.361893] ? proc_fail_nth_write+0x9b/0x1d0 [ 119.366369] ? map_files_get_link+0x3a0/0x3a0 [ 119.370845] ? handle_mm_fault+0x35b/0xb10 [ 119.375074] _do_fork+0x1f7/0xf70 [ 119.378518] ? fork_idle+0x2d0/0x2d0 [ 119.382217] ? wait_for_completion+0x770/0x770 [ 119.386821] ? __sb_end_write+0xa0/0xd0 [ 119.390780] ? fput+0xd2/0x140 [ 119.393956] ? SyS_write+0x184/0x220 [ 119.397662] ? SyS_read+0x220/0x220 [ 119.401277] SyS_clone+0x37/0x50 [ 119.404633] ? sys_vfork+0x30/0x30 [ 119.408171] do_syscall_64+0x281/0x940 [ 119.412053] ? vmalloc_sync_all+0x30/0x30 [ 119.416187] ? _raw_spin_unlock_irq+0x27/0x70 [ 119.420662] ? finish_task_switch+0x1c1/0x7e0 [ 119.425138] ? syscall_return_slowpath+0x550/0x550 [ 119.430060] ? syscall_return_slowpath+0x2ac/0x550 [ 119.434980] ? prepare_exit_to_usermode+0x350/0x350 [ 119.439985] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 119.445343] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 119.450169] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 119.455337] RIP: 0033:0x454e79 [ 119.458515] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 119.466212] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 119.473468] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 119.480716] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 119.487972] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 119.495219] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000000d [ 119.547128] xprt_adjust_timeout: rq_timeout = 0! [ 119.553751] xprt_adjust_timeout: rq_timeout = 0! [ 119.906143] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:16 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0x0, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:16 executing program 4: r0 = accept4$ipx(0xffffffffffffff9c, &(0x7f0000000140), &(0x7f00000001c0)=0x10, 0x800) flistxattr(r0, &(0x7f0000000380)=""/227, 0xe3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x103000, 0x0) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) ioctl$KVM_GET_NR_MMU_PAGES(r3, 0xae45, 0x401) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYPTR=&(0x7f0000000040)=ANY=[@ANYRES32=r1, @ANYRES64=r2, @ANYRES16=r1, @ANYPTR64, @ANYBLOB="aa83f86e73dfc840a78e36c63ac4609c430f5eb01dda99", @ANYPTR64, @ANYRES64=r1, @ANYRES32=r2], @ANYRES32=r1, @ANYRES64, @ANYRES64=r2, @ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYRES32=r2, @ANYBLOB="190a30d7b71befa3fc8456e070f7257e3f00bbab075e3ea9c1ade0839a54fe5972b0bcaf39820450a86e99ddb8c38911095a", @ANYRES32, @ANYRES16], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYRES64=r2, @ANYRES32=r1, @ANYRES32, @ANYRES16=r2, @ANYBLOB="d55779f60aaca001a36dc1688bb7841b9ad27f062a38472f8d63e5a6853a8612973110d6e901764160fff1f2b12fc22ad9a94992c8fb693d61c470b8568f8ab9590aa689fa8aee5bf980cdc2aae11aca9abbc0a903aa33bdf0db0acb88d8280265750918188847fc7362fa9a168859d7253681a83114b1a7000466e9d5a22159a1f932ff82a3b411f7fb5718ed42180deafdf509a1c1e5f5670dfef4e46e2a1a272f8a1f3cf84b72cf0d9cbb2cf6503ac8a47b1bcdcfc1a256776c070d3ed1aadb5c5f2b77a96121ad848da38150d0e867c46f1f284e9293d27ff68c845fbd71e40399897031b3d49e2bfedb6bc6cbb4"], @ANYRES32]], 0x1) 2018/03/31 10:51:16 executing program 6 (fault-call:10 fault-nth:14): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={0x0, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:16 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x0, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:16 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:16 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0xffffffff7ffffffb, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)=ANY=[@ANYBLOB="7b00020010008df70000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000000080)="5d0325f77c9c98997804b2", &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000000040)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:16 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) r4 = mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r5 = dup2(r4, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 120.111888] FAULT_INJECTION: forcing a failure. [ 120.111888] name failslab, interval 1, probability 0, space 0, times 0 [ 120.123197] CPU: 1 PID: 9465 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 120.130299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.139649] Call Trace: [ 120.142231] dump_stack+0x194/0x24d [ 120.145849] ? arch_local_irq_restore+0x53/0x53 [ 120.150606] should_fail+0x8c0/0xa40 [ 120.154309] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 120.159396] ? debug_mutex_init+0x1c/0x60 [ 120.163527] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 120.168528] ? __lockdep_init_map+0xe4/0x650 [ 120.172920] ? find_held_lock+0x35/0x1d0 [ 120.176968] ? find_held_lock+0x35/0x1d0 [ 120.181037] ? check_same_owner+0x320/0x320 [ 120.185347] ? rcu_note_context_switch+0x710/0x710 [ 120.190261] ? copy_mm+0x12ee/0x131f [ 120.193965] should_failslab+0xec/0x120 [ 120.197919] kmem_cache_alloc+0x47/0x760 [ 120.201964] ? copy_namespaces+0x1a3/0x400 [ 120.206187] create_new_namespaces+0x88/0x880 [ 120.210667] ? sys_ni_syscall+0x20/0x20 [ 120.214649] ? ns_capable_common+0xcf/0x160 [ 120.218962] copy_namespaces+0x340/0x400 [ 120.223011] ? create_new_namespaces+0x880/0x880 [ 120.227756] ? _raw_spin_unlock+0x22/0x30 [ 120.231894] copy_process.part.38+0x2380/0x4bd0 [ 120.236557] ? __cleanup_sighand+0x40/0x40 [ 120.240787] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 120.245964] ? __lock_acquire+0x664/0x3e00 [ 120.250201] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 120.255387] ? perf_trace_lock+0xd6/0x900 [ 120.259525] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 120.264693] ? perf_trace_lock+0xd6/0x900 [ 120.268821] ? mntput_no_expire+0x130/0xa90 [ 120.273126] ? trace_event_raw_event_lock+0x340/0x340 [ 120.278291] ? perf_trace_lock+0xd6/0x900 [ 120.282427] ? lock_acquire+0x1d5/0x580 [ 120.286381] ? trace_hardirqs_off+0x10/0x10 [ 120.290692] ? perf_trace_lock+0xd6/0x900 [ 120.294831] ? find_held_lock+0x35/0x1d0 [ 120.298879] ? perf_trace_lock+0xd6/0x900 [ 120.303012] ? trace_event_raw_event_lock+0x340/0x340 [ 120.308191] ? _parse_integer+0x140/0x140 [ 120.312324] ? trace_hardirqs_off+0x10/0x10 [ 120.316632] ? get_pid_task+0x93/0x140 [ 120.320506] ? perf_trace_lock+0xd6/0x900 [ 120.324642] ? find_held_lock+0x35/0x1d0 [ 120.328692] ? __f_unlock_pos+0x19/0x20 [ 120.332645] ? lock_downgrade+0x980/0x980 [ 120.336770] ? get_pid_task+0xbc/0x140 [ 120.340639] ? proc_fail_nth_write+0x9b/0x1d0 [ 120.345112] ? map_files_get_link+0x3a0/0x3a0 [ 120.349588] ? handle_mm_fault+0x35b/0xb10 [ 120.353810] _do_fork+0x1f7/0xf70 [ 120.357257] ? fork_idle+0x2d0/0x2d0 [ 120.360955] ? wait_for_completion+0x770/0x770 [ 120.365536] ? __sb_end_write+0xa0/0xd0 [ 120.369495] ? fput+0xd2/0x140 [ 120.372670] ? SyS_write+0x184/0x220 [ 120.376366] ? SyS_read+0x220/0x220 [ 120.379988] SyS_clone+0x37/0x50 [ 120.383337] ? sys_vfork+0x30/0x30 [ 120.386859] do_syscall_64+0x281/0x940 [ 120.390730] ? vmalloc_sync_all+0x30/0x30 [ 120.394855] ? _raw_spin_unlock_irq+0x27/0x70 [ 120.399337] ? finish_task_switch+0x1c1/0x7e0 [ 120.403814] ? syscall_return_slowpath+0x550/0x550 [ 120.408725] ? syscall_return_slowpath+0x2ac/0x550 [ 120.413638] ? prepare_exit_to_usermode+0x350/0x350 [ 120.418641] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 120.423987] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.428818] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.433988] RIP: 0033:0x454e79 [ 120.437161] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 120.444853] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 120.452107] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 2018/03/31 10:51:17 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 120.459359] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 120.466609] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 120.473863] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000000e [ 120.501148] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:17 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000bbcfaa40000000000000000000000013000000"], 0x1) 2018/03/31 10:51:17 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:17 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="000002000100000000000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 120.516412] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:17 executing program 6 (fault-call:10 fault-nth:15): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:17 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x0, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:17 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:17 executing program 4: r0 = memfd_create(&(0x7f0000000180)='%proclo^\x00', 0x1) sendmsg$rds(r0, &(0x7f0000000740)={&(0x7f00000001c0)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000200)=""/105, 0x69}, {&(0x7f0000000280)=""/87, 0x57}], 0x2, &(0x7f0000000600)=[@cswp={0x58, 0x114, 0x7, {{0x2}, &(0x7f0000000340)=0x2780, &(0x7f0000000380)=0x3, 0x1, 0xffff, 0x10000, 0x4, 0x64, 0xc0}}, @cswp={0x58, 0x114, 0x7, {{0x5, 0x80}, &(0x7f00000003c0)=0x3, &(0x7f0000000400)=0x8, 0x3, 0x3, 0xff, 0xfffffffffffffffd, 0x3}}, @cswp={0x58, 0x114, 0x7, {{0x5, 0x1}, &(0x7f0000000440)=0x5, &(0x7f0000000480)=0x3cd, 0x35e, 0x7, 0x80000000, 0x0, 0x40, 0x3}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f00000004c0)=""/236, 0xec}, &(0x7f00000005c0), 0x61}}], 0x138, 0x4000}, 0x40004) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000100)={0x10000, 0x4}) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) getsockopt$netlink(r2, 0x10e, 0xe, &(0x7f0000000780)=""/245, &(0x7f00000000c0)=0xf5) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r2, 0xc0105303, &(0x7f0000000080)={0x0, 0x3, 0x9}) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000980)=""/103) ioctl$sock_netrom_SIOCGSTAMP(r2, 0x8906, &(0x7f0000000140)) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f00000000c0)=ANY=[], 0x0) [ 120.653290] FAULT_INJECTION: forcing a failure. [ 120.653290] name failslab, interval 1, probability 0, space 0, times 0 [ 120.664618] CPU: 0 PID: 9502 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 120.671721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.681073] Call Trace: [ 120.683654] dump_stack+0x194/0x24d [ 120.687273] ? arch_local_irq_restore+0x53/0x53 [ 120.691943] should_fail+0x8c0/0xa40 [ 120.695647] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 120.700744] ? find_held_lock+0x35/0x1d0 [ 120.704797] ? find_held_lock+0x35/0x1d0 [ 120.708858] ? check_same_owner+0x320/0x320 [ 120.713160] ? inc_ucount+0x46c/0x9a0 [ 120.716944] ? rcu_note_context_switch+0x710/0x710 [ 120.721864] should_failslab+0xec/0x120 [ 120.725823] kmem_cache_alloc_trace+0x4b/0x740 [ 120.730388] ? _raw_spin_unlock_irq+0x27/0x70 [ 120.734867] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 120.739872] inc_ucount+0x4a4/0x9a0 [ 120.743480] ? save_stack+0x43/0xd0 [ 120.747088] ? kasan_slab_alloc+0x12/0x20 [ 120.751217] ? kmem_cache_alloc+0x12e/0x760 [ 120.755521] ? create_new_namespaces+0x88/0x880 [ 120.760178] ? retire_userns_sysctls+0x90/0x90 [ 120.764742] ? find_held_lock+0x35/0x1d0 [ 120.768794] ? find_held_lock+0x35/0x1d0 [ 120.772856] copy_pid_ns+0x231/0xc60 [ 120.780219] ? refcount_add+0x60/0x60 [ 120.784013] ? pidns_get+0x170/0x170 [ 120.787719] ? refcount_inc+0x1e/0x50 [ 120.791504] ? copy_ipcs+0xb3/0x520 [ 120.795113] ? ipcns_get+0xf0/0xf0 [ 120.798641] ? do_mount+0x2bb0/0x2bb0 [ 120.802431] ? copy_namespaces+0x1a3/0x400 [ 120.806652] create_new_namespaces+0x307/0x880 [ 120.811223] ? sys_ni_syscall+0x20/0x20 [ 120.815181] ? ns_capable_common+0xcf/0x160 [ 120.819488] copy_namespaces+0x340/0x400 [ 120.823534] ? create_new_namespaces+0x880/0x880 [ 120.828274] ? _raw_spin_unlock+0x22/0x30 [ 120.832413] copy_process.part.38+0x2380/0x4bd0 [ 120.837074] ? __cleanup_sighand+0x40/0x40 [ 120.841304] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 120.846480] ? __lock_acquire+0x664/0x3e00 [ 120.850696] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 120.855866] ? perf_trace_lock+0xd6/0x900 [ 120.860006] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 120.865180] ? perf_trace_lock+0xd6/0x900 [ 120.869307] ? mntput_no_expire+0x130/0xa90 [ 120.873617] ? trace_event_raw_event_lock+0x340/0x340 [ 120.878787] ? perf_trace_lock+0xd6/0x900 [ 120.882937] ? lock_acquire+0x1d5/0x580 [ 120.886893] ? trace_hardirqs_off+0x10/0x10 [ 120.891195] ? perf_trace_lock+0xd6/0x900 [ 120.895333] ? find_held_lock+0x35/0x1d0 [ 120.899385] ? perf_trace_lock+0xd6/0x900 [ 120.903520] ? trace_event_raw_event_lock+0x340/0x340 [ 120.908693] ? _parse_integer+0x140/0x140 [ 120.912828] ? trace_hardirqs_off+0x10/0x10 [ 120.917133] ? get_pid_task+0x93/0x140 [ 120.921005] ? perf_trace_lock+0xd6/0x900 [ 120.925144] ? find_held_lock+0x35/0x1d0 [ 120.929192] ? __f_unlock_pos+0x19/0x20 [ 120.933148] ? lock_downgrade+0x980/0x980 [ 120.937279] ? get_pid_task+0xbc/0x140 [ 120.941151] ? proc_fail_nth_write+0x9b/0x1d0 [ 120.945643] ? map_files_get_link+0x3a0/0x3a0 [ 120.950123] ? handle_mm_fault+0x35b/0xb10 [ 120.954348] _do_fork+0x1f7/0xf70 [ 120.957785] ? fork_idle+0x2d0/0x2d0 [ 120.961482] ? wait_for_completion+0x770/0x770 [ 120.966068] ? __sb_end_write+0xa0/0xd0 [ 120.970031] ? fput+0xd2/0x140 [ 120.973208] ? SyS_write+0x184/0x220 [ 120.976908] ? SyS_read+0x220/0x220 [ 120.980523] SyS_clone+0x37/0x50 [ 120.983874] ? sys_vfork+0x30/0x30 [ 120.987398] do_syscall_64+0x281/0x940 [ 120.991268] ? vmalloc_sync_all+0x30/0x30 [ 120.995397] ? _raw_spin_unlock_irq+0x27/0x70 [ 120.999873] ? finish_task_switch+0x1c1/0x7e0 [ 121.004353] ? syscall_return_slowpath+0x550/0x550 [ 121.009267] ? syscall_return_slowpath+0x2ac/0x550 [ 121.014176] ? prepare_exit_to_usermode+0x350/0x350 [ 121.019177] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 121.024530] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.029374] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 121.034545] RIP: 0033:0x454e79 [ 121.037714] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 121.045406] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 2018/03/31 10:51:17 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:17 executing program 5: socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000200180000fa03000000387a554b242c00f34947c968905aa662e2aeaab420fbe5d188cde57692be71873b085e052126ac71564ce18555d5cae1b0349553fdb6ba95bd3d"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:17 executing program 4: r0 = open(&(0x7f0000000040)='./file0\x00', 0x800, 0x42) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000180)={0x6, {{0xa, 0x4e23, 0xfffffffffffff39a, @mcast2={0xff, 0x2, [], 0x1}, 0x2}}}, 0x88) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000280)) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) fadvise64(r2, 0x0, 0x6c009a1f, 0x3) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000080)=0x5, &(0x7f0000000240)=0x1) [ 121.052659] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 121.059910] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 121.067160] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 121.074413] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000000f [ 121.218927] xprt_adjust_timeout: rq_timeout = 0! [ 121.232355] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:17 executing program 6 (fault-call:10 fault-nth:16): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:17 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:17 executing program 5: getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000380)={0x0}, &(0x7f00000003c0)=0x8) r1 = memfd_create(&(0x7f0000000400)='\x00', 0x2) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000440)={0x7ff, 0x8000000006, 0x40, 0x0, r0}, &(0x7f0000000140)=0xfffffffffffffeed) socket$inet6(0xa, 0x1001000000080001, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x2b, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000080)=0x0) timer_gettime(r2, &(0x7f0000000100)) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) r4 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000000)={&(0x7f0000a92000/0x3000)=nil, 0x3000}) ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:17 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:17 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000180)={0x0, {{0xa, 0x4e24, 0x92, @empty, 0x7fff}}, 0x1, 0x1, [{{0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, [], 0x18}, 0x2a902ddc}}]}, 0x110) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000040)={'HL\x00'}, &(0x7f0000000080)=0x1e) 2018/03/31 10:51:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={0x0, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:17 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x0, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:17 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 121.330592] FAULT_INJECTION: forcing a failure. [ 121.330592] name failslab, interval 1, probability 0, space 0, times 0 [ 121.341911] CPU: 0 PID: 9545 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 121.349015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.358375] Call Trace: [ 121.360968] dump_stack+0x194/0x24d [ 121.364591] ? arch_local_irq_restore+0x53/0x53 [ 121.369252] ? find_held_lock+0x35/0x1d0 [ 121.373313] should_fail+0x8c0/0xa40 [ 121.377028] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 121.382120] ? inc_ucount+0x204/0x9a0 [ 121.385905] ? lock_downgrade+0x980/0x980 [ 121.390048] ? find_held_lock+0x35/0x1d0 [ 121.394109] ? check_same_owner+0x320/0x320 [ 121.398416] ? rcu_note_context_switch+0x710/0x710 [ 121.403334] ? retire_userns_sysctls+0x90/0x90 [ 121.407911] should_failslab+0xec/0x120 [ 121.411872] kmem_cache_alloc+0x47/0x760 [ 121.415922] copy_pid_ns+0x257/0xc60 [ 121.419622] ? refcount_add+0x60/0x60 [ 121.423417] ? pidns_get+0x170/0x170 [ 121.427116] ? refcount_inc+0x1e/0x50 [ 121.430900] ? copy_ipcs+0xb3/0x520 [ 121.434510] ? ipcns_get+0xf0/0xf0 [ 121.438042] ? do_mount+0x2bb0/0x2bb0 [ 121.441834] ? copy_namespaces+0x1a3/0x400 [ 121.446056] create_new_namespaces+0x307/0x880 [ 121.450626] ? sys_ni_syscall+0x20/0x20 [ 121.454586] ? ns_capable_common+0xcf/0x160 [ 121.458897] copy_namespaces+0x340/0x400 [ 121.462943] ? create_new_namespaces+0x880/0x880 [ 121.467689] ? _raw_spin_unlock+0x22/0x30 [ 121.471825] copy_process.part.38+0x2380/0x4bd0 [ 121.476486] ? __cleanup_sighand+0x40/0x40 [ 121.480810] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 121.485989] ? __lock_acquire+0x664/0x3e00 [ 121.490209] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 121.495385] ? perf_trace_lock+0xd6/0x900 [ 121.499524] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 121.504697] ? perf_trace_lock+0xd6/0x900 [ 121.508827] ? mntput_no_expire+0x130/0xa90 [ 121.513132] ? trace_event_raw_event_lock+0x340/0x340 [ 121.518300] ? perf_trace_lock+0xd6/0x900 [ 121.522438] ? lock_acquire+0x1d5/0x580 [ 121.526395] ? trace_hardirqs_off+0x10/0x10 [ 121.530701] ? perf_trace_lock+0xd6/0x900 [ 121.534842] ? find_held_lock+0x35/0x1d0 [ 121.538889] ? perf_trace_lock+0xd6/0x900 [ 121.543033] ? trace_event_raw_event_lock+0x340/0x340 [ 121.548211] ? _parse_integer+0x140/0x140 [ 121.552350] ? trace_hardirqs_off+0x10/0x10 [ 121.556655] ? get_pid_task+0x93/0x140 [ 121.560528] ? perf_trace_lock+0xd6/0x900 [ 121.564662] ? find_held_lock+0x35/0x1d0 [ 121.568712] ? __f_unlock_pos+0x19/0x20 [ 121.572672] ? lock_downgrade+0x980/0x980 [ 121.576801] ? get_pid_task+0xbc/0x140 [ 121.580674] ? proc_fail_nth_write+0x9b/0x1d0 [ 121.585152] ? map_files_get_link+0x3a0/0x3a0 [ 121.589629] ? handle_mm_fault+0x35b/0xb10 [ 121.593852] _do_fork+0x1f7/0xf70 [ 121.597292] ? fork_idle+0x2d0/0x2d0 [ 121.600990] ? wait_for_completion+0x770/0x770 [ 121.605575] ? __sb_end_write+0xa0/0xd0 [ 121.609533] ? fput+0xd2/0x140 [ 121.612709] ? SyS_write+0x184/0x220 [ 121.616405] ? SyS_read+0x220/0x220 [ 121.620021] SyS_clone+0x37/0x50 [ 121.623373] ? sys_vfork+0x30/0x30 [ 121.626894] do_syscall_64+0x281/0x940 [ 121.630761] ? vmalloc_sync_all+0x30/0x30 [ 121.634889] ? _raw_spin_unlock_irq+0x27/0x70 [ 121.639375] ? finish_task_switch+0x1c1/0x7e0 [ 121.643857] ? syscall_return_slowpath+0x550/0x550 [ 121.648769] ? syscall_return_slowpath+0x2ac/0x550 [ 121.653689] ? prepare_exit_to_usermode+0x350/0x350 [ 121.658690] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 121.664046] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.668878] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 121.674050] RIP: 0033:0x454e79 [ 121.677221] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 121.684911] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 121.692170] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 121.699422] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 121.706682] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 121.713935] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000010 2018/03/31 10:51:18 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x0, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:18 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0xffd, 0x6, 0x40, 0x0, 0x0}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a93000/0x2000)=nil, 0x2000) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000080)={0x1, [0x9d4b]}, &(0x7f0000000100)=0x6) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r3 = open(&(0x7f0000000140)='./file0\x00', 0x14084, 0x0) recvfrom$inet(r2, &(0x7f0000000540)=""/244, 0xf4, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000200)={r0, 0x6, 0x4, 0x6712}, 0x10) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$RNDGETENTCNT(r3, 0x80045200, &(0x7f0000000000)) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000380)={0x75, {{0xa, 0x4e22, 0x3, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x691}}, {{0xa, 0x4e21, 0x6, @loopback={0x0, 0x1}, 0xfffffffffffffff9}}}, 0x108) [ 121.738532] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:18 executing program 4: socket$bt_bnep(0x1f, 0x3, 0x4) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:18 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:18 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x0, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:18 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x0, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:18 executing program 6 (fault-call:10 fault-nth:17): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 121.894674] FAULT_INJECTION: forcing a failure. [ 121.894674] name failslab, interval 1, probability 0, space 0, times 0 [ 121.906010] CPU: 1 PID: 9581 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 121.913110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.922457] Call Trace: [ 121.925049] dump_stack+0x194/0x24d [ 121.928672] ? arch_local_irq_restore+0x53/0x53 [ 121.933339] should_fail+0x8c0/0xa40 [ 121.937040] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 121.942127] ? trace_hardirqs_on+0xd/0x10 [ 121.946261] ? refcount_inc_not_zero+0xfe/0x180 [ 121.950923] ? find_held_lock+0x35/0x1d0 [ 121.955014] ? check_same_owner+0x320/0x320 [ 121.959330] ? refcount_inc+0x1e/0x50 [ 121.963121] ? rcu_note_context_switch+0x710/0x710 [ 121.968051] should_failslab+0xec/0x120 [ 121.972021] kmem_cache_alloc+0x47/0x760 [ 121.976071] ? copy_namespaces+0x1a3/0x400 [ 121.980297] alloc_pid+0xc1/0xa00 [ 121.983733] ? sys_ni_syscall+0x20/0x20 [ 121.987689] ? __change_pid+0x400/0x400 [ 121.991645] ? ns_capable_common+0xcf/0x160 [ 121.995953] ? copy_namespaces+0x1ee/0x400 [ 122.000171] ? memset+0x31/0x40 [ 122.003433] ? copy_thread_tls+0x268/0x8f0 [ 122.007657] copy_process.part.38+0x2516/0x4bd0 [ 122.012325] ? __cleanup_sighand+0x40/0x40 [ 122.016561] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 122.021754] ? __lock_acquire+0x664/0x3e00 [ 122.025971] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 122.031145] ? perf_trace_lock+0xd6/0x900 [ 122.035286] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 122.040462] ? perf_trace_lock+0xd6/0x900 [ 122.044594] ? mntput_no_expire+0x130/0xa90 [ 122.048906] ? trace_event_raw_event_lock+0x340/0x340 [ 122.054163] ? perf_trace_lock+0xd6/0x900 [ 122.058304] ? lock_acquire+0x1d5/0x580 [ 122.062264] ? trace_hardirqs_off+0x10/0x10 [ 122.066569] ? perf_trace_lock+0xd6/0x900 [ 122.070717] ? find_held_lock+0x35/0x1d0 [ 122.074766] ? perf_trace_lock+0xd6/0x900 [ 122.078900] ? trace_event_raw_event_lock+0x340/0x340 [ 122.085019] ? _parse_integer+0x140/0x140 [ 122.089163] ? trace_hardirqs_off+0x10/0x10 [ 122.093469] ? get_pid_task+0x93/0x140 [ 122.097338] ? perf_trace_lock+0xd6/0x900 [ 122.101471] ? find_held_lock+0x35/0x1d0 [ 122.105525] ? __f_unlock_pos+0x19/0x20 [ 122.109485] ? lock_downgrade+0x980/0x980 [ 122.113616] ? get_pid_task+0xbc/0x140 [ 122.117490] ? proc_fail_nth_write+0x9b/0x1d0 [ 122.121970] ? map_files_get_link+0x3a0/0x3a0 [ 122.126470] ? handle_mm_fault+0x35b/0xb10 [ 122.130697] _do_fork+0x1f7/0xf70 [ 122.134141] ? fork_idle+0x2d0/0x2d0 [ 122.137847] ? wait_for_completion+0x770/0x770 [ 122.142439] ? __sb_end_write+0xa0/0xd0 [ 122.146403] ? fput+0xd2/0x140 [ 122.149583] ? SyS_write+0x184/0x220 [ 122.153285] ? SyS_read+0x220/0x220 [ 122.156902] SyS_clone+0x37/0x50 [ 122.160252] ? sys_vfork+0x30/0x30 [ 122.163780] do_syscall_64+0x281/0x940 [ 122.167653] ? vmalloc_sync_all+0x30/0x30 [ 122.171783] ? _raw_spin_unlock_irq+0x27/0x70 [ 122.176265] ? finish_task_switch+0x1c1/0x7e0 [ 122.180752] ? syscall_return_slowpath+0x550/0x550 [ 122.185664] ? syscall_return_slowpath+0x2ac/0x550 [ 122.190578] ? prepare_exit_to_usermode+0x350/0x350 [ 122.195583] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 122.200936] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.205768] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 122.210944] RIP: 0033:0x454e79 [ 122.214116] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 122.222162] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 122.229429] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 122.236682] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 122.243935] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 122.251193] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000011 [ 122.321300] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:19 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x8000, 0x40, 0x1000000000000}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:19 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x12, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000dfdf873f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000040000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:19 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:19 executing program 6 (fault-call:10 fault-nth:18): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:19 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x0, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:19 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x0, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:19 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={0x0, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 122.391149] binder: undelivered death notification, 0000000000000000 [ 122.473996] FAULT_INJECTION: forcing a failure. [ 122.473996] name failslab, interval 1, probability 0, space 0, times 0 [ 122.485662] CPU: 1 PID: 9605 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 122.492745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.502083] Call Trace: [ 122.504660] dump_stack+0x194/0x24d [ 122.508271] ? arch_local_irq_restore+0x53/0x53 [ 122.512950] should_fail+0x8c0/0xa40 [ 122.516647] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 122.521732] ? radix_tree_clear_tags+0xb0/0xb0 [ 122.526299] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 122.531475] ? lock_downgrade+0x980/0x980 [ 122.535608] ? print_irqtrace_events+0x270/0x270 [ 122.540346] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 122.545346] ? trace_hardirqs_off+0x10/0x10 [ 122.549647] ? trace_hardirqs_off+0x10/0x10 [ 122.553946] ? trace_hardirqs_off+0x10/0x10 [ 122.558248] ? print_irqtrace_events+0x270/0x270 [ 122.563005] should_failslab+0xec/0x120 [ 122.566957] kmem_cache_alloc+0x47/0x760 [ 122.571000] ? radix_tree_node_alloc.constprop.19+0x2d0/0x2d0 [ 122.576869] radix_tree_node_alloc.constprop.19+0x1b4/0x2d0 [ 122.582565] idr_get_free+0x9d0/0xfd0 [ 122.586350] ? radix_tree_clear_tags+0xb0/0xb0 [ 122.590916] ? unwind_get_return_address+0x61/0xa0 [ 122.595829] ? __save_stack_trace+0x7e/0xd0 [ 122.600138] ? save_stack+0xa3/0xd0 [ 122.603751] ? save_stack+0x43/0xd0 [ 122.607356] ? kasan_kmalloc+0xad/0xe0 [ 122.611222] ? kasan_slab_alloc+0x12/0x20 [ 122.615359] ? kmem_cache_alloc+0x12e/0x760 [ 122.619750] ? alloc_pid+0xc1/0xa00 [ 122.623380] ? copy_process.part.38+0x2516/0x4bd0 [ 122.628199] ? _do_fork+0x1f7/0xf70 [ 122.631811] ? SyS_clone+0x37/0x50 [ 122.635345] ? do_syscall_64+0x281/0x940 [ 122.639473] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 122.644819] ? refcount_inc_not_zero+0xfe/0x180 [ 122.649476] ? find_held_lock+0x35/0x1d0 [ 122.653528] idr_alloc_u32+0x1b2/0x390 [ 122.658003] ? __fprop_inc_percpu_max+0x2a0/0x2a0 [ 122.662825] ? lock_acquire+0x1d5/0x580 [ 122.666775] ? alloc_pid+0x22e/0xa00 [ 122.670468] ? rcu_pm_notify+0xc0/0xc0 [ 122.674338] idr_alloc_cyclic+0x15a/0x320 [ 122.678464] ? idr_alloc+0x180/0x180 [ 122.682153] ? copy_namespaces+0x1a3/0x400 [ 122.686363] ? __radix_tree_preload+0x133/0x1c0 [ 122.691010] alloc_pid+0x2ad/0xa00 [ 122.694530] ? __change_pid+0x400/0x400 [ 122.698477] ? ns_capable_common+0xcf/0x160 [ 122.702783] ? memset+0x31/0x40 [ 122.706044] ? copy_thread_tls+0x268/0x8f0 [ 122.710261] copy_process.part.38+0x2516/0x4bd0 [ 122.714915] ? __cleanup_sighand+0x40/0x40 [ 122.719133] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 122.724301] ? __lock_acquire+0x664/0x3e00 [ 122.728514] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 122.733681] ? environ_open+0x80/0x80 [ 122.737464] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 122.742628] ? __lock_acquire+0x664/0x3e00 [ 122.746843] ? mntput_no_expire+0x130/0xa90 [ 122.751144] ? print_irqtrace_events+0x270/0x270 [ 122.755876] ? trace_hardirqs_off+0x10/0x10 [ 122.760179] ? lock_acquire+0x1d5/0x580 [ 122.764130] ? trace_hardirqs_off+0x10/0x10 [ 122.768430] ? trace_hardirqs_off+0x10/0x10 [ 122.772731] ? __lock_acquire+0x664/0x3e00 [ 122.776939] ? check_same_owner+0x320/0x320 [ 122.781239] ? find_held_lock+0x35/0x1d0 [ 122.785284] ? _parse_integer+0xe9/0x140 [ 122.789331] ? trace_hardirqs_off+0x10/0x10 [ 122.793638] ? _parse_integer+0x140/0x140 [ 122.797768] ? trace_hardirqs_off+0x10/0x10 [ 122.802068] ? get_pid_task+0x93/0x140 [ 122.805935] ? lock_downgrade+0x980/0x980 [ 122.810062] ? find_held_lock+0x35/0x1d0 [ 122.814102] ? __f_unlock_pos+0x19/0x20 [ 122.818053] ? lock_downgrade+0x980/0x980 [ 122.822175] ? get_pid_task+0xbc/0x140 [ 122.826040] ? proc_fail_nth_write+0x9b/0x1d0 [ 122.830512] ? map_files_get_link+0x3a0/0x3a0 [ 122.834983] ? handle_mm_fault+0x35b/0xb10 [ 122.839196] _do_fork+0x1f7/0xf70 [ 122.842632] ? fork_idle+0x2d0/0x2d0 [ 122.846325] ? wait_for_completion+0x770/0x770 [ 122.850887] ? __lock_is_held+0xb6/0x140 [ 122.854931] ? __sb_end_write+0xa0/0xd0 [ 122.858881] ? fput+0xd2/0x140 [ 122.862051] ? SyS_write+0x184/0x220 [ 122.865750] ? SyS_read+0x220/0x220 [ 122.869360] SyS_clone+0x37/0x50 [ 122.872704] ? sys_vfork+0x30/0x30 [ 122.876227] do_syscall_64+0x281/0x940 [ 122.880106] ? vmalloc_sync_all+0x30/0x30 [ 122.884240] ? _raw_spin_unlock_irq+0x27/0x70 [ 122.889769] ? finish_task_switch+0x1c1/0x7e0 [ 122.894265] ? syscall_return_slowpath+0x550/0x550 [ 122.899176] ? syscall_return_slowpath+0x2ac/0x550 [ 122.904085] ? prepare_exit_to_usermode+0x350/0x350 [ 122.909085] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 122.914432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.919258] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 122.924446] RIP: 0033:0x454e79 [ 122.927611] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 122.935301] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 122.942552] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 122.949804] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 122.957053] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 122.964303] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000012 2018/03/31 10:51:19 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet6_icmp(0xa, 0x2, 0x3a, &(0x7f00000000c0)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x900, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) r2 = dup(r1) ioctl$KVM_GET_TSC_KHZ(r2, 0xaea3) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYPTR, @ANYRES32=r1, @ANYPTR64, @ANYPTR64, @ANYPTR64, @ANYBLOB="d8f863739979b00b7ffc4cc177007218462ee503b73836a0f501711c3fb5ba10dc7230cc45acf1f45d7bb265e2d9fd0c97a1311128ae4949135654c0d0f2f750141c1345f5cb62d6ca0c5034094dec36ff7f907def9a62ccd3221e952c9efb69935ef9aba5f3fe323b1bb21595ce31cb5f343bde78f0722a59cf2bedf0d0223d5fab98dad558df338aa94e7e25d07c8250789c70ec624dec76f7e8ca6b13b69cf4068dea1fde8fa3e8f8e97195019a37df560023753f4222113ffafdad2bace02c617620ce45dd906fc5e2d70707f2851dee68b364293c68ad58e182baf3b28bbb122abb084fe1b39923eade2cff6f2f4873a79b5170d72f497b2b28d30ec646e755781bd9ca76eb70a532e8373a9f75038e9db82f81c7273f18429554fb08561cb242d7314a8213b70b8cbb6551626a7137b3192df945d7e660d24396a7ac2bfc1285b12af067064fb2f6501150afa05d243ff03c7deb9bdd49a6b75dfbe0cab4e5add83449baacc7772debe5c94a5e1828c62741dc0885ab821796ae9a11a8bba469204bda1d25a2e053f4b263352c9a5e868b3ea2eab953e64da655ec2f318414abbb2b85629923c10f36d184efe8ec313330b05dde9e6a7379dc1399dba359384905c51e5473a16da532ba19b6712e17533a5fc7db78708fd7c873c6132ad9fe5bd1ba3ffedbddfaf1c3f4de6d2a69b8bfcc9f6d15c1016ad7174c8923ef4f29a1ecfc0d25680df8011a98f1ce348acedaab3b45a39da68dd6071ae7517a928ff12d3e57b2af5c982d6ae22a1a3104bf02f3fcbb7af14808a04c9cf1fa29f04b757f745c0bf3d2fc7a86aca70d0802ef7dbc2c4d37124fa7c9824784d18799c097d969ec896a98290a1db8d01326f899e865106beab0ae38946ca0a0da27d049f50cd332d165015de8fa6faca7a94aedb691cf9424317cf7a123e7aab44948ada47c56a078b4c5a31a57f342222eb114919a568d5236bb42573bd5cdee8246e5ddd923ae8f19b91d880eab45653ad79417c1f63848ae42cc5a9603dd57151cc7f128933ffb6521be0dfd99f04963a3756e4833082b75d3c6c45cd6ab7b6131f7a2deaa2f11fdb9eadc6c18e7c103454f4c162b3e3037a708f5ae4644d2fa9500eea8f119d612628964de0f0c6c6e68fb4355577abf60073d1be75d95b6d6442f7b0a42de6f131432e7cc4b0b20429c97e6c6f04c8c556ffd254d9572edf45d7a0a5687a339a8b8818f01bde6fad4163679c75a3114c883dabf5f19c12730d93b7119af937ea2bc3af4fabe020a4b5e846222051809b7c5d3a17ea11cd7a3bbd09fe081369a74e37247b374964a116d889de0f9423c56fe6c5b7853d40cd7135fedc5e4103a19aee82d3c05202c06aa0d0d1eb62c343b9cd0b337a9bcee21df40b5629c135eea8e96c10cfa3809f274a3522fca7df94e4c6f6562e9c821cd784e319acd95a14f36e2fd96e1c59368936428523c89cd7b7032c7f006f38a1a3c8f55123580b1d1a44d3ab0c8fcb60112e93b4e70cc9246a23a52d8a42237466dc4ccfd9456559d5af90110c6cbc0208f03fb1b78589f707eec4933566ffb706c3d84e3d415b4994e7118bd3f64a778c33726469c2a41df358f89a9e80f618c630764b71e0de07061b045a28a33f22cefdc2e6ed52984c7ab5d8691ebb82bfa96d303d77f110cdbb33f5a4d26ae24da93388dcc2eb949e91bacf58f38451ee3d2056107cd82add47f098a144867fb0571fbc4fe30cfc1e8524255cddcdf47fc4f9f19e0518791359984ca23e45065380f95d284f6c145dbe230b9a8b6af8152a0181fa9d04232bff267c758a40cf7d2e209e887281fcb5d928d1dd264cf47d94d703e4b01cba38698f94172356c2e62ae53514b4b7d2ef49dffe43d8d2011d3c80311ce8e6b32b405af37ebc8ed86dabcdc0d0006c0cb29641e55d7bb412df11731e2a64a8956595b5a59621a177341c0b954af21044d5ca244205e02115f3d78b1e01760733da3699a6d98b6547dca88a65dbb32de6de7ae7d97a338400a375b6be7714c453d99fa922ad29d0cfbc8927d9af3240b677cd9d88df0c013a381549d8f146f6761026babadb375321935194bccbc38e24b30af3f69a3d56f97d540e2157492af717d23463c13cfe72aa680b2c11ff95a3f57083a036c3fbbf32109ae7654bb9135284e29e42e3f01c0efda3ef918eb0c98302b4ddf1a2db1e30a32cfcfcc9862397945bfca22f290d5f2e75a8ff47835063f574c31ea2e238d0da364b5ed5faa68bd8a5f0bde75971386761a33db4c87ba7e246a1221b4eabbfe28ed76da95a710020b61b5379d4ea9c1563f841e301705c78c234b5f56a532afd016cc8a30d3d5f2a9dcf4e95bb8137126b4ff51e4f3badfdebb7212bbed9bea8e54a4f211887cc7e0af8d5d6ef860993a578760caecb6bb8644c68042987d670516606e09d8a5b5edf196cc55678b66b97be42c3eb0479791f45495c2d6bf7d3c7d03ebc91853ade1f4e2f3d7c89c87b16f50eb9d17771ddaaad828ccfbe2c17a848a40310536f2976387291b64958659967aa50d057b50d543b81c745ee493f43c46c79b99e0183ab661288128b65406f6ceff9b594b8bbc9b8da7013a8d2591003be07c0a6ba0c42270153a945c9da275e8acaea4854bee4407c28df6e9b39e95c4041e7e46ace5ebc3b72eabbd9d0711749ffa6104a29028331906e528f731948b85e9d39e9ec1cd9581cb8407e002216117085ec873f18d1a82096d8bdb7537828ebd17a7bf8f15a73b0041c857c69b54aab3ddb1e1e63687489f9be978ca1c0100e920451116dfa6e098b5d93d215ac68272573447f90d5098deb4a504189993459f7c54b132fe8c0bea40a04724993935ca3600012a78971a34e1fff7f298e19d31dbb171b0047d7535c8c3743e1478ae4c98810fcb2553483dbfe5ea24e9aaea0c6f07e6fb83f62e4f8d93fedec1f97ea9e7c99058a359379819fdf7371c6a60af0dd66fd1f8af5d8e2ce00ed75320353abb6173dac88fafd12eb5654b19c9a43ee4cdd474d27346c44ee5c4f298aeaf10b7af72fac506f06811b6ef6cd6dd0c0133db4a625a4b26a9dcd70f52c18903bbf013f5ebf2b8c4a45991aa44b80fc1c2711c53d2fd6c8f191df301f6a913ce157796cb2aa1375c25bb3ff0453d76ea52c3dfbc429b6d2596495c3fb84f3a2de9efe8d134613efc85ca64aa53ede4f6564749de23eef6ab51f226cbb818eb7738595c326da51148f8862a2f9cc98c4abd46fde1b1b7d60612957a394e7af8ac89e79737b57685bf0db230c98b9f838186f14d6f0161f1a8b0c9259e650915e99a540699da5019b9050f0bcf7be2acc297fc94aa843a9730ff34a0af6788070878262bb11aaa217c5870ed5b926194523b71aef9d762f2aa1366b40ffbc6bed6a9b934a2172defe7a5a8e1da00385f4949f1d0ea285ced88191e66bce53bd679664dbe97e5ef014c60370169108ea1050e2690d8185b08f25801f6341f2d64be6648bc0a98d9c0f98602d09197baad314d5c247bb7ee586507e2584701b9dc714c566670e576b5740bbe418ed443d52401888ea99fcae20a818dab66ccb505ed551eba3a6b3d700018dccd9b033ba6a88edf19eb4815e01189c0ddf1cbf0743f286e27e41739ff76a2fb0d45564c4be2cdcff9ad175b571e74e7ef51245122f5d8bb39477c52fad05d55ce3d38f84eb565ef053898675b04f9a6563069b51776f998febe231c54cb11ff2b9347482538e32997dbb6971f56441ce52c700a0fe1eabc81791e2baa2f69f951d9f8a6b0cb45b19f30260e5c3f7538a7c09bf9b708301281288d829385a116159ed8509c86873dbd9090944c90784145d9bd30c3dcc1709a6ba0a70bd9210e67424de8d2a2a2331c31dd0b2084476cc6c329456abde9fdcf1f41bddec077bed1c51edfc6dea527a0c8ca309d5f50e3ce934f5d479015157e799c578f87641337f01edc76c75e72728d38d7cd891d0bdec444160abb1f24ab438c7f7105ccc9b1222f42dbc602082b6a7f855f96bfff3bc594917a35d2b5a02d0f5658dde9d892433f0948783d22995d3573fe4bc2832186562370870ec12173dda9af548a24d5f2f9f5ffd5bdf779b076fa2266608c397a0d40f4af207a614d523b562c0874e570cbf38c95d2382c83db10d35bf98f97b7e20e8f4a1f4c4b79803fc7614e800823a248bc4e05c5bd066224b393ba42c57c26e05814acb3eed73ab111a400669cd73a5183fe4d6f6971cd93521e40d51d63080bbf7c5cd7d6335ecdf3c52d2946c7fb888eb3afb9e7f87b2e46f8dfde7ab700f5592c2c64bf86b7cc7dfd96524cde21f16355b7a6ed96d4a44ae8895b47571e839add101a7d0a66f8d1548bee9d767ef148581844a06231e4e579e82510b3dc0cb3271d687811e134f96a54008d0f096ab57cbe605e3ff8f260da6a953f5ff844f69e96f85c059ba5741728901f24c2fccbff6728ac6a88beba38156716a1e36e352843e4db91ea7570c4626ed18fc75923c17e192878a8a95aca14f8c60ac2ede865500c80a9d5d5e131b1c7cdcfb031c4f5392585e3e1dc43c007a4b072d8babfb5e60383e123b7efc492e5d50dc54c193c3e448fa56e5a0855c0e6920ce249326ebbcfe9889c78c3bc1891af1609b8d6052dfb07fd42ba0c68fed4e9e2c1b291bfc630e1747a0eb4e80ff47c53079d7be16ae9f44f1b035cf63edb2b090fe5cd25c552118e3edf7d6bf6f09d953ff0263d112c4b5a16877c18c052b1c7bbe9af3155e863e12010a55c37b9ea2f93a3ea584ebe3143427e934a4d2394dd6d51faca913cd9fa978779c5eda1865e3b6f0c5411098595dd682e91230754633bccb8eb24126c39eaf9c38702c78a45e3be3537306f4f5a17490b30c49d346520428ff5771f4737ce018643a2a73b05130b662587ea69b51cd421a3b4d24e23f320b8d3b65b99638d9131cee4dd97aa68d88f7cac60b4fadb451d5050cb60e34ebafc39b69f91e1e1c48710caa6565e006edf05a6e752c49870d4bc4caf4892259903f6527975883c0a1c5be906f78c2a7e019684843744992da26e2ad571a3345fb1279458c02f012ca85d5cdbb3665b92e31b952fc3df2190febd411454a5a0ff6c8214e860aa27094daa42071aad504a9d5eea3ce0de106709843bb171eb24edd017bc0e44e80fbf7b2a9d9a01b6ced1a7b2717f010000006f022034f8a4e1d64c1c6e8e13ec8daebcba80c07dd3558324d12fc5759d1ecf73acac137a675196e552a0a880308f11b3603051ad3dcfd6be4d55d55f3f292fdbf1d9e206334a09a9fd1ee4ef045a90eb4934d4f71020be201ffb63c6212147c94636fa7e7a189d00d36187f29e6f4c0a80be225b283c717c7b53df173a8b3b8e9b0890b0184ce8d430112691289a79a18583197ff9c4e98e3c1cd75c566580ca23ff9a78d046e933e89a08655afb89f23454ffe236f04d9cef6c23fd2f8a09816943efe896b08e009fea7eb76058e44c164ff02a5d5d77059a7e1ce5a26534724b7e2be9dc60e109638fccb15bedc54f1879b70578889fce3a00b15e60ec6cb6ba05c8a4109b9cf76d04820d118d1c4c66f3bdc9389508135d48bae92a730ac77d0d328838bc05b47ab993a696aec32caa6597420e0a3cef3410d2ebc3ae235b0183c52f1b8fcaa050892fd0f6c7a3f4c8925f4041a2565eba06a379cc6d89220e50883832ddd8aa4432679db01be5cfcc0dc04061384dd53042b0e209e77b7cce1ef2877c6acc66f39a9a17e63b117f31424496c4"]]], 0x1) socket$inet6_sctp(0xa, 0x5, 0x84) 2018/03/31 10:51:19 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:19 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:19 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:19 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x0, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 123.008632] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:19 executing program 6 (fault-call:10 fault-nth:19): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:19 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:19 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(0xffffffffffffffff) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 123.123798] xprt_adjust_timeout: rq_timeout = 0! [ 123.213176] FAULT_INJECTION: forcing a failure. [ 123.213176] name failslab, interval 1, probability 0, space 0, times 0 [ 123.224506] CPU: 1 PID: 9649 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 123.231611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.235369] xprt_adjust_timeout: rq_timeout = 0! [ 123.240960] Call Trace: [ 123.240983] dump_stack+0x194/0x24d [ 123.240999] ? arch_local_irq_restore+0x53/0x53 [ 123.241021] should_fail+0x8c0/0xa40 [ 123.241034] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 123.241048] ? trace_hardirqs_off+0x10/0x10 [ 123.241063] ? print_irqtrace_events+0x270/0x270 [ 123.274449] ? __lock_is_held+0xb6/0x140 [ 123.278496] ? find_held_lock+0x35/0x1d0 [ 123.282547] ? check_same_owner+0x320/0x320 [ 123.286862] ? idr_get_free+0x64e/0xfd0 [ 123.290828] ? rcu_note_context_switch+0x710/0x710 [ 123.295756] should_failslab+0xec/0x120 [ 123.299718] kmem_cache_alloc+0x47/0x760 [ 123.303760] ? replace_slot+0x12b/0x500 [ 123.307731] ? unwind_get_return_address+0x61/0xa0 [ 123.312656] alloc_vfsmnt+0xe0/0x9c0 [ 123.316354] ? mnt_free_id.isra.21+0x50/0x50 [ 123.320748] ? perf_trace_lock+0xd6/0x900 [ 123.324884] ? save_stack+0xa3/0xd0 [ 123.328494] ? trace_event_raw_event_lock+0x340/0x340 [ 123.333666] ? kasan_slab_alloc+0x12/0x20 [ 123.337794] ? alloc_pid+0xc1/0xa00 [ 123.341404] ? __radix_tree_replace+0x1af/0x310 [ 123.346055] ? trace_hardirqs_off+0x10/0x10 [ 123.350356] ? radix_tree_delete+0x30/0x30 [ 123.354568] ? node_tag_clear+0xf2/0x180 [ 123.358610] ? radix_tree_iter_tag_clear+0x97/0xd0 [ 123.363515] ? radix_tree_iter_replace+0x4c/0x60 [ 123.368265] ? find_held_lock+0x35/0x1d0 [ 123.372318] ? alloc_pid+0x2bc/0xa00 [ 123.376015] vfs_kern_mount.part.26+0x84/0x4a0 [ 123.380602] ? may_umount+0xa0/0xa0 [ 123.384223] ? idr_alloc_cyclic+0x1d6/0x320 [ 123.388550] ? do_raw_spin_trylock+0x190/0x190 [ 123.393129] ? idr_alloc+0x180/0x180 [ 123.396833] kern_mount_data+0x50/0xb0 [ 123.400701] pid_ns_prepare_proc+0x1e/0x80 [ 123.404918] alloc_pid+0x87e/0xa00 [ 123.408445] ? __change_pid+0x400/0x400 [ 123.412407] ? ns_capable_common+0xcf/0x160 [ 123.416710] ? memset+0x31/0x40 [ 123.419969] ? copy_thread_tls+0x268/0x8f0 [ 123.424185] copy_process.part.38+0x2516/0x4bd0 [ 123.428836] ? __cleanup_sighand+0x40/0x40 [ 123.433056] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 123.438236] ? __lock_acquire+0x664/0x3e00 [ 123.442449] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 123.447616] ? perf_trace_lock+0xd6/0x900 [ 123.451750] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 123.456919] ? perf_trace_lock+0xd6/0x900 [ 123.461050] ? trace_event_raw_event_lock+0x340/0x340 [ 123.466224] ? perf_trace_lock+0xd6/0x900 [ 123.470354] ? lock_acquire+0x1d5/0x580 [ 123.474306] ? trace_hardirqs_off+0x10/0x10 [ 123.478606] ? perf_trace_lock+0xd6/0x900 [ 123.482737] ? find_held_lock+0x35/0x1d0 [ 123.486781] ? perf_trace_lock+0xd6/0x900 [ 123.490922] ? trace_event_raw_event_lock+0x340/0x340 [ 123.496098] ? _parse_integer+0x140/0x140 [ 123.500227] ? trace_hardirqs_off+0x10/0x10 [ 123.504527] ? get_pid_task+0x93/0x140 [ 123.508392] ? perf_trace_lock+0xd6/0x900 [ 123.512519] ? find_held_lock+0x35/0x1d0 [ 123.516561] ? __f_unlock_pos+0x19/0x20 [ 123.520511] ? lock_downgrade+0x980/0x980 [ 123.524636] ? get_pid_task+0xbc/0x140 [ 123.528505] ? proc_fail_nth_write+0x9b/0x1d0 [ 123.532983] ? map_files_get_link+0x3a0/0x3a0 [ 123.537457] ? handle_mm_fault+0x35b/0xb10 [ 123.541676] _do_fork+0x1f7/0xf70 [ 123.545108] ? fork_idle+0x2d0/0x2d0 [ 123.548799] ? wait_for_completion+0x770/0x770 [ 123.553368] ? __sb_end_write+0xa0/0xd0 [ 123.557321] ? fput+0xd2/0x140 [ 123.560491] ? SyS_write+0x184/0x220 [ 123.564185] ? SyS_read+0x220/0x220 [ 123.567790] SyS_clone+0x37/0x50 [ 123.571134] ? sys_vfork+0x30/0x30 [ 123.574662] do_syscall_64+0x281/0x940 [ 123.578538] ? vmalloc_sync_all+0x30/0x30 [ 123.582669] ? _raw_spin_unlock_irq+0x27/0x70 [ 123.587144] ? finish_task_switch+0x1c1/0x7e0 [ 123.591617] ? syscall_return_slowpath+0x550/0x550 [ 123.596524] ? syscall_return_slowpath+0x2ac/0x550 [ 123.601429] ? prepare_exit_to_usermode+0x350/0x350 [ 123.606425] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 123.611772] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.616598] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 123.621766] RIP: 0033:0x454e79 [ 123.624931] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 123.632616] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 123.639862] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 123.647110] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 123.654355] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 123.661600] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000013 [ 123.679085] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:20 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) msgget(0x0, 0x112) 2018/03/31 10:51:20 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[], 0x0) 2018/03/31 10:51:20 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x0, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:20 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:20 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(0xffffffffffffffff) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:20 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:20 executing program 6 (fault-call:10 fault-nth:20): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 124.107596] FAULT_INJECTION: forcing a failure. [ 124.107596] name failslab, interval 1, probability 0, space 0, times 0 [ 124.118943] CPU: 1 PID: 9664 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 124.126048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.135399] Call Trace: [ 124.137975] dump_stack+0x194/0x24d [ 124.141581] ? arch_local_irq_restore+0x53/0x53 [ 124.146234] should_fail+0x8c0/0xa40 [ 124.149934] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 124.155028] ? trace_event_raw_event_lock+0x340/0x340 [ 124.160198] ? find_held_lock+0x35/0x1d0 [ 124.164252] ? check_same_owner+0x320/0x320 [ 124.168553] ? sget_userns+0x27d/0xe40 [ 124.172422] ? rcu_note_context_switch+0x710/0x710 [ 124.177333] should_failslab+0xec/0x120 [ 124.181288] kmem_cache_alloc_trace+0x4b/0x740 [ 124.185854] ? check_same_owner+0x320/0x320 [ 124.190156] sget_userns+0x2a3/0xe40 [ 124.193845] ? set_anon_super+0x20/0x20 [ 124.197885] ? put_filp+0x90/0x90 [ 124.201316] ? __alloc_pages_nodemask+0xabe/0xdd0 [ 124.206140] ? destroy_unused_super.part.6+0xd0/0xd0 [ 124.211227] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 124.216222] ? perf_trace_lock+0xd6/0x900 [ 124.220359] ? save_stack+0xa3/0xd0 [ 124.223966] ? trace_event_raw_event_lock+0x340/0x340 [ 124.229134] ? kasan_slab_alloc+0x12/0x20 [ 124.233262] ? alloc_pid+0xc1/0xa00 [ 124.236871] ? __radix_tree_replace+0x1af/0x310 [ 124.241519] ? trace_hardirqs_off+0x10/0x10 [ 124.245825] ? radix_tree_delete+0x30/0x30 [ 124.250058] ? node_tag_clear+0xf2/0x180 [ 124.254113] ? proc_get_inode+0x620/0x620 [ 124.258245] mount_ns+0x6d/0x190 [ 124.261591] proc_mount+0x7a/0x90 [ 124.265027] mount_fs+0x66/0x2d0 [ 124.268375] vfs_kern_mount.part.26+0xc6/0x4a0 [ 124.272936] ? may_umount+0xa0/0xa0 [ 124.276542] ? idr_alloc_cyclic+0x1d6/0x320 [ 124.280841] ? do_raw_spin_trylock+0x190/0x190 [ 124.285398] ? idr_alloc+0x180/0x180 [ 124.289089] kern_mount_data+0x50/0xb0 [ 124.292953] pid_ns_prepare_proc+0x1e/0x80 [ 124.297163] alloc_pid+0x87e/0xa00 [ 124.300690] ? __change_pid+0x400/0x400 [ 124.304640] ? ns_capable_common+0xcf/0x160 [ 124.308940] ? memset+0x31/0x40 [ 124.312194] ? copy_thread_tls+0x268/0x8f0 [ 124.316414] copy_process.part.38+0x2516/0x4bd0 [ 124.321072] ? __cleanup_sighand+0x40/0x40 [ 124.325302] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 124.330661] ? __lock_acquire+0x664/0x3e00 [ 124.334884] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 124.340056] ? perf_trace_lock+0xd6/0x900 [ 124.344192] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 124.349360] ? perf_trace_lock+0xd6/0x900 [ 124.353484] ? mntput_no_expire+0x130/0xa90 [ 124.357788] ? trace_event_raw_event_lock+0x340/0x340 [ 124.362956] ? perf_trace_lock+0xd6/0x900 [ 124.367084] ? lock_acquire+0x1d5/0x580 [ 124.371035] ? trace_hardirqs_off+0x10/0x10 [ 124.375335] ? perf_trace_lock+0xd6/0x900 [ 124.379467] ? find_held_lock+0x35/0x1d0 [ 124.383508] ? perf_trace_lock+0xd6/0x900 [ 124.387642] ? trace_event_raw_event_lock+0x340/0x340 [ 124.392824] ? _parse_integer+0x140/0x140 [ 124.396964] ? trace_hardirqs_off+0x10/0x10 [ 124.401276] ? get_pid_task+0x93/0x140 [ 124.405141] ? perf_trace_lock+0xd6/0x900 [ 124.409271] ? find_held_lock+0x35/0x1d0 [ 124.413313] ? __f_unlock_pos+0x19/0x20 [ 124.417268] ? lock_downgrade+0x980/0x980 [ 124.421394] ? get_pid_task+0xbc/0x140 [ 124.425263] ? proc_fail_nth_write+0x9b/0x1d0 [ 124.429739] ? map_files_get_link+0x3a0/0x3a0 [ 124.434212] ? handle_mm_fault+0x35b/0xb10 [ 124.438430] _do_fork+0x1f7/0xf70 [ 124.441863] ? fork_idle+0x2d0/0x2d0 [ 124.445557] ? wait_for_completion+0x770/0x770 [ 124.450127] ? __sb_end_write+0xa0/0xd0 [ 124.454082] ? fput+0xd2/0x140 [ 124.457253] ? SyS_write+0x184/0x220 [ 124.460945] ? SyS_read+0x220/0x220 [ 124.464554] SyS_clone+0x37/0x50 [ 124.467897] ? sys_vfork+0x30/0x30 [ 124.471419] do_syscall_64+0x281/0x940 [ 124.475282] ? vmalloc_sync_all+0x30/0x30 [ 124.479410] ? _raw_spin_unlock_irq+0x27/0x70 [ 124.483888] ? finish_task_switch+0x1c1/0x7e0 [ 124.488361] ? syscall_return_slowpath+0x550/0x550 [ 124.493357] ? syscall_return_slowpath+0x2ac/0x550 [ 124.498269] ? prepare_exit_to_usermode+0x350/0x350 [ 124.503266] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 124.508609] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 124.513433] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 124.518617] RIP: 0033:0x454e79 [ 124.521786] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 124.529474] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 124.536724] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 124.543974] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 124.551222] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 2018/03/31 10:51:21 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysfs$3(0x3) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) [ 124.558470] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000014 [ 124.594215] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:21 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x0, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:21 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) ioctl$int_in(r0, 0x5473, &(0x7f0000000000)) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) getsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f0000000040)=0x200, &(0x7f0000000080)=0x4) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) flistxattr(r0, &(0x7f0000000100)=""/113, 0x71) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a93000/0x2000)=nil, 0x2000, 0x2) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:21 executing program 4: sysfs$1(0x1, &(0x7f0000000040)='.cgroupvmnet0security*\x00') r0 = socket$inet6_sctp(0xa, 0x10000005, 0x84) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x20c004, 0x0) accept4$ax25(r1, &(0x7f00000000c0), &(0x7f0000000100)=0x10, 0x80000) r2 = add_key(&(0x7f0000000140)='id_resolver\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000001c0)="45eae14bab53d9eb774a44d4ee0a79b88bedd848eb08600274498c74a299b4ef677385d64ddf34dc21aac66299e6ca09f6f0b8abc4f6ca3641695a32a1f126a6273babefd3646e93609a8ec026aec0c53d5c0112380ec7b8318d6fe47d835a10a84f66546e224aa5df4ea3fae6b48768c102f49d215095b1fceb4df84ad5025eaaed825fa1321ba4b87cb47ff0b0c5bdab7b9b2846cc2ea7163fff423e324b7a0cf13f39965271404af60b0ff765b317e23431fc9cb5549365eb4378c4c64b2c7ab42f8972f60833fde0683a6cc61495ce9687930c2394940604c109b8e26f38e5ee4ed6f79f0549ffc8", 0x39a, 0xfffffffffffffffa) keyctl$clear(0x7, r2) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000002c0)=ANY=[], 0x0) [ 124.606943] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:21 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x0, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:21 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(0xffffffffffffffff) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:21 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x0, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 124.755613] xprt_adjust_timeout: rq_timeout = 0! [ 124.770674] xprt_adjust_timeout: rq_timeout = 0! [ 125.015669] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:21 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:21 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES64=r0, @ANYRES32=r0, @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="7ca380a0e8f95e6a1d89672aa637d15bea382e2fc819be442c6d6e", @ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYBLOB="c42247f5f070ef64f928f1eb80edeb44b2f2d98989fcb4393f8eccc7229c6f00b63707ab68503d404df95cd0cedcb5f47c9473b11ffd998e32bb88f5133a3abf9abeb1b4881fd1f9809b7ff4ea162fe8739cf340e4873c8633f61da28d5d2078f134bcac29429d3531787b05e9bb9b2199256d3495ee7524efa4e556a1cd576780041463d194bf58d91d2b4f83a03d432337b4d9803bb9c9907e0a9f4cc1bbfc127935e650d40c2a2aea6d7c681deba7afc3edf06eab6c3baa1cc2f98b7f2db3dc2ebd8da36641f51257d99884c66331cebaa40b068d6269bcbc06"], @ANYRES32, @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYPTR, @ANYPTR64, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYPTR, @ANYPTR, @ANYPTR], @ANYRES16=r0], @ANYRES32=r1, @ANYBLOB="c384a6c65438a1d02967fd0e24edf51c2e7d7997e297958b34d3e0bfe55c7fa54c8099af38bc79779b90dfff3064283243a7ec28ecaa4de89d60b13ff0275bd3ca386e97d484024f35b0251663d0ebbc850caaff5e212fa46d1ede951c31d3a1f0507330954dfa32af9246e95a8cc78f3134feea5c8e174222b8b49c3c2ddb6b90317c2bfaa28c0724d5e2f35722eacc6c478d2898dfebd28d4db4c179a87040039fef4647504e9727069dab70554f03163a3f9e3243451019394373072234a778ccb6c8f9c94a5c679365033678ff833cee0fa5a86a071949480f59647beaa8f3bc338cd80ac0dc2a"], 0x6) 2018/03/31 10:51:21 executing program 6 (fault-call:10 fault-nth:21): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:21 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x0, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:21 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') getpid() r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:21 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x0, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:21 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 125.147543] FAULT_INJECTION: forcing a failure. [ 125.147543] name failslab, interval 1, probability 0, space 0, times 0 [ 125.159347] CPU: 1 PID: 9726 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 125.166455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.175805] Call Trace: [ 125.178393] dump_stack+0x194/0x24d [ 125.182011] ? arch_local_irq_restore+0x53/0x53 [ 125.186677] should_fail+0x8c0/0xa40 [ 125.190378] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 125.195461] ? find_next_zero_bit+0xe3/0x110 [ 125.199856] ? trace_hardirqs_off+0x10/0x10 [ 125.204162] ? __lock_is_held+0xb6/0x140 [ 125.208208] ? find_held_lock+0x35/0x1d0 [ 125.212260] ? __lock_is_held+0xb6/0x140 [ 125.216314] ? check_same_owner+0x320/0x320 [ 125.220621] ? rcu_note_context_switch+0x710/0x710 [ 125.225544] ? rcu_note_context_switch+0x710/0x710 [ 125.230479] should_failslab+0xec/0x120 [ 125.234447] __kmalloc+0x63/0x760 [ 125.237891] ? lockdep_init_map+0x9/0x10 [ 125.241935] ? debug_mutex_init+0x2d/0x60 [ 125.246065] ? __list_lru_init+0xcf/0x750 [ 125.250206] __list_lru_init+0xcf/0x750 [ 125.254169] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 125.260045] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 125.265053] ? __lockdep_init_map+0xe4/0x650 [ 125.269447] ? lockdep_init_map+0x9/0x10 [ 125.273495] sget_userns+0x691/0xe40 [ 125.277191] ? set_anon_super+0x20/0x20 [ 125.281152] ? put_filp+0x90/0x90 [ 125.284589] ? destroy_unused_super.part.6+0xd0/0xd0 [ 125.289694] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 125.294725] ? perf_trace_lock+0xd6/0x900 [ 125.298859] ? save_stack+0xa3/0xd0 [ 125.302470] ? kasan_slab_alloc+0x12/0x20 [ 125.306598] ? alloc_pid+0xc1/0xa00 [ 125.310214] ? __radix_tree_replace+0x1af/0x310 [ 125.314867] ? radix_tree_delete+0x30/0x30 [ 125.319085] ? node_tag_clear+0xf2/0x180 [ 125.323136] ? proc_get_inode+0x620/0x620 [ 125.327271] mount_ns+0x6d/0x190 [ 125.330624] proc_mount+0x7a/0x90 [ 125.334064] mount_fs+0x66/0x2d0 [ 125.337419] vfs_kern_mount.part.26+0xc6/0x4a0 [ 125.341988] ? may_umount+0xa0/0xa0 [ 125.345609] ? idr_alloc_cyclic+0x1d6/0x320 [ 125.349914] ? do_raw_spin_trylock+0x190/0x190 [ 125.354480] ? idr_alloc+0x180/0x180 [ 125.358179] kern_mount_data+0x50/0xb0 [ 125.362065] pid_ns_prepare_proc+0x1e/0x80 [ 125.366283] alloc_pid+0x87e/0xa00 [ 125.369812] ? __change_pid+0x400/0x400 [ 125.373856] ? ns_capable_common+0xcf/0x160 [ 125.378169] ? memset+0x31/0x40 [ 125.381431] ? copy_thread_tls+0x268/0x8f0 [ 125.385655] copy_process.part.38+0x2516/0x4bd0 [ 125.390317] ? __cleanup_sighand+0x40/0x40 [ 125.394548] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 125.399727] ? __lock_acquire+0x664/0x3e00 [ 125.403942] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 125.409125] ? perf_trace_lock+0xd6/0x900 [ 125.413265] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 125.418441] ? perf_trace_lock+0xd6/0x900 [ 125.422568] ? mntput_no_expire+0x130/0xa90 [ 125.426877] ? trace_event_raw_event_lock+0x340/0x340 [ 125.432045] ? perf_trace_lock+0xd6/0x900 [ 125.436180] ? lock_acquire+0x1d5/0x580 [ 125.440134] ? trace_hardirqs_off+0x10/0x10 [ 125.444441] ? perf_trace_lock+0xd6/0x900 [ 125.448582] ? find_held_lock+0x35/0x1d0 [ 125.452633] ? perf_trace_lock+0xd6/0x900 [ 125.456771] ? trace_event_raw_event_lock+0x340/0x340 [ 125.461945] ? _parse_integer+0x140/0x140 [ 125.466081] ? trace_hardirqs_off+0x10/0x10 [ 125.470388] ? get_pid_task+0x93/0x140 [ 125.474280] ? perf_trace_lock+0xd6/0x900 [ 125.478417] ? find_held_lock+0x35/0x1d0 [ 125.482469] ? __f_unlock_pos+0x19/0x20 [ 125.486429] ? lock_downgrade+0x980/0x980 [ 125.490563] ? get_pid_task+0xbc/0x140 [ 125.494436] ? proc_fail_nth_write+0x9b/0x1d0 [ 125.498917] ? map_files_get_link+0x3a0/0x3a0 [ 125.503400] ? handle_mm_fault+0x35b/0xb10 [ 125.507623] _do_fork+0x1f7/0xf70 [ 125.511062] ? fork_idle+0x2d0/0x2d0 [ 125.514759] ? wait_for_completion+0x770/0x770 [ 125.519345] ? __sb_end_write+0xa0/0xd0 [ 125.523305] ? fput+0xd2/0x140 [ 125.526481] ? SyS_write+0x184/0x220 [ 125.530181] ? SyS_read+0x220/0x220 [ 125.533793] SyS_clone+0x37/0x50 [ 125.537139] ? sys_vfork+0x30/0x30 [ 125.540663] do_syscall_64+0x281/0x940 [ 125.544534] ? vmalloc_sync_all+0x30/0x30 [ 125.548665] ? _raw_spin_unlock_irq+0x27/0x70 [ 125.553145] ? finish_task_switch+0x1c1/0x7e0 [ 125.557715] ? syscall_return_slowpath+0x550/0x550 [ 125.562626] ? syscall_return_slowpath+0x2ac/0x550 [ 125.567537] ? prepare_exit_to_usermode+0x350/0x350 [ 125.572535] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 125.577886] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.582730] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 125.587903] RIP: 0033:0x454e79 [ 125.591072] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 2018/03/31 10:51:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:22 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000dc7190c4de7efe000013000000"], 0x1) [ 125.598764] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 125.606016] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 125.613268] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 125.620518] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 125.627770] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000015 [ 125.639532] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:22 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x0, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 125.668349] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:22 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40, 0x0, 0x0}, &(0x7f0000000240)=0x10) r1 = socket$inet6(0xa, 0x1001000000080001, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=r0, 0x4) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:22 executing program 6 (fault-call:10 fault-nth:22): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:22 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') getpid() r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:22 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) [ 125.763695] FAULT_INJECTION: forcing a failure. [ 125.763695] name failslab, interval 1, probability 0, space 0, times 0 [ 125.775014] CPU: 1 PID: 9749 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 125.782117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.791469] Call Trace: [ 125.794060] dump_stack+0x194/0x24d [ 125.797681] ? arch_local_irq_restore+0x53/0x53 [ 125.802357] should_fail+0x8c0/0xa40 [ 125.806063] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 125.811164] ? save_stack+0x43/0xd0 [ 125.814775] ? kasan_kmalloc+0xad/0xe0 [ 125.818641] ? __kmalloc+0x162/0x760 [ 125.822336] ? __list_lru_init+0xcf/0x750 [ 125.826467] ? find_held_lock+0x35/0x1d0 [ 125.830517] ? __lock_is_held+0xb6/0x140 [ 125.834571] ? check_same_owner+0x320/0x320 [ 125.838876] ? rcu_note_context_switch+0x710/0x710 [ 125.843794] should_failslab+0xec/0x120 [ 125.847752] kmem_cache_alloc_node_trace+0x5a/0x760 [ 125.852752] ? mark_held_locks+0xaf/0x100 [ 125.856880] ? __raw_spin_lock_init+0x1c/0x100 [ 125.861451] __kmalloc_node+0x33/0x70 [ 125.865236] kvmalloc_node+0x99/0xd0 [ 125.868932] __list_lru_init+0x5d5/0x750 [ 125.872981] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 125.878854] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 125.883854] ? __lockdep_init_map+0xe4/0x650 [ 125.888245] ? lockdep_init_map+0x9/0x10 [ 125.895592] sget_userns+0x691/0xe40 [ 125.899286] ? set_anon_super+0x20/0x20 [ 125.903245] ? put_filp+0x90/0x90 [ 125.906678] ? destroy_unused_super.part.6+0xd0/0xd0 [ 125.911768] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 125.916772] ? perf_trace_lock+0xd6/0x900 [ 125.920909] ? save_stack+0xa3/0xd0 [ 125.924521] ? kasan_slab_alloc+0x12/0x20 [ 125.928653] ? alloc_pid+0xc1/0xa00 [ 125.932264] ? __radix_tree_replace+0x1af/0x310 [ 125.936914] ? radix_tree_delete+0x30/0x30 [ 125.941130] ? node_tag_clear+0xf2/0x180 [ 125.945269] ? proc_get_inode+0x620/0x620 [ 125.949396] mount_ns+0x6d/0x190 [ 125.952747] proc_mount+0x7a/0x90 [ 125.956183] mount_fs+0x66/0x2d0 [ 125.959536] vfs_kern_mount.part.26+0xc6/0x4a0 [ 125.964102] ? may_umount+0xa0/0xa0 [ 125.967708] ? idr_alloc_cyclic+0x1d6/0x320 [ 125.972014] ? do_raw_spin_trylock+0x190/0x190 [ 125.976583] ? idr_alloc+0x180/0x180 [ 125.980280] kern_mount_data+0x50/0xb0 [ 125.984148] pid_ns_prepare_proc+0x1e/0x80 [ 125.988363] alloc_pid+0x87e/0xa00 [ 125.991888] ? __change_pid+0x400/0x400 [ 125.995842] ? ns_capable_common+0xcf/0x160 [ 126.000152] ? memset+0x31/0x40 [ 126.003414] ? copy_thread_tls+0x268/0x8f0 [ 126.007639] copy_process.part.38+0x2516/0x4bd0 [ 126.012301] ? __cleanup_sighand+0x40/0x40 [ 126.016552] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 126.021814] ? __lock_acquire+0x664/0x3e00 [ 126.026035] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 126.031210] ? perf_trace_lock+0xd6/0x900 [ 126.035349] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 126.040520] ? perf_trace_lock+0xd6/0x900 [ 126.044649] ? mntput_no_expire+0x130/0xa90 [ 126.048963] ? trace_event_raw_event_lock+0x340/0x340 [ 126.054135] ? perf_trace_lock+0xd6/0x900 [ 126.058270] ? lock_acquire+0x1d5/0x580 [ 126.062227] ? trace_hardirqs_off+0x10/0x10 [ 126.066532] ? perf_trace_lock+0xd6/0x900 [ 126.070673] ? find_held_lock+0x35/0x1d0 [ 126.074726] ? perf_trace_lock+0xd6/0x900 [ 126.078861] ? trace_event_raw_event_lock+0x340/0x340 [ 126.084826] ? _parse_integer+0x140/0x140 [ 126.088966] ? trace_hardirqs_off+0x10/0x10 [ 126.093271] ? get_pid_task+0x93/0x140 [ 126.097142] ? perf_trace_lock+0xd6/0x900 [ 126.101277] ? find_held_lock+0x35/0x1d0 [ 126.105329] ? __f_unlock_pos+0x19/0x20 [ 126.109294] ? lock_downgrade+0x980/0x980 [ 126.113425] ? get_pid_task+0xbc/0x140 [ 126.117300] ? proc_fail_nth_write+0x9b/0x1d0 [ 126.121774] ? map_files_get_link+0x3a0/0x3a0 [ 126.126256] ? handle_mm_fault+0x35b/0xb10 [ 126.130480] _do_fork+0x1f7/0xf70 [ 126.133918] ? fork_idle+0x2d0/0x2d0 [ 126.137614] ? wait_for_completion+0x770/0x770 [ 126.142200] ? __sb_end_write+0xa0/0xd0 [ 126.146158] ? fput+0xd2/0x140 [ 126.149335] ? SyS_write+0x184/0x220 [ 126.153035] ? SyS_read+0x220/0x220 [ 126.156649] SyS_clone+0x37/0x50 [ 126.159996] ? sys_vfork+0x30/0x30 [ 126.163523] do_syscall_64+0x281/0x940 [ 126.167392] ? vmalloc_sync_all+0x30/0x30 [ 126.171520] ? _raw_spin_unlock_irq+0x27/0x70 [ 126.176007] ? finish_task_switch+0x1c1/0x7e0 [ 126.180490] ? syscall_return_slowpath+0x550/0x550 [ 126.185402] ? syscall_return_slowpath+0x2ac/0x550 [ 126.190312] ? prepare_exit_to_usermode+0x350/0x350 [ 126.195309] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 126.200656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 126.205489] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 126.210660] RIP: 0033:0x454e79 [ 126.213833] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 126.221524] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 126.228776] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 126.236029] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 126.243281] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 126.250536] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000016 2018/03/31 10:51:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 126.334905] xprt_adjust_timeout: rq_timeout = 0! [ 126.382801] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:23 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200a162004c00000000"], 0xc) r2 = dup3(r1, r1, 0x80000) connect$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x9, {0x8, 0x1000, 0x3, 0x3, 0x3, 0x3}, 0x5, 0x2cfc}, 0xe) r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x3, 0x10000) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3) 2018/03/31 10:51:23 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:23 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x3ff, 0x400800) write$cgroup_pid(r1, &(0x7f0000000080)={[0x37]}, 0x1) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:23 executing program 6 (fault-call:10 fault-nth:23): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:23 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:23 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') getpid() r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:23 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x0, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 127.260092] binder: undelivered death notification, 0000000000000000 [ 127.266623] FAULT_INJECTION: forcing a failure. [ 127.266623] name failslab, interval 1, probability 0, space 0, times 0 [ 127.278067] CPU: 0 PID: 9784 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 127.285190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.294546] Call Trace: [ 127.297129] dump_stack+0x194/0x24d [ 127.300756] ? arch_local_irq_restore+0x53/0x53 [ 127.305418] should_fail+0x8c0/0xa40 [ 127.309116] ? is_bpf_text_address+0xa4/0x120 [ 127.313619] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 127.318701] ? __kernel_text_address+0xd/0x40 [ 127.323176] ? unwind_get_return_address+0x61/0xa0 [ 127.328100] ? find_held_lock+0x35/0x1d0 [ 127.332153] ? __lock_is_held+0xb6/0x140 [ 127.336208] ? check_same_owner+0x320/0x320 [ 127.340511] ? rcu_note_context_switch+0x710/0x710 [ 127.345427] should_failslab+0xec/0x120 [ 127.349379] kmem_cache_alloc_trace+0x4b/0x740 [ 127.353939] ? __kmalloc_node+0x33/0x70 [ 127.357892] ? __kmalloc_node+0x33/0x70 [ 127.361846] ? rcu_read_lock_sched_held+0x108/0x120 [ 127.366848] __memcg_init_list_lru_node+0x169/0x270 [ 127.371844] ? list_lru_add+0x7c0/0x7c0 [ 127.375797] ? __kmalloc_node+0x47/0x70 [ 127.379754] __list_lru_init+0x544/0x750 [ 127.383796] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 127.389664] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 127.394658] ? __lockdep_init_map+0xe4/0x650 [ 127.399050] ? lockdep_init_map+0x9/0x10 [ 127.403091] sget_userns+0x691/0xe40 [ 127.406780] ? set_anon_super+0x20/0x20 [ 127.410736] ? put_filp+0x90/0x90 [ 127.414167] ? destroy_unused_super.part.6+0xd0/0xd0 [ 127.419249] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 127.424257] ? save_stack+0xa3/0xd0 [ 127.427864] ? save_stack+0x43/0xd0 [ 127.431468] ? kasan_slab_alloc+0x12/0x20 [ 127.435591] ? kmem_cache_alloc+0x12e/0x760 [ 127.439890] ? alloc_pid+0xc1/0xa00 [ 127.443497] ? __radix_tree_replace+0x1af/0x310 [ 127.448147] ? radix_tree_delete+0x30/0x30 [ 127.452357] ? node_tag_clear+0xf2/0x180 [ 127.456403] ? proc_get_inode+0x620/0x620 [ 127.460528] mount_ns+0x6d/0x190 [ 127.463873] proc_mount+0x7a/0x90 [ 127.467307] mount_fs+0x66/0x2d0 [ 127.470658] vfs_kern_mount.part.26+0xc6/0x4a0 [ 127.475219] ? may_umount+0xa0/0xa0 [ 127.478822] ? idr_alloc_cyclic+0x1d6/0x320 [ 127.483122] ? do_raw_spin_trylock+0x190/0x190 [ 127.487686] ? idr_alloc+0x180/0x180 [ 127.491382] kern_mount_data+0x50/0xb0 [ 127.495251] pid_ns_prepare_proc+0x1e/0x80 [ 127.499482] alloc_pid+0x87e/0xa00 [ 127.503007] ? __change_pid+0x400/0x400 [ 127.506963] ? ns_capable_common+0xcf/0x160 [ 127.511272] ? memset+0x31/0x40 [ 127.514530] ? copy_thread_tls+0x268/0x8f0 [ 127.518748] copy_process.part.38+0x2516/0x4bd0 [ 127.523405] ? __cleanup_sighand+0x40/0x40 [ 127.527629] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 127.532803] ? __lock_acquire+0x664/0x3e00 [ 127.537020] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 127.542193] ? environ_open+0x80/0x80 [ 127.545984] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 127.551162] ? __lock_acquire+0x664/0x3e00 [ 127.555377] ? mntput_no_expire+0x130/0xa90 [ 127.559680] ? print_irqtrace_events+0x270/0x270 [ 127.564416] ? trace_hardirqs_off+0x10/0x10 [ 127.568721] ? lock_acquire+0x1d5/0x580 [ 127.572673] ? trace_hardirqs_off+0x10/0x10 [ 127.576973] ? trace_hardirqs_off+0x10/0x10 [ 127.581283] ? __lock_acquire+0x664/0x3e00 [ 127.585495] ? check_same_owner+0x320/0x320 [ 127.589801] ? find_held_lock+0x35/0x1d0 [ 127.593844] ? _parse_integer+0xe9/0x140 [ 127.597894] ? trace_hardirqs_off+0x10/0x10 [ 127.602196] ? _parse_integer+0x140/0x140 [ 127.606328] ? trace_hardirqs_off+0x10/0x10 [ 127.610634] ? get_pid_task+0x93/0x140 [ 127.614503] ? lock_downgrade+0x980/0x980 [ 127.618644] ? find_held_lock+0x35/0x1d0 [ 127.622691] ? __f_unlock_pos+0x19/0x20 [ 127.626643] ? lock_downgrade+0x980/0x980 [ 127.630768] ? get_pid_task+0xbc/0x140 [ 127.634635] ? proc_fail_nth_write+0x9b/0x1d0 [ 127.639121] ? map_files_get_link+0x3a0/0x3a0 [ 127.643609] ? handle_mm_fault+0x35b/0xb10 [ 127.647828] _do_fork+0x1f7/0xf70 [ 127.651266] ? fork_idle+0x2d0/0x2d0 [ 127.654958] ? wait_for_completion+0x770/0x770 [ 127.659522] ? __lock_is_held+0xb6/0x140 [ 127.663572] ? __sb_end_write+0xa0/0xd0 [ 127.667529] ? fput+0xd2/0x140 [ 127.670703] ? SyS_write+0x184/0x220 [ 127.674398] ? SyS_read+0x220/0x220 [ 127.678008] SyS_clone+0x37/0x50 [ 127.681356] ? sys_vfork+0x30/0x30 [ 127.684877] do_syscall_64+0x281/0x940 [ 127.688742] ? vmalloc_sync_all+0x30/0x30 [ 127.692866] ? _raw_spin_unlock_irq+0x27/0x70 [ 127.697341] ? finish_task_switch+0x1c1/0x7e0 [ 127.701820] ? syscall_return_slowpath+0x550/0x550 [ 127.706728] ? syscall_return_slowpath+0x2ac/0x550 [ 127.711639] ? prepare_exit_to_usermode+0x350/0x350 [ 127.716638] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 127.721985] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 127.726811] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 127.731978] RIP: 0033:0x454e79 [ 127.735147] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 127.742835] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 127.750081] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 127.757330] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 127.764581] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 127.771828] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000017 [ 127.783576] binder: BINDER_SET_CONTEXT_MGR already set [ 127.797536] binder: 9791:9792 ioctl 40046207 0 returned -16 2018/03/31 10:51:24 executing program 6 (fault-call:10 fault-nth:24): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:24 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000007fe29b92170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:24 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)=ANY=[@ANYBLOB="0000ca8e9f224b82c0e96856c40200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) r3 = fcntl$getown(r0, 0x9) waitid(0x0, r3, &(0x7f0000000040), 0x40000000, &(0x7f0000000380)) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) io_setup(0x3, &(0x7f0000000080)=0x0) io_cancel(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8, 0x80, r1, &(0x7f0000000100)="934a37cd42dfa89031728f9e774ab091fd438a", 0x13, 0x5, 0x0, 0x0, r2}, &(0x7f00000001c0)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 127.820916] binder: 9791:9792 Acquire 1 refcount change on invalid ref 0 ret -22 [ 127.832739] xprt_adjust_timeout: rq_timeout = 0! [ 127.839227] binder: 9791:9792 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 127.854586] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:24 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:24 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x0, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 127.931942] FAULT_INJECTION: forcing a failure. [ 127.931942] name failslab, interval 1, probability 0, space 0, times 0 [ 127.943319] CPU: 1 PID: 9807 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 127.950414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.959851] Call Trace: [ 127.962425] dump_stack+0x194/0x24d [ 127.966034] ? arch_local_irq_restore+0x53/0x53 [ 127.970686] ? __save_stack_trace+0x7e/0xd0 [ 127.974994] should_fail+0x8c0/0xa40 [ 127.978694] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 127.983782] ? kasan_kmalloc+0xad/0xe0 [ 127.987685] ? kmem_cache_alloc_trace+0x136/0x740 [ 127.992511] ? __memcg_init_list_lru_node+0x169/0x270 [ 127.997685] ? __list_lru_init+0x544/0x750 [ 128.001902] ? sget_userns+0x691/0xe40 [ 128.005774] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 128.010515] ? kern_mount_data+0x50/0xb0 [ 128.014560] ? pid_ns_prepare_proc+0x1e/0x80 [ 128.018950] ? alloc_pid+0x87e/0xa00 [ 128.022653] ? copy_process.part.38+0x2516/0x4bd0 [ 128.027480] ? _do_fork+0x1f7/0xf70 [ 128.031088] ? SyS_clone+0x37/0x50 [ 128.034618] ? find_held_lock+0x35/0x1d0 [ 128.038659] ? __lock_is_held+0xb6/0x140 [ 128.042706] ? check_same_owner+0x320/0x320 [ 128.047024] ? rcu_note_context_switch+0x710/0x710 [ 128.051948] should_failslab+0xec/0x120 [ 128.055908] kmem_cache_alloc_trace+0x4b/0x740 [ 128.060473] ? __kmalloc_node+0x33/0x70 [ 128.064432] ? __kmalloc_node+0x33/0x70 [ 128.068471] ? rcu_read_lock_sched_held+0x108/0x120 [ 128.073469] __memcg_init_list_lru_node+0x169/0x270 [ 128.078470] ? list_lru_add+0x7c0/0x7c0 [ 128.083532] ? __kmalloc_node+0x47/0x70 [ 128.087494] __list_lru_init+0x544/0x750 [ 128.091540] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 128.097411] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 128.102411] ? __lockdep_init_map+0xe4/0x650 [ 128.106803] ? lockdep_init_map+0x9/0x10 [ 128.111541] sget_userns+0x691/0xe40 [ 128.115320] ? set_anon_super+0x20/0x20 [ 128.119281] ? put_filp+0x90/0x90 [ 128.122717] ? destroy_unused_super.part.6+0xd0/0xd0 [ 128.127822] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 128.132821] ? perf_trace_lock+0xd6/0x900 [ 128.136955] ? save_stack+0xa3/0xd0 [ 128.140564] ? kasan_slab_alloc+0x12/0x20 [ 128.144691] ? alloc_pid+0xc1/0xa00 [ 128.148306] ? __radix_tree_replace+0x1af/0x310 [ 128.152955] ? radix_tree_delete+0x30/0x30 [ 128.157172] ? node_tag_clear+0xf2/0x180 [ 128.161219] ? proc_get_inode+0x620/0x620 [ 128.165345] mount_ns+0x6d/0x190 [ 128.168692] proc_mount+0x7a/0x90 [ 128.172125] mount_fs+0x66/0x2d0 [ 128.175476] vfs_kern_mount.part.26+0xc6/0x4a0 [ 128.180037] ? may_umount+0xa0/0xa0 [ 128.183641] ? idr_alloc_cyclic+0x1d6/0x320 [ 128.187946] ? do_raw_spin_trylock+0x190/0x190 [ 128.192508] ? idr_alloc+0x180/0x180 [ 128.196203] kern_mount_data+0x50/0xb0 [ 128.200067] pid_ns_prepare_proc+0x1e/0x80 [ 128.204281] alloc_pid+0x87e/0xa00 [ 128.207804] ? __change_pid+0x400/0x400 [ 128.211759] ? ns_capable_common+0xcf/0x160 [ 128.216069] ? memset+0x31/0x40 [ 128.219329] ? copy_thread_tls+0x268/0x8f0 [ 128.223554] copy_process.part.38+0x2516/0x4bd0 [ 128.228206] ? __cleanup_sighand+0x40/0x40 [ 128.232434] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 128.237622] ? __lock_acquire+0x664/0x3e00 [ 128.241841] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 128.247019] ? perf_trace_lock+0xd6/0x900 [ 128.251249] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 128.256420] ? perf_trace_lock+0xd6/0x900 [ 128.260547] ? mntput_no_expire+0x130/0xa90 [ 128.264849] ? trace_event_raw_event_lock+0x340/0x340 [ 128.270017] ? perf_trace_lock+0xd6/0x900 [ 128.274161] ? lock_acquire+0x1d5/0x580 [ 128.278115] ? trace_hardirqs_off+0x10/0x10 [ 128.282417] ? perf_trace_lock+0xd6/0x900 [ 128.286548] ? find_held_lock+0x35/0x1d0 [ 128.290589] ? perf_trace_lock+0xd6/0x900 [ 128.294718] ? trace_event_raw_event_lock+0x340/0x340 [ 128.299885] ? _parse_integer+0x140/0x140 [ 128.304023] ? trace_hardirqs_off+0x10/0x10 [ 128.308326] ? get_pid_task+0x93/0x140 [ 128.312191] ? perf_trace_lock+0xd6/0x900 [ 128.316321] ? find_held_lock+0x35/0x1d0 [ 128.320367] ? __f_unlock_pos+0x19/0x20 [ 128.324325] ? lock_downgrade+0x980/0x980 [ 128.328449] ? get_pid_task+0xbc/0x140 [ 128.332319] ? proc_fail_nth_write+0x9b/0x1d0 [ 128.336799] ? map_files_get_link+0x3a0/0x3a0 [ 128.341293] ? handle_mm_fault+0x35b/0xb10 [ 128.345517] _do_fork+0x1f7/0xf70 [ 128.348952] ? fork_idle+0x2d0/0x2d0 [ 128.352648] ? wait_for_completion+0x770/0x770 [ 128.357219] ? __sb_end_write+0xa0/0xd0 [ 128.361175] ? fput+0xd2/0x140 [ 128.364347] ? SyS_write+0x184/0x220 [ 128.368045] ? SyS_read+0x220/0x220 [ 128.371652] SyS_clone+0x37/0x50 [ 128.375000] ? sys_vfork+0x30/0x30 [ 128.378526] do_syscall_64+0x281/0x940 [ 128.382477] ? vmalloc_sync_all+0x30/0x30 [ 128.386609] ? _raw_spin_unlock_irq+0x27/0x70 [ 128.391083] ? finish_task_switch+0x1c1/0x7e0 [ 128.395559] ? syscall_return_slowpath+0x550/0x550 [ 128.400468] ? syscall_return_slowpath+0x2ac/0x550 [ 128.405384] ? prepare_exit_to_usermode+0x350/0x350 [ 128.410382] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 128.415728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 128.420555] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 128.425724] RIP: 0033:0x454e79 2018/03/31 10:51:25 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:25 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 128.428905] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 128.436592] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 128.443859] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 128.451111] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 128.458362] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 128.465613] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000018 2018/03/31 10:51:25 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a0000502643ce1af4d0cb0000000000008000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) r1 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x1f, 0x3c1080) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0x4c, &(0x7f0000000240)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x13}}, @in6={0xa, 0x4e20, 0x6, @mcast2={0xff, 0x2, [], 0x1}, 0xffffffffffff7fff}, @in={0x2, 0x4e20, @multicast2=0xe0000002}, @in={0x2, 0x4e21}]}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040)={r2, 0x3}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000180)={r3, 0x236}, &(0x7f00000001c0)=0x8) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000380)={{{@in=@remote, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, &(0x7f0000000080)=0xe8) [ 128.555844] xprt_adjust_timeout: rq_timeout = 0! [ 128.574578] xprt_adjust_timeout: rq_timeout = 0! [ 128.583473] binder: 9791:9837 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:26 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="08000200004c4bcbad95cb01"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000000)={'icmp\x00'}, &(0x7f0000000040)=0x1e) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:26 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:26 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:26 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x610100, 0x0) setsockopt$packet_int(r1, 0x107, 0xe, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000240)=0x2, 0xfffffffffffffeae) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:26 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x0, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:26 executing program 6 (fault-call:10 fault-nth:25): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:26 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 129.553528] FAULT_INJECTION: forcing a failure. [ 129.553528] name failslab, interval 1, probability 0, space 0, times 0 [ 129.564911] CPU: 0 PID: 9853 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 129.572014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.581366] Call Trace: [ 129.583952] dump_stack+0x194/0x24d [ 129.587576] ? arch_local_irq_restore+0x53/0x53 [ 129.592248] ? __save_stack_trace+0x7e/0xd0 [ 129.596567] should_fail+0x8c0/0xa40 [ 129.600272] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 129.605363] ? kasan_kmalloc+0xad/0xe0 [ 129.609232] ? kmem_cache_alloc_trace+0x136/0x740 [ 129.614057] ? __memcg_init_list_lru_node+0x169/0x270 [ 129.619233] ? __list_lru_init+0x544/0x750 [ 129.623449] ? sget_userns+0x691/0xe40 [ 129.627327] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 129.632091] ? kern_mount_data+0x50/0xb0 [ 129.636139] ? pid_ns_prepare_proc+0x1e/0x80 [ 129.640530] ? alloc_pid+0x87e/0xa00 [ 129.644226] ? copy_process.part.38+0x2516/0x4bd0 [ 129.649057] ? _do_fork+0x1f7/0xf70 [ 129.652682] ? SyS_clone+0x37/0x50 [ 129.656217] ? find_held_lock+0x35/0x1d0 [ 129.660267] ? __lock_is_held+0xb6/0x140 [ 129.664332] ? check_same_owner+0x320/0x320 [ 129.668642] ? rcu_note_context_switch+0x710/0x710 [ 129.673570] should_failslab+0xec/0x120 [ 129.677535] kmem_cache_alloc_trace+0x4b/0x740 [ 129.682104] ? __kmalloc_node+0x33/0x70 [ 129.686070] ? __kmalloc_node+0x33/0x70 [ 129.690038] ? rcu_read_lock_sched_held+0x108/0x120 [ 129.695048] __memcg_init_list_lru_node+0x169/0x270 [ 129.700056] ? list_lru_add+0x7c0/0x7c0 [ 129.704024] ? __kmalloc_node+0x47/0x70 [ 129.707992] __list_lru_init+0x544/0x750 [ 129.712048] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 129.717923] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 129.722926] ? __lockdep_init_map+0xe4/0x650 [ 129.727318] ? lockdep_init_map+0x9/0x10 [ 129.731364] sget_userns+0x691/0xe40 [ 129.735064] ? set_anon_super+0x20/0x20 [ 129.739031] ? put_filp+0x90/0x90 [ 129.742471] ? destroy_unused_super.part.6+0xd0/0xd0 [ 129.747557] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 129.752555] ? perf_trace_lock+0xd6/0x900 [ 129.756688] ? save_stack+0xa3/0xd0 [ 129.760297] ? kasan_slab_alloc+0x12/0x20 [ 129.764428] ? alloc_pid+0xc1/0xa00 [ 129.768046] ? __radix_tree_replace+0x1af/0x310 [ 129.772708] ? radix_tree_delete+0x30/0x30 [ 129.776925] ? node_tag_clear+0xf2/0x180 [ 129.780973] ? proc_get_inode+0x620/0x620 [ 129.785108] mount_ns+0x6d/0x190 [ 129.788459] proc_mount+0x7a/0x90 [ 129.791894] mount_fs+0x66/0x2d0 [ 129.795245] vfs_kern_mount.part.26+0xc6/0x4a0 [ 129.799819] ? may_umount+0xa0/0xa0 [ 129.803433] ? idr_alloc_cyclic+0x1d6/0x320 [ 129.807739] ? do_raw_spin_trylock+0x190/0x190 [ 129.812302] ? idr_alloc+0x180/0x180 [ 129.815998] kern_mount_data+0x50/0xb0 [ 129.819873] pid_ns_prepare_proc+0x1e/0x80 [ 129.824087] alloc_pid+0x87e/0xa00 [ 129.827611] ? __change_pid+0x400/0x400 [ 129.831566] ? ns_capable_common+0xcf/0x160 [ 129.835875] ? memset+0x31/0x40 [ 129.839135] ? copy_thread_tls+0x268/0x8f0 [ 129.843446] copy_process.part.38+0x2516/0x4bd0 [ 129.848105] ? __cleanup_sighand+0x40/0x40 [ 129.852335] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 129.857510] ? __lock_acquire+0x664/0x3e00 [ 129.861726] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 129.866901] ? perf_trace_lock+0xd6/0x900 [ 129.871044] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 129.876229] ? perf_trace_lock+0xd6/0x900 [ 129.880359] ? mntput_no_expire+0x130/0xa90 [ 129.884668] ? trace_event_raw_event_lock+0x340/0x340 [ 129.889838] ? perf_trace_lock+0xd6/0x900 [ 129.893972] ? lock_acquire+0x1d5/0x580 [ 129.897925] ? trace_hardirqs_off+0x10/0x10 [ 129.902230] ? perf_trace_lock+0xd6/0x900 [ 129.906367] ? find_held_lock+0x35/0x1d0 [ 129.910411] ? perf_trace_lock+0xd6/0x900 [ 129.914542] ? trace_event_raw_event_lock+0x340/0x340 [ 129.919716] ? _parse_integer+0x140/0x140 [ 129.923855] ? trace_hardirqs_off+0x10/0x10 [ 129.928167] ? get_pid_task+0x93/0x140 [ 129.932040] ? perf_trace_lock+0xd6/0x900 [ 129.936179] ? find_held_lock+0x35/0x1d0 [ 129.940231] ? __f_unlock_pos+0x19/0x20 [ 129.944189] ? lock_downgrade+0x980/0x980 [ 129.948317] ? get_pid_task+0xbc/0x140 [ 129.952187] ? proc_fail_nth_write+0x9b/0x1d0 [ 129.956664] ? map_files_get_link+0x3a0/0x3a0 [ 129.961142] ? handle_mm_fault+0x35b/0xb10 [ 129.965364] _do_fork+0x1f7/0xf70 [ 129.968804] ? fork_idle+0x2d0/0x2d0 [ 129.972502] ? wait_for_completion+0x770/0x770 [ 129.977088] ? __sb_end_write+0xa0/0xd0 [ 129.981060] ? fput+0xd2/0x140 [ 129.984235] ? SyS_write+0x184/0x220 [ 129.987930] ? SyS_read+0x220/0x220 [ 129.991548] SyS_clone+0x37/0x50 [ 129.994901] ? sys_vfork+0x30/0x30 [ 129.998430] do_syscall_64+0x281/0x940 [ 130.002306] ? vmalloc_sync_all+0x30/0x30 [ 130.006439] ? _raw_spin_unlock_irq+0x27/0x70 [ 130.010922] ? finish_task_switch+0x1c1/0x7e0 [ 130.015403] ? syscall_return_slowpath+0x550/0x550 [ 130.020314] ? syscall_return_slowpath+0x2ac/0x550 [ 130.025238] ? prepare_exit_to_usermode+0x350/0x350 [ 130.030241] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 130.035589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 130.040419] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 130.045590] RIP: 0033:0x454e79 2018/03/31 10:51:26 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000600001272dd4390308d650000000000000013000000427ba3049dbfbdf914d17ee8189f8e0335cb5cc38b7d12dfb2844e4f2c75188429000731461329122c5e462719de75e446818d86a6840589f975857971503278b9ad0474a84dd926ffc7d90af9b4304ced18d241b628202ecd2936cda5301754fdc4030d5da7731ac37d0032d7fbb3ee87937878b9bdadc10f54aa987740ba5f2cea954c8c90d85c47cb25dcc424b08b55456a654b25c858834fd3d173f959455807e8a2c24c1384bf9439c14584"], 0x1) [ 130.048758] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 130.056448] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 130.063701] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 130.070951] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 130.078207] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 130.085469] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000019 [ 130.105676] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:26 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:26 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:26 executing program 6 (fault-call:10 fault-nth:26): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 130.127651] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:26 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0}) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x101000, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r2, 0x80000, r3}) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:26 executing program 4: r0 = memfd_create(&(0x7f0000000180)='#\\,}\x00', 0x3) perf_event_open(&(0x7f000025c000)={0x2, 0x1013c, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe61f}, 0x0, 0x0, r0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff0200000000000000000000000000010000000000000000f900000000000000000000000000000000000000000000000000000000000000000000000000000000005808819b223e569e000000000000000000000000000000000000ec800000000000000000000000000600000000000000000000000000001b000013000000c964f4bc999a4464350121fd27947ae9c1a2036a3df4bfbcf1593b73e9cde19b6094300811e7d7d8571cdb94c900092fa14a94d762ccd3a1815a405da236a1c00eb8ae31d2a418a267e9e150b9caec504ae3216e00e5866954be8c8b3f4cf2d41a6d2daa26b0228641cb285f6b82fed696"], 0x1) ftruncate(r0, 0x6) [ 130.197820] FAULT_INJECTION: forcing a failure. [ 130.197820] name failslab, interval 1, probability 0, space 0, times 0 [ 130.209127] CPU: 0 PID: 9878 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 130.216233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.225598] Call Trace: [ 130.228201] dump_stack+0x194/0x24d [ 130.231839] ? arch_local_irq_restore+0x53/0x53 [ 130.236523] ? __save_stack_trace+0x7e/0xd0 [ 130.240862] should_fail+0x8c0/0xa40 2018/03/31 10:51:26 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x1f, 0x80) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000180), &(0x7f00000001c0)=0x4) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000080)=0x120000, 0x4) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000008000000000000000000000000000000727c0000000000b22d9da64e400000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000"], 0x1) 2018/03/31 10:51:26 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x0, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 130.244584] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 130.250460] ? kasan_kmalloc+0xad/0xe0 [ 130.254362] ? kmem_cache_alloc_trace+0x136/0x740 [ 130.259205] ? __memcg_init_list_lru_node+0x169/0x270 [ 130.264397] ? __list_lru_init+0x544/0x750 [ 130.268639] ? sget_userns+0x691/0xe40 [ 130.272535] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 130.277300] ? kern_mount_data+0x50/0xb0 [ 130.281361] ? pid_ns_prepare_proc+0x1e/0x80 [ 130.285759] ? alloc_pid+0x87e/0xa00 [ 130.289463] ? copy_process.part.38+0x2516/0x4bd0 [ 130.294292] ? _do_fork+0x1f7/0xf70 [ 130.297907] ? SyS_clone+0x37/0x50 [ 130.301442] ? find_held_lock+0x35/0x1d0 [ 130.305491] ? __lock_is_held+0xb6/0x140 [ 130.309547] ? check_same_owner+0x320/0x320 [ 130.313854] ? rcu_note_context_switch+0x710/0x710 [ 130.318773] should_failslab+0xec/0x120 [ 130.322733] kmem_cache_alloc_trace+0x4b/0x740 [ 130.327299] ? __kmalloc_node+0x33/0x70 [ 130.331258] ? __kmalloc_node+0x33/0x70 [ 130.335217] ? rcu_read_lock_sched_held+0x108/0x120 [ 130.340222] __memcg_init_list_lru_node+0x169/0x270 [ 130.345225] ? list_lru_add+0x7c0/0x7c0 [ 130.349184] ? __kmalloc_node+0x47/0x70 [ 130.353145] __list_lru_init+0x544/0x750 [ 130.357194] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 130.363073] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 130.368084] ? __lockdep_init_map+0xe4/0x650 [ 130.372488] ? lockdep_init_map+0x9/0x10 [ 130.376542] sget_userns+0x691/0xe40 [ 130.380252] ? set_anon_super+0x20/0x20 [ 130.384214] ? put_filp+0x90/0x90 [ 130.387652] ? destroy_unused_super.part.6+0xd0/0xd0 [ 130.392745] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 130.397746] ? perf_trace_lock+0xd6/0x900 [ 130.401877] ? save_stack+0xa3/0xd0 [ 130.405490] ? kasan_slab_alloc+0x12/0x20 [ 130.409620] ? alloc_pid+0xc1/0xa00 [ 130.413233] ? __radix_tree_replace+0x1af/0x310 [ 130.417884] ? radix_tree_delete+0x30/0x30 [ 130.422104] ? node_tag_clear+0xf2/0x180 [ 130.426173] ? proc_get_inode+0x620/0x620 [ 130.430301] mount_ns+0x6d/0x190 [ 130.433655] proc_mount+0x7a/0x90 [ 130.437091] mount_fs+0x66/0x2d0 [ 130.440444] vfs_kern_mount.part.26+0xc6/0x4a0 [ 130.445015] ? may_umount+0xa0/0xa0 [ 130.448632] ? idr_alloc_cyclic+0x1d6/0x320 [ 130.452940] ? do_raw_spin_trylock+0x190/0x190 [ 130.457503] ? idr_alloc+0x180/0x180 [ 130.461203] kern_mount_data+0x50/0xb0 [ 130.468377] pid_ns_prepare_proc+0x1e/0x80 [ 130.472599] alloc_pid+0x87e/0xa00 [ 130.476127] ? __change_pid+0x400/0x400 [ 130.480086] ? ns_capable_common+0xcf/0x160 [ 130.484401] ? memset+0x31/0x40 [ 130.487664] ? copy_thread_tls+0x268/0x8f0 [ 130.491890] copy_process.part.38+0x2516/0x4bd0 [ 130.496557] ? __cleanup_sighand+0x40/0x40 [ 130.500788] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 130.505967] ? __lock_acquire+0x664/0x3e00 [ 130.510186] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 130.515359] ? perf_trace_lock+0xd6/0x900 [ 130.519499] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 130.524668] ? perf_trace_lock+0xd6/0x900 [ 130.530121] ? mntput_no_expire+0x130/0xa90 [ 130.534436] ? trace_event_raw_event_lock+0x340/0x340 [ 130.539607] ? perf_trace_lock+0xd6/0x900 [ 130.543744] ? lock_acquire+0x1d5/0x580 [ 130.547701] ? trace_hardirqs_off+0x10/0x10 [ 130.552006] ? perf_trace_lock+0xd6/0x900 [ 130.556160] ? find_held_lock+0x35/0x1d0 [ 130.560219] ? perf_trace_lock+0xd6/0x900 [ 130.564355] ? trace_event_raw_event_lock+0x340/0x340 [ 130.569527] ? _parse_integer+0x140/0x140 [ 130.573668] ? trace_hardirqs_off+0x10/0x10 [ 130.577972] ? get_pid_task+0x93/0x140 [ 130.581841] ? perf_trace_lock+0xd6/0x900 [ 130.585976] ? find_held_lock+0x35/0x1d0 [ 130.590029] ? __f_unlock_pos+0x19/0x20 [ 130.593996] ? lock_downgrade+0x980/0x980 [ 130.598134] ? get_pid_task+0xbc/0x140 [ 130.602009] ? proc_fail_nth_write+0x9b/0x1d0 [ 130.606560] ? map_files_get_link+0x3a0/0x3a0 [ 130.611055] ? handle_mm_fault+0x35b/0xb10 [ 130.615279] _do_fork+0x1f7/0xf70 [ 130.618724] ? fork_idle+0x2d0/0x2d0 [ 130.622529] ? wait_for_completion+0x770/0x770 [ 130.627116] ? __sb_end_write+0xa0/0xd0 [ 130.631079] ? fput+0xd2/0x140 [ 130.634271] ? SyS_write+0x184/0x220 [ 130.637968] ? SyS_read+0x220/0x220 [ 130.641595] SyS_clone+0x37/0x50 [ 130.644941] ? sys_vfork+0x30/0x30 [ 130.648467] do_syscall_64+0x281/0x940 [ 130.652336] ? vmalloc_sync_all+0x30/0x30 [ 130.656468] ? _raw_spin_unlock_irq+0x27/0x70 [ 130.660945] ? finish_task_switch+0x1c1/0x7e0 [ 130.665425] ? syscall_return_slowpath+0x550/0x550 [ 130.670340] ? syscall_return_slowpath+0x2ac/0x550 [ 130.675253] ? prepare_exit_to_usermode+0x350/0x350 [ 130.680256] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 130.685608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 130.690442] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 130.695623] RIP: 0033:0x454e79 [ 130.698795] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 130.706489] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 130.713741] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 130.720994] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 130.728248] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 130.735498] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000001a 2018/03/31 10:51:27 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 130.771238] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:27 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:27 executing program 6 (fault-call:10 fault-nth:27): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:27 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x8013, r0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x200400) accept$unix(r1, 0x0, &(0x7f0000000080)) ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000180)={0x0, 0x1ff, 0x7, 0x2, &(0x7f0000ffc000/0x1000)=nil, 0x8000}) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:27 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40, 0x0, 0x0}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080005, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x103, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x10000, 0x0) getsockopt$netlink(r2, 0x10e, 0x0, &(0x7f0000000040)=""/25, &(0x7f0000000080)=0x19) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) dup2(r2, r2) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x10}) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000380)={r0, 0x5, 0x2, 0x7b4d, 0x9, 0x7fffffff, 0x2, 0x1e2, {r0, @in={{0x2, 0x4e21, @multicast1=0xe0000001}}, 0xb762, 0x3, 0x4ca, 0x2, 0xd7}}, &(0x7f0000000200)=0xb0) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000000100)="3f668e92a457860e7e3f024d18894cec3ce6251c5c2295ef2cb5260753239563421d27cb275ad9c9eb40516c304fda284c26d89f465808ad280b2e09d4e8c9b67292df4911851602018f") mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 130.843945] xprt_adjust_timeout: rq_timeout = 0! [ 130.904134] binder: undelivered death notification, 0000000000000000 [ 130.904216] FAULT_INJECTION: forcing a failure. [ 130.904216] name failslab, interval 1, probability 0, space 0, times 0 [ 130.921990] CPU: 1 PID: 9911 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 130.929103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.938461] Call Trace: [ 130.941055] dump_stack+0x194/0x24d [ 130.944691] ? arch_local_irq_restore+0x53/0x53 [ 130.949366] ? __save_stack_trace+0x7e/0xd0 [ 130.953705] should_fail+0x8c0/0xa40 [ 130.957430] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 130.962547] ? kasan_kmalloc+0xad/0xe0 [ 130.966439] ? kmem_cache_alloc_trace+0x136/0x740 [ 130.971283] ? __memcg_init_list_lru_node+0x169/0x270 [ 130.976478] ? __list_lru_init+0x544/0x750 [ 130.980716] ? sget_userns+0x691/0xe40 [ 130.984616] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 130.989379] ? kern_mount_data+0x50/0xb0 [ 130.993447] ? pid_ns_prepare_proc+0x1e/0x80 [ 130.997861] ? alloc_pid+0x87e/0xa00 [ 131.001586] ? copy_process.part.38+0x2516/0x4bd0 [ 131.006432] ? _do_fork+0x1f7/0xf70 [ 131.010059] ? SyS_clone+0x37/0x50 [ 131.013609] ? find_held_lock+0x35/0x1d0 [ 131.017666] ? __lock_is_held+0xb6/0x140 [ 131.021802] ? check_same_owner+0x320/0x320 [ 131.026107] ? rcu_note_context_switch+0x710/0x710 [ 131.031044] should_failslab+0xec/0x120 [ 131.035019] kmem_cache_alloc_trace+0x4b/0x740 [ 131.039594] ? __kmalloc_node+0x33/0x70 [ 131.043562] ? __kmalloc_node+0x33/0x70 [ 131.047525] ? rcu_read_lock_sched_held+0x108/0x120 [ 131.052530] __memcg_init_list_lru_node+0x169/0x270 [ 131.057534] ? list_lru_add+0x7c0/0x7c0 [ 131.061492] ? __kmalloc_node+0x47/0x70 [ 131.065449] __list_lru_init+0x544/0x750 [ 131.069501] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 131.075389] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 131.080396] ? __lockdep_init_map+0xe4/0x650 [ 131.084790] ? lockdep_init_map+0x9/0x10 [ 131.088843] sget_userns+0x691/0xe40 [ 131.092540] ? set_anon_super+0x20/0x20 [ 131.096496] ? put_filp+0x90/0x90 [ 131.099938] ? destroy_unused_super.part.6+0xd0/0xd0 [ 131.105029] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 131.110039] ? perf_trace_lock+0xd6/0x900 [ 131.114181] ? save_stack+0xa3/0xd0 [ 131.117788] ? kasan_slab_alloc+0x12/0x20 [ 131.121921] ? alloc_pid+0xc1/0xa00 [ 131.125538] ? __radix_tree_replace+0x1af/0x310 [ 131.130188] ? radix_tree_delete+0x30/0x30 [ 131.134488] ? node_tag_clear+0xf2/0x180 [ 131.138763] ? proc_get_inode+0x620/0x620 [ 131.142890] mount_ns+0x6d/0x190 [ 131.146239] proc_mount+0x7a/0x90 [ 131.151409] mount_fs+0x66/0x2d0 [ 131.154766] vfs_kern_mount.part.26+0xc6/0x4a0 [ 131.159326] ? may_umount+0xa0/0xa0 [ 131.162937] ? idr_alloc_cyclic+0x1d6/0x320 [ 131.167237] ? do_raw_spin_trylock+0x190/0x190 [ 131.171797] ? idr_alloc+0x180/0x180 [ 131.175505] kern_mount_data+0x50/0xb0 [ 131.179401] pid_ns_prepare_proc+0x1e/0x80 [ 131.183616] alloc_pid+0x87e/0xa00 [ 131.187142] ? __change_pid+0x400/0x400 [ 131.191098] ? ns_capable_common+0xcf/0x160 [ 131.195412] ? memset+0x31/0x40 [ 131.198676] ? copy_thread_tls+0x268/0x8f0 [ 131.202901] copy_process.part.38+0x2516/0x4bd0 [ 131.207565] ? __cleanup_sighand+0x40/0x40 [ 131.211801] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 131.216977] ? __lock_acquire+0x664/0x3e00 [ 131.221205] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 131.226387] ? perf_trace_lock+0xd6/0x900 [ 131.230523] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 131.235706] ? perf_trace_lock+0xd6/0x900 [ 131.239841] ? mntput_no_expire+0x130/0xa90 [ 131.244147] ? trace_event_raw_event_lock+0x340/0x340 [ 131.249315] ? perf_trace_lock+0xd6/0x900 [ 131.253451] ? lock_acquire+0x1d5/0x580 [ 131.257405] ? trace_hardirqs_off+0x10/0x10 [ 131.261724] ? perf_trace_lock+0xd6/0x900 [ 131.265857] ? find_held_lock+0x35/0x1d0 [ 131.269900] ? perf_trace_lock+0xd6/0x900 [ 131.274043] ? trace_event_raw_event_lock+0x340/0x340 [ 131.279226] ? _parse_integer+0x140/0x140 [ 131.283459] ? trace_hardirqs_off+0x10/0x10 [ 131.288111] ? get_pid_task+0x93/0x140 [ 131.291979] ? perf_trace_lock+0xd6/0x900 [ 131.296110] ? find_held_lock+0x35/0x1d0 [ 131.300152] ? __f_unlock_pos+0x19/0x20 [ 131.304121] ? lock_downgrade+0x980/0x980 [ 131.308249] ? get_pid_task+0xbc/0x140 [ 131.312122] ? proc_fail_nth_write+0x9b/0x1d0 [ 131.316598] ? map_files_get_link+0x3a0/0x3a0 [ 131.321091] ? handle_mm_fault+0x35b/0xb10 [ 131.325324] _do_fork+0x1f7/0xf70 [ 131.328770] ? fork_idle+0x2d0/0x2d0 [ 131.332471] ? wait_for_completion+0x770/0x770 [ 131.337051] ? __sb_end_write+0xa0/0xd0 [ 131.341016] ? fput+0xd2/0x140 [ 131.344202] ? SyS_write+0x184/0x220 [ 131.347905] ? SyS_read+0x220/0x220 [ 131.351518] SyS_clone+0x37/0x50 [ 131.354860] ? sys_vfork+0x30/0x30 [ 131.358381] do_syscall_64+0x281/0x940 [ 131.362256] ? vmalloc_sync_all+0x30/0x30 [ 131.366382] ? _raw_spin_unlock_irq+0x27/0x70 [ 131.370854] ? finish_task_switch+0x1c1/0x7e0 [ 131.375338] ? syscall_return_slowpath+0x550/0x550 [ 131.380245] ? syscall_return_slowpath+0x2ac/0x550 [ 131.385152] ? prepare_exit_to_usermode+0x350/0x350 [ 131.390156] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 131.395521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 131.400347] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 131.405521] RIP: 0033:0x454e79 [ 131.408710] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 131.416406] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 131.423658] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 131.430906] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 131.438160] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 131.445418] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000001b 2018/03/31 10:51:28 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:28 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:28 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:28 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x0, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:28 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:28 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:28 executing program 6 (fault-call:10 fault-nth:28): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 131.842015] FAULT_INJECTION: forcing a failure. [ 131.842015] name failslab, interval 1, probability 0, space 0, times 0 [ 131.853408] CPU: 0 PID: 9944 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 131.860512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.869863] Call Trace: [ 131.872450] dump_stack+0x194/0x24d [ 131.876078] ? arch_local_irq_restore+0x53/0x53 [ 131.880743] ? __save_stack_trace+0x7e/0xd0 [ 131.885072] should_fail+0x8c0/0xa40 [ 131.888776] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 131.893861] ? kasan_kmalloc+0xad/0xe0 [ 131.897727] ? kmem_cache_alloc_trace+0x136/0x740 [ 131.902552] ? __memcg_init_list_lru_node+0x169/0x270 [ 131.907721] ? __list_lru_init+0x544/0x750 [ 131.911938] ? sget_userns+0x691/0xe40 [ 131.915813] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 131.920550] ? kern_mount_data+0x50/0xb0 [ 131.924592] ? pid_ns_prepare_proc+0x1e/0x80 [ 131.928982] ? alloc_pid+0x87e/0xa00 [ 131.932683] ? copy_process.part.38+0x2516/0x4bd0 [ 131.937505] ? _do_fork+0x1f7/0xf70 [ 131.941111] ? SyS_clone+0x37/0x50 [ 131.944636] ? find_held_lock+0x35/0x1d0 [ 131.948683] ? __lock_is_held+0xb6/0x140 [ 131.952744] ? check_same_owner+0x320/0x320 [ 131.957057] ? rcu_note_context_switch+0x710/0x710 [ 131.962071] should_failslab+0xec/0x120 [ 131.966038] kmem_cache_alloc_trace+0x4b/0x740 [ 131.970604] ? __kmalloc_node+0x33/0x70 [ 131.974557] ? __kmalloc_node+0x33/0x70 [ 131.978517] ? rcu_read_lock_sched_held+0x108/0x120 [ 131.983522] __memcg_init_list_lru_node+0x169/0x270 [ 131.988530] ? list_lru_add+0x7c0/0x7c0 [ 131.992487] ? __kmalloc_node+0x47/0x70 [ 131.996450] __list_lru_init+0x544/0x750 [ 132.000501] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 132.006367] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 132.011364] ? __lockdep_init_map+0xe4/0x650 [ 132.015758] ? lockdep_init_map+0x9/0x10 [ 132.019805] sget_userns+0x691/0xe40 [ 132.023498] ? set_anon_super+0x20/0x20 [ 132.027460] ? put_filp+0x90/0x90 [ 132.030895] ? destroy_unused_super.part.6+0xd0/0xd0 [ 132.035983] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 132.041029] ? perf_trace_lock+0xd6/0x900 [ 132.045164] ? save_stack+0xa3/0xd0 [ 132.048773] ? kasan_slab_alloc+0x12/0x20 [ 132.052904] ? alloc_pid+0xc1/0xa00 [ 132.056517] ? __radix_tree_replace+0x1af/0x310 [ 132.061168] ? radix_tree_delete+0x30/0x30 [ 132.065384] ? node_tag_clear+0xf2/0x180 [ 132.069442] ? proc_get_inode+0x620/0x620 [ 132.073572] mount_ns+0x6d/0x190 [ 132.076922] proc_mount+0x7a/0x90 [ 132.080358] mount_fs+0x66/0x2d0 [ 132.083721] vfs_kern_mount.part.26+0xc6/0x4a0 [ 132.088286] ? may_umount+0xa0/0xa0 [ 132.091891] ? idr_alloc_cyclic+0x1d6/0x320 [ 132.096199] ? do_raw_spin_trylock+0x190/0x190 [ 132.100764] ? idr_alloc+0x180/0x180 [ 132.104462] kern_mount_data+0x50/0xb0 [ 132.108330] pid_ns_prepare_proc+0x1e/0x80 [ 132.112543] alloc_pid+0x87e/0xa00 [ 132.116066] ? __change_pid+0x400/0x400 [ 132.120026] ? ns_capable_common+0xcf/0x160 [ 132.124338] ? memset+0x31/0x40 [ 132.127599] ? copy_thread_tls+0x268/0x8f0 [ 132.131821] copy_process.part.38+0x2516/0x4bd0 [ 132.136484] ? __cleanup_sighand+0x40/0x40 [ 132.140715] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 132.145892] ? __lock_acquire+0x664/0x3e00 [ 132.150109] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 132.155282] ? perf_trace_lock+0xd6/0x900 [ 132.159419] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 132.164592] ? perf_trace_lock+0xd6/0x900 [ 132.168720] ? mntput_no_expire+0x130/0xa90 [ 132.173034] ? trace_event_raw_event_lock+0x340/0x340 [ 132.178206] ? perf_trace_lock+0xd6/0x900 [ 132.182344] ? lock_acquire+0x1d5/0x580 [ 132.186300] ? trace_hardirqs_off+0x10/0x10 [ 132.190605] ? perf_trace_lock+0xd6/0x900 [ 132.194742] ? find_held_lock+0x35/0x1d0 [ 132.198791] ? perf_trace_lock+0xd6/0x900 [ 132.202931] ? trace_event_raw_event_lock+0x340/0x340 [ 132.208114] ? _parse_integer+0x140/0x140 [ 132.212255] ? trace_hardirqs_off+0x10/0x10 [ 132.216564] ? get_pid_task+0x93/0x140 [ 132.220436] ? perf_trace_lock+0xd6/0x900 [ 132.224570] ? find_held_lock+0x35/0x1d0 [ 132.228617] ? __f_unlock_pos+0x19/0x20 [ 132.232571] ? lock_downgrade+0x980/0x980 [ 132.236698] ? get_pid_task+0xbc/0x140 [ 132.240570] ? proc_fail_nth_write+0x9b/0x1d0 [ 132.245048] ? map_files_get_link+0x3a0/0x3a0 [ 132.250433] ? handle_mm_fault+0x35b/0xb10 [ 132.254657] _do_fork+0x1f7/0xf70 [ 132.258098] ? fork_idle+0x2d0/0x2d0 [ 132.261796] ? wait_for_completion+0x770/0x770 [ 132.266380] ? __sb_end_write+0xa0/0xd0 [ 132.270336] ? fput+0xd2/0x140 [ 132.273511] ? SyS_write+0x184/0x220 [ 132.277210] ? SyS_read+0x220/0x220 [ 132.280823] SyS_clone+0x37/0x50 [ 132.284168] ? sys_vfork+0x30/0x30 [ 132.287691] do_syscall_64+0x281/0x940 [ 132.291564] ? vmalloc_sync_all+0x30/0x30 [ 132.295693] ? _raw_spin_unlock_irq+0x27/0x70 [ 132.300171] ? finish_task_switch+0x1c1/0x7e0 [ 132.304652] ? syscall_return_slowpath+0x550/0x550 [ 132.309564] ? syscall_return_slowpath+0x2ac/0x550 [ 132.314480] ? prepare_exit_to_usermode+0x350/0x350 [ 132.319483] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 132.324831] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.329660] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 132.334833] RIP: 0033:0x454e79 2018/03/31 10:51:29 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="0700fa03000020f1ffbfff00"], 0xc) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r1) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 132.338003] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 132.345703] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 132.352955] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 132.360211] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 132.367461] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 132.374712] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000001c [ 132.425725] xprt_adjust_timeout: rq_timeout = 0! [ 132.459833] xprt_adjust_timeout: rq_timeout = 0! [ 132.753289] binder: undelivered death notification, 0000000000000000 2018/03/31 10:51:30 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000002640)='/dev/autofs\x00', 0x40, 0x0) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x1, 0x4) preadv(r0, &(0x7f0000002580)=[{&(0x7f0000000040)=""/100, 0x64}, {&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000001180)=""/138, 0x8a}, {&(0x7f0000001240)=""/1, 0x1}, {&(0x7f0000001280)=""/40, 0x28}, {&(0x7f00000012c0)=""/4096, 0x1000}, {&(0x7f00000022c0)=""/112, 0x70}, {&(0x7f0000002340)=""/110, 0x6e}, {&(0x7f00000023c0)=""/177, 0xb1}, {&(0x7f0000002480)=""/222, 0xde}], 0xa, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a000000ffffffffff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000013000000"], 0x1) 2018/03/31 10:51:30 executing program 6 (fault-call:10 fault-nth:29): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:30 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x0, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:30 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:30 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0xfffffffffffffffe, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x7fffffff) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00008000100000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) 2018/03/31 10:51:30 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:30 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) r2 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, r2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 133.400960] binder: 9978:9981 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 133.419461] FAULT_INJECTION: forcing a failure. [ 133.419461] name failslab, interval 1, probability 0, space 0, times 0 [ 133.430743] CPU: 0 PID: 9979 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 133.437841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 133.447183] Call Trace: [ 133.449756] dump_stack+0x194/0x24d [ 133.453367] ? arch_local_irq_restore+0x53/0x53 [ 133.458019] ? __save_stack_trace+0x7e/0xd0 [ 133.462327] should_fail+0x8c0/0xa40 [ 133.466035] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 133.471119] ? kasan_kmalloc+0xad/0xe0 [ 133.475074] ? kmem_cache_alloc_trace+0x136/0x740 [ 133.479917] ? __memcg_init_list_lru_node+0x169/0x270 [ 133.485095] ? __list_lru_init+0x544/0x750 [ 133.489311] ? sget_userns+0x691/0xe40 [ 133.493184] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 133.497917] ? kern_mount_data+0x50/0xb0 [ 133.501965] ? pid_ns_prepare_proc+0x1e/0x80 [ 133.506349] ? alloc_pid+0x87e/0xa00 [ 133.510040] ? copy_process.part.38+0x2516/0x4bd0 [ 133.514860] ? _do_fork+0x1f7/0xf70 [ 133.518465] ? SyS_clone+0x37/0x50 [ 133.521985] ? find_held_lock+0x35/0x1d0 [ 133.526039] ? __lock_is_held+0xb6/0x140 [ 133.530084] ? check_same_owner+0x320/0x320 [ 133.534388] ? rcu_note_context_switch+0x710/0x710 [ 133.539306] should_failslab+0xec/0x120 [ 133.543260] kmem_cache_alloc_trace+0x4b/0x740 [ 133.547819] ? __kmalloc_node+0x33/0x70 [ 133.551770] ? __kmalloc_node+0x33/0x70 [ 133.555727] ? rcu_read_lock_sched_held+0x108/0x120 [ 133.560721] __memcg_init_list_lru_node+0x169/0x270 [ 133.565718] ? list_lru_add+0x7c0/0x7c0 [ 133.569671] ? __kmalloc_node+0x47/0x70 [ 133.573717] __list_lru_init+0x544/0x750 [ 133.577761] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 133.583628] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 133.588630] ? __lockdep_init_map+0xe4/0x650 [ 133.593024] ? lockdep_init_map+0x9/0x10 [ 133.597085] sget_userns+0x691/0xe40 [ 133.600776] ? set_anon_super+0x20/0x20 [ 133.604727] ? put_filp+0x90/0x90 [ 133.608159] ? destroy_unused_super.part.6+0xd0/0xd0 [ 133.613332] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 133.618328] ? save_stack+0xa3/0xd0 [ 133.621941] ? save_stack+0x43/0xd0 [ 133.625547] ? kasan_slab_alloc+0x12/0x20 [ 133.629673] ? kmem_cache_alloc+0x12e/0x760 [ 133.633977] ? alloc_pid+0xc1/0xa00 [ 133.637584] ? __radix_tree_replace+0x1af/0x310 [ 133.642233] ? radix_tree_delete+0x30/0x30 [ 133.646443] ? node_tag_clear+0xf2/0x180 [ 133.650489] ? proc_get_inode+0x620/0x620 [ 133.654615] mount_ns+0x6d/0x190 [ 133.657962] proc_mount+0x7a/0x90 [ 133.661393] mount_fs+0x66/0x2d0 [ 133.664738] vfs_kern_mount.part.26+0xc6/0x4a0 [ 133.669307] ? may_umount+0xa0/0xa0 [ 133.672912] ? idr_alloc_cyclic+0x1d6/0x320 [ 133.677219] ? do_raw_spin_trylock+0x190/0x190 [ 133.681780] ? idr_alloc+0x180/0x180 [ 133.685481] kern_mount_data+0x50/0xb0 [ 133.689367] pid_ns_prepare_proc+0x1e/0x80 [ 133.693588] alloc_pid+0x87e/0xa00 [ 133.697113] ? __change_pid+0x400/0x400 [ 133.701067] ? ns_capable_common+0xcf/0x160 [ 133.705373] ? memset+0x31/0x40 [ 133.708629] ? copy_thread_tls+0x268/0x8f0 [ 133.712845] copy_process.part.38+0x2516/0x4bd0 [ 133.717496] ? __cleanup_sighand+0x40/0x40 [ 133.721717] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 133.726889] ? __lock_acquire+0x664/0x3e00 [ 133.731105] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 133.736274] ? environ_open+0x80/0x80 [ 133.740061] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 133.745228] ? __lock_acquire+0x664/0x3e00 [ 133.749444] ? mntput_no_expire+0x130/0xa90 [ 133.753745] ? print_irqtrace_events+0x270/0x270 [ 133.758479] ? trace_hardirqs_off+0x10/0x10 [ 133.762783] ? lock_acquire+0x1d5/0x580 [ 133.766735] ? trace_hardirqs_off+0x10/0x10 [ 133.771038] ? trace_hardirqs_off+0x10/0x10 [ 133.775342] ? __lock_acquire+0x664/0x3e00 [ 133.779555] ? check_same_owner+0x320/0x320 [ 133.783858] ? find_held_lock+0x35/0x1d0 [ 133.787899] ? _parse_integer+0xe9/0x140 [ 133.791946] ? trace_hardirqs_off+0x10/0x10 [ 133.796246] ? _parse_integer+0x140/0x140 [ 133.800378] ? trace_hardirqs_off+0x10/0x10 [ 133.804682] ? get_pid_task+0x93/0x140 [ 133.808548] ? lock_downgrade+0x980/0x980 [ 133.812676] ? find_held_lock+0x35/0x1d0 [ 133.816722] ? __f_unlock_pos+0x19/0x20 [ 133.820673] ? lock_downgrade+0x980/0x980 [ 133.824805] ? get_pid_task+0xbc/0x140 [ 133.828671] ? proc_fail_nth_write+0x9b/0x1d0 [ 133.833145] ? map_files_get_link+0x3a0/0x3a0 [ 133.837618] ? handle_mm_fault+0x35b/0xb10 [ 133.841837] _do_fork+0x1f7/0xf70 [ 133.845270] ? fork_idle+0x2d0/0x2d0 [ 133.848965] ? wait_for_completion+0x770/0x770 [ 133.853528] ? __lock_is_held+0xb6/0x140 [ 133.857575] ? __sb_end_write+0xa0/0xd0 [ 133.861530] ? fput+0xd2/0x140 [ 133.864706] ? SyS_write+0x184/0x220 [ 133.868401] ? SyS_read+0x220/0x220 [ 133.872015] SyS_clone+0x37/0x50 [ 133.875366] ? sys_vfork+0x30/0x30 [ 133.878889] do_syscall_64+0x281/0x940 [ 133.882754] ? vmalloc_sync_all+0x30/0x30 [ 133.886882] ? finish_task_switch+0x1c1/0x7e0 [ 133.891356] ? syscall_return_slowpath+0x550/0x550 [ 133.896360] ? syscall_return_slowpath+0x2ac/0x550 [ 133.901270] ? prepare_exit_to_usermode+0x350/0x350 [ 133.906271] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 133.911616] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 133.921658] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 133.926832] RIP: 0033:0x454e79 [ 133.930007] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 133.937702] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 133.944954] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 133.952209] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 133.959456] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 133.966705] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000001d [ 133.978942] binder: 9975:9983 ioctl 40046205 7fffffff returned -22 [ 133.987189] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:30 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:30 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/03/31 10:51:30 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 134.012344] binder: 9975:9983 ioctl 40046205 7fffffff returned -22 [ 134.021294] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:30 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x0, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:30 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f0000000080)={r1, 0x3}) socket$inet6(0xa, 0x1001000000080001, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) socket$alg(0x26, 0x5, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000e6ff17ea000300000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000000280)={0x9, 0x81, 0x101, 0xaa, &(0x7f0000000380)=""/170, 0x42, &(0x7f0000000100)=""/66, 0x5f, &(0x7f00000001c0)=""/95}) 2018/03/31 10:51:30 executing program 6 (fault-call:10 fault-nth:30): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:30 executing program 4: r0 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x0, 0x0) setsockopt$ipx_IPX_TYPE(0xffffffffffffffff, 0x100, 0x1, &(0x7f00000001c0)=0x5, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000040)={0x10}, 0x37e9, &(0x7f00000000c0)={&(0x7f0000000700)={0x14, 0x1d, 0xffffffffffffffff, 0x0, 0x0, {0x806b}}, 0x14}, 0x1}, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x240800, 0x0) r3 = syz_open_dev$tun(&(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x100) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000240)={0x3}) fstatfs(r2, &(0x7f0000000140)=""/44) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000100)={0x3, 0x2, 0xa0d, 0x7}, 0x8) sync_file_range(r3, 0x9, 0x7, 0x6) [ 134.111569] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:30 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:30 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) fcntl$dupfd(r1, 0x0, r1) r4 = epoll_create1(0x0) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={r4, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 134.171542] FAULT_INJECTION: forcing a failure. [ 134.171542] name failslab, interval 1, probability 0, space 0, times 0 [ 134.182866] CPU: 1 PID: 10014 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 134.190058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.199411] Call Trace: [ 134.202008] dump_stack+0x194/0x24d [ 134.205651] ? arch_local_irq_restore+0x53/0x53 [ 134.210330] ? __save_stack_trace+0x7e/0xd0 [ 134.214668] should_fail+0x8c0/0xa40 [ 134.218394] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 134.223511] ? kasan_kmalloc+0xad/0xe0 [ 134.227406] ? kmem_cache_alloc_trace+0x136/0x740 [ 134.228375] binder: 9978:10024 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 134.232256] ? __memcg_init_list_lru_node+0x169/0x270 [ 134.232268] ? __list_lru_init+0x544/0x750 [ 134.232277] ? sget_userns+0x691/0xe40 [ 134.232294] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 134.232305] ? kern_mount_data+0x50/0xb0 [ 134.232317] ? pid_ns_prepare_proc+0x1e/0x80 [ 134.232327] ? copy_process.part.38+0x2516/0x4bd0 2018/03/31 10:51:30 executing program 4: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="2400000052001f0014f9f40700090400020007fc10000100ffffffff0800000000000000", 0x24) [ 134.232335] ? _do_fork+0x1f7/0xf70 [ 134.232342] ? SyS_clone+0x37/0x50 [ 134.232355] ? find_held_lock+0x35/0x1d0 [ 134.232369] ? __lock_is_held+0xb6/0x140 [ 134.232386] ? check_same_owner+0x320/0x320 [ 134.232399] ? rcu_note_context_switch+0x710/0x710 [ 134.295081] should_failslab+0xec/0x120 [ 134.299059] kmem_cache_alloc_trace+0x4b/0x740 [ 134.303644] ? __kmalloc_node+0x33/0x70 [ 134.307616] ? __kmalloc_node+0x33/0x70 [ 134.311590] ? rcu_read_lock_sched_held+0x108/0x120 [ 134.316605] __memcg_init_list_lru_node+0x169/0x270 [ 134.321624] ? list_lru_add+0x7c0/0x7c0 [ 134.325601] ? __kmalloc_node+0x47/0x70 [ 134.329573] __list_lru_init+0x544/0x750 [ 134.333619] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 134.339483] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 134.344480] ? __lockdep_init_map+0xe4/0x650 [ 134.348870] ? lockdep_init_map+0x9/0x10 [ 134.352919] sget_userns+0x691/0xe40 [ 134.356611] ? set_anon_super+0x20/0x20 [ 134.360566] ? put_filp+0x90/0x90 [ 134.364003] ? destroy_unused_super.part.6+0xd0/0xd0 [ 134.369093] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 134.374090] ? perf_trace_lock+0xd6/0x900 [ 134.378218] ? perf_trace_lock_acquire+0xe3/0x980 [ 134.383048] ? save_stack+0xa3/0xd0 [ 134.386660] ? __radix_tree_replace+0x1af/0x310 [ 134.391309] ? radix_tree_delete+0x30/0x30 [ 134.395520] ? node_tag_clear+0xf2/0x180 [ 134.399566] ? proc_get_inode+0x620/0x620 [ 134.403695] mount_ns+0x6d/0x190 [ 134.407046] proc_mount+0x7a/0x90 [ 134.410483] mount_fs+0x66/0x2d0 [ 134.413833] vfs_kern_mount.part.26+0xc6/0x4a0 [ 134.418400] ? may_umount+0xa0/0xa0 [ 134.422016] ? idr_alloc_cyclic+0x1d6/0x320 [ 134.426327] ? do_raw_spin_trylock+0x190/0x190 [ 134.430891] ? idr_alloc+0x180/0x180 [ 134.434588] kern_mount_data+0x50/0xb0 [ 134.438456] pid_ns_prepare_proc+0x1e/0x80 [ 134.443027] alloc_pid+0x87e/0xa00 [ 134.446558] ? __change_pid+0x400/0x400 [ 134.450514] ? ns_capable_common+0xcf/0x160 [ 134.454823] ? memset+0x31/0x40 [ 134.458086] ? copy_thread_tls+0x268/0x8f0 [ 134.462305] copy_process.part.38+0x2516/0x4bd0 [ 134.466975] ? __cleanup_sighand+0x40/0x40 [ 134.471200] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 134.476376] ? __lock_acquire+0x664/0x3e00 [ 134.480596] ? perf_trace_lock+0xd6/0x900 [ 134.484727] ? perf_trace_lock_acquire+0xe3/0x980 [ 134.489556] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 134.494727] ? perf_trace_lock+0xd6/0x900 [ 134.498856] ? perf_trace_lock_acquire+0xe3/0x980 [ 134.503683] ? trace_event_raw_event_lock+0x340/0x340 [ 134.508895] ? perf_trace_lock+0x900/0x900 [ 134.513119] ? lock_acquire+0x1d5/0x580 [ 134.517078] ? trace_hardirqs_off+0x10/0x10 [ 134.521379] ? perf_trace_lock+0xd6/0x900 [ 134.525504] ? perf_trace_lock_acquire+0xe3/0x980 [ 134.530342] ? perf_trace_lock+0x900/0x900 [ 134.534556] ? find_held_lock+0x35/0x1d0 [ 134.538600] ? perf_trace_lock+0xd6/0x900 [ 134.542728] ? trace_event_raw_event_lock+0x340/0x340 [ 134.547899] ? _parse_integer+0x140/0x140 [ 134.552033] ? trace_hardirqs_off+0x10/0x10 [ 134.556337] ? get_pid_task+0x93/0x140 [ 134.560208] ? perf_trace_lock+0xd6/0x900 [ 134.564339] ? find_held_lock+0x35/0x1d0 [ 134.568385] ? __f_unlock_pos+0x19/0x20 [ 134.572341] ? lock_downgrade+0x980/0x980 [ 134.576469] ? get_pid_task+0xbc/0x140 [ 134.580339] ? proc_fail_nth_write+0x9b/0x1d0 [ 134.584815] ? map_files_get_link+0x3a0/0x3a0 [ 134.589289] ? handle_mm_fault+0x35b/0xb10 [ 134.593551] _do_fork+0x1f7/0xf70 [ 134.596985] ? fork_idle+0x2d0/0x2d0 [ 134.600679] ? wait_for_completion+0x770/0x770 [ 134.605254] ? __sb_end_write+0xa0/0xd0 [ 134.609211] ? fput+0xd2/0x140 [ 134.612385] ? SyS_write+0x184/0x220 [ 134.616083] ? SyS_read+0x220/0x220 [ 134.619694] SyS_clone+0x37/0x50 [ 134.623044] ? sys_vfork+0x30/0x30 [ 134.626567] do_syscall_64+0x281/0x940 [ 134.630434] ? vmalloc_sync_all+0x30/0x30 [ 134.634564] ? _raw_spin_unlock_irq+0x27/0x70 [ 134.639040] ? finish_task_switch+0x1c1/0x7e0 [ 134.643515] ? syscall_return_slowpath+0x550/0x550 [ 134.648425] ? syscall_return_slowpath+0x2ac/0x550 [ 134.653340] ? prepare_exit_to_usermode+0x350/0x350 [ 134.658342] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 134.663696] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 134.668545] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 134.673720] RIP: 0033:0x454e79 [ 134.676888] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 134.684578] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 134.691826] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 134.699078] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 134.706329] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 134.713578] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000001e [ 134.733835] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:31 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) r2 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, r2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:31 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) io_setup(0x80, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000002400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="b6cc227bf641c8d9478556fda4411971764475770935e4aabcea78f059db2a837339d42a789f8ef59fa43223e9c0967e4375d8ba1eef6c31dfcd3cb9be3300000000000000000000", 0x48}]) 2018/03/31 10:51:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:31 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 134.794409] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:31 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x0, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:31 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) fcntl$dupfd(r1, 0x0, r1) r4 = epoll_create1(0x0) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={r4, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:31 executing program 6 (fault-call:10 fault-nth:31): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:31 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x20000, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x7fff, 0x2224c0) write$rdma_cm(r2, &(0x7f0000000140)=@create_id={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000100), 0x2, 0x7}}, 0x20) futimesat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x77359400}, {0x77359400}}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000001a00)) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) r3 = getpgrp(0xffffffffffffffff) process_vm_writev(r3, &(0x7f0000001900)=[{&(0x7f0000000380)=""/129, 0x81}, {&(0x7f0000000540)=""/255, 0xff}, {&(0x7f0000000700)=""/210, 0xd2}, {&(0x7f00000001c0)=""/46, 0x2e}, {&(0x7f0000000800)=""/225, 0xe1}, {&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000000440)=""/94, 0x5e}, {&(0x7f0000000640)=""/65, 0x41}], 0x8, &(0x7f0000000280)=[{&(0x7f0000001980)=""/101, 0x65}, {&(0x7f0000000200)=""/2, 0x2}], 0x2, 0x0) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 134.831450] binder: 10044:10045 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 134.862266] FAULT_INJECTION: forcing a failure. [ 134.862266] name failslab, interval 1, probability 0, space 0, times 0 [ 134.873654] CPU: 0 PID: 10056 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 134.880846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.890211] Call Trace: [ 134.892814] dump_stack+0x194/0x24d [ 134.896449] ? arch_local_irq_restore+0x53/0x53 [ 134.901208] ? __save_stack_trace+0x7e/0xd0 [ 134.905527] should_fail+0x8c0/0xa40 [ 134.909238] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 134.914335] ? kasan_kmalloc+0xad/0xe0 [ 134.918210] ? kmem_cache_alloc_trace+0x136/0x740 [ 134.923040] ? __memcg_init_list_lru_node+0x169/0x270 [ 134.928217] ? __list_lru_init+0x544/0x750 [ 134.932432] ? sget_userns+0x691/0xe40 [ 134.936307] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 134.941047] ? kern_mount_data+0x50/0xb0 [ 134.945263] ? pid_ns_prepare_proc+0x1e/0x80 [ 134.949672] ? alloc_pid+0x87e/0xa00 [ 134.953376] ? copy_process.part.38+0x2516/0x4bd0 [ 134.958200] ? _do_fork+0x1f7/0xf70 [ 134.961816] ? SyS_clone+0x37/0x50 [ 134.965345] ? find_held_lock+0x35/0x1d0 [ 134.969399] ? __lock_is_held+0xb6/0x140 [ 134.973451] ? check_same_owner+0x320/0x320 [ 134.977938] ? rcu_note_context_switch+0x710/0x710 [ 134.982864] should_failslab+0xec/0x120 [ 134.986825] kmem_cache_alloc_trace+0x4b/0x740 [ 134.991388] ? __kmalloc_node+0x33/0x70 [ 134.995351] ? __kmalloc_node+0x33/0x70 [ 134.999305] ? rcu_read_lock_sched_held+0x108/0x120 [ 135.004312] __memcg_init_list_lru_node+0x169/0x270 [ 135.009312] ? list_lru_add+0x7c0/0x7c0 [ 135.013270] ? __kmalloc_node+0x47/0x70 [ 135.017236] __list_lru_init+0x544/0x750 [ 135.021284] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 135.027153] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 135.032158] ? __lockdep_init_map+0xe4/0x650 [ 135.036556] ? lockdep_init_map+0x9/0x10 [ 135.040604] sget_userns+0x691/0xe40 [ 135.044299] ? set_anon_super+0x20/0x20 [ 135.048433] ? put_filp+0x90/0x90 [ 135.051869] ? destroy_unused_super.part.6+0xd0/0xd0 [ 135.056967] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 135.061966] ? perf_trace_lock+0xd6/0x900 [ 135.066097] ? save_stack+0xa3/0xd0 [ 135.069719] ? kasan_slab_alloc+0x12/0x20 [ 135.073858] ? alloc_pid+0xc1/0xa00 [ 135.077473] ? __radix_tree_replace+0x1af/0x310 [ 135.082129] ? radix_tree_delete+0x30/0x30 [ 135.086353] ? node_tag_clear+0xf2/0x180 [ 135.090411] ? proc_get_inode+0x620/0x620 [ 135.094550] mount_ns+0x6d/0x190 [ 135.097906] proc_mount+0x7a/0x90 [ 135.101342] mount_fs+0x66/0x2d0 [ 135.104692] vfs_kern_mount.part.26+0xc6/0x4a0 [ 135.109265] ? may_umount+0xa0/0xa0 [ 135.112875] ? idr_alloc_cyclic+0x1d6/0x320 [ 135.117190] ? do_raw_spin_trylock+0x190/0x190 [ 135.121757] ? idr_alloc+0x180/0x180 [ 135.125458] kern_mount_data+0x50/0xb0 [ 135.129330] pid_ns_prepare_proc+0x1e/0x80 [ 135.133552] alloc_pid+0x87e/0xa00 [ 135.137085] ? __change_pid+0x400/0x400 [ 135.141045] ? ns_capable_common+0xcf/0x160 [ 135.145363] ? memset+0x31/0x40 [ 135.148638] ? copy_thread_tls+0x268/0x8f0 [ 135.152874] copy_process.part.38+0x2516/0x4bd0 [ 135.157554] ? __cleanup_sighand+0x40/0x40 [ 135.161791] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 135.166982] ? __lock_acquire+0x664/0x3e00 [ 135.171222] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 135.176409] ? perf_trace_lock+0xd6/0x900 [ 135.180568] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 135.185746] ? perf_trace_lock+0xd6/0x900 [ 135.189881] ? mntput_no_expire+0x130/0xa90 [ 135.194205] ? trace_event_raw_event_lock+0x340/0x340 [ 135.199386] ? perf_trace_lock+0xd6/0x900 [ 135.203543] ? lock_acquire+0x1d5/0x580 [ 135.207508] ? trace_hardirqs_off+0x10/0x10 [ 135.211828] ? perf_trace_lock+0xd6/0x900 [ 135.215987] ? find_held_lock+0x35/0x1d0 [ 135.220053] ? perf_trace_lock+0xd6/0x900 [ 135.224196] ? trace_event_raw_event_lock+0x340/0x340 [ 135.229389] ? _parse_integer+0x140/0x140 [ 135.233535] ? trace_hardirqs_off+0x10/0x10 [ 135.237848] ? get_pid_task+0x93/0x140 [ 135.241724] ? perf_trace_lock+0xd6/0x900 [ 135.245860] ? find_held_lock+0x35/0x1d0 [ 135.249916] ? __f_unlock_pos+0x19/0x20 [ 135.253878] ? lock_downgrade+0x980/0x980 [ 135.258021] ? get_pid_task+0xbc/0x140 [ 135.261904] ? proc_fail_nth_write+0x9b/0x1d0 [ 135.266386] ? map_files_get_link+0x3a0/0x3a0 [ 135.270868] ? handle_mm_fault+0x35b/0xb10 [ 135.275094] _do_fork+0x1f7/0xf70 [ 135.278538] ? fork_idle+0x2d0/0x2d0 [ 135.282242] ? wait_for_completion+0x770/0x770 [ 135.286830] ? __sb_end_write+0xa0/0xd0 [ 135.290791] ? fput+0xd2/0x140 [ 135.293968] ? SyS_write+0x184/0x220 [ 135.297666] ? SyS_read+0x220/0x220 [ 135.301283] SyS_clone+0x37/0x50 [ 135.304629] ? sys_vfork+0x30/0x30 [ 135.308154] do_syscall_64+0x281/0x940 [ 135.312028] ? vmalloc_sync_all+0x30/0x30 [ 135.316165] ? _raw_spin_unlock_irq+0x27/0x70 [ 135.320643] ? finish_task_switch+0x1c1/0x7e0 [ 135.325122] ? syscall_return_slowpath+0x550/0x550 [ 135.330040] ? syscall_return_slowpath+0x2ac/0x550 [ 135.334955] ? prepare_exit_to_usermode+0x350/0x350 [ 135.339959] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 135.345312] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 135.350147] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 135.355321] RIP: 0033:0x454e79 [ 135.358495] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 135.366187] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 135.373441] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 2018/03/31 10:51:32 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) [ 135.380692] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 135.387947] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 135.395200] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000001f 2018/03/31 10:51:32 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x0, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:32 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x24, &(0x7f0000000000)={@dev, @remote, 0x0}, &(0x7f0000000040)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=0xc) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@dev={0xfe, 0x80, [], 0xe}, @in6=@loopback={0x0, 0x1}, 0x4e22, 0x7, 0x4e24, 0x0, 0x2, 0xa0, 0x20, 0x4, r2, r4}, {0x8, 0xfffffffffffffffb, 0x2, 0x7f, 0x2, 0x8, 0x3, 0x4}, {0x7, 0xe229, 0x4, 0xd62}, 0xffffffff80000000, 0x0, 0x3, 0x1, 0x3, 0x3}, {{@in6=@remote={0xfe, 0x80, [], 0xbb}, 0x4d6, 0xff}, 0xa, @in6=@local={0xfe, 0x80, [], 0xaa}, 0x3501, 0x2, 0x3, 0x0, 0x2, 0x0, 0x6}}, 0xe8) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x10000, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x7, 0x10001) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000140)=r3) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) dup2(r5, r7) dup3(r7, r6, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:32 executing program 6 (fault-call:10 fault-nth:32): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 135.424882] xprt_adjust_timeout: rq_timeout = 0! [ 135.425905] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:32 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) fcntl$dupfd(r1, 0x0, r1) r4 = epoll_create1(0x0) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={r4, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:32 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x0, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 135.538561] FAULT_INJECTION: forcing a failure. [ 135.538561] name failslab, interval 1, probability 0, space 0, times 0 [ 135.549861] CPU: 0 PID: 10082 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 135.557053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.566401] Call Trace: [ 135.568976] dump_stack+0x194/0x24d [ 135.572585] ? arch_local_irq_restore+0x53/0x53 [ 135.577234] ? __save_stack_trace+0x7e/0xd0 [ 135.581540] should_fail+0x8c0/0xa40 [ 135.585234] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 135.590317] ? kasan_kmalloc+0xad/0xe0 [ 135.594183] ? kmem_cache_alloc_trace+0x136/0x740 [ 135.599003] ? __memcg_init_list_lru_node+0x169/0x270 [ 135.604177] ? __list_lru_init+0x544/0x750 [ 135.608394] ? sget_userns+0x691/0xe40 [ 135.612263] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 135.616996] ? kern_mount_data+0x50/0xb0 [ 135.621043] ? pid_ns_prepare_proc+0x1e/0x80 [ 135.625433] ? alloc_pid+0x87e/0xa00 [ 135.629125] ? copy_process.part.38+0x2516/0x4bd0 [ 135.633946] ? _do_fork+0x1f7/0xf70 [ 135.637548] ? SyS_clone+0x37/0x50 [ 135.641071] ? find_held_lock+0x35/0x1d0 [ 135.645121] ? __lock_is_held+0xb6/0x140 [ 135.649168] ? check_same_owner+0x320/0x320 [ 135.653472] ? rcu_note_context_switch+0x710/0x710 [ 135.658385] should_failslab+0xec/0x120 [ 135.662341] kmem_cache_alloc_trace+0x4b/0x740 [ 135.666906] ? __kmalloc_node+0x33/0x70 [ 135.670859] ? __kmalloc_node+0x33/0x70 [ 135.674819] ? rcu_read_lock_sched_held+0x108/0x120 [ 135.679819] __memcg_init_list_lru_node+0x169/0x270 [ 135.684821] ? list_lru_add+0x7c0/0x7c0 [ 135.688778] ? __kmalloc_node+0x47/0x70 [ 135.692736] __list_lru_init+0x544/0x750 [ 135.696781] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 135.702651] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 135.707647] ? __lockdep_init_map+0xe4/0x650 [ 135.712041] ? lockdep_init_map+0x9/0x10 [ 135.716087] sget_userns+0x691/0xe40 [ 135.719780] ? set_anon_super+0x20/0x20 [ 135.723736] ? put_filp+0x90/0x90 [ 135.727172] ? destroy_unused_super.part.6+0xd0/0xd0 [ 135.732259] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 135.737257] ? perf_trace_lock+0xd6/0x900 [ 135.741392] ? save_stack+0xa3/0xd0 [ 135.745003] ? kasan_slab_alloc+0x12/0x20 [ 135.749139] ? alloc_pid+0xc1/0xa00 [ 135.752749] ? __radix_tree_replace+0x1af/0x310 [ 135.757406] ? radix_tree_delete+0x30/0x30 [ 135.761624] ? node_tag_clear+0xf2/0x180 [ 135.765669] ? proc_get_inode+0x620/0x620 [ 135.769796] mount_ns+0x6d/0x190 [ 135.773146] proc_mount+0x7a/0x90 [ 135.776581] mount_fs+0x66/0x2d0 [ 135.779937] vfs_kern_mount.part.26+0xc6/0x4a0 [ 135.784504] ? may_umount+0xa0/0xa0 [ 135.788114] ? idr_alloc_cyclic+0x1d6/0x320 [ 135.792419] ? do_raw_spin_trylock+0x190/0x190 [ 135.796984] ? idr_alloc+0x180/0x180 [ 135.800686] kern_mount_data+0x50/0xb0 [ 135.804557] pid_ns_prepare_proc+0x1e/0x80 [ 135.808773] alloc_pid+0x87e/0xa00 [ 135.812297] ? __change_pid+0x400/0x400 [ 135.816251] ? ns_capable_common+0xcf/0x160 [ 135.820560] ? memset+0x31/0x40 [ 135.823822] ? copy_thread_tls+0x268/0x8f0 [ 135.828045] copy_process.part.38+0x2516/0x4bd0 [ 135.832704] ? __cleanup_sighand+0x40/0x40 [ 135.836932] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 135.842110] ? __lock_acquire+0x664/0x3e00 [ 135.846327] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 135.851505] ? perf_trace_lock+0xd6/0x900 [ 135.855644] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 135.860816] ? perf_trace_lock+0xd6/0x900 [ 135.864947] ? mntput_no_expire+0x130/0xa90 [ 135.869264] ? trace_event_raw_event_lock+0x340/0x340 [ 135.874435] ? perf_trace_lock+0xd6/0x900 [ 135.878569] ? lock_acquire+0x1d5/0x580 [ 135.882528] ? trace_hardirqs_off+0x10/0x10 [ 135.886848] ? perf_trace_lock+0xd6/0x900 [ 135.891007] ? find_held_lock+0x35/0x1d0 [ 135.895065] ? perf_trace_lock+0xd6/0x900 [ 135.899206] ? trace_event_raw_event_lock+0x340/0x340 [ 135.904386] ? _parse_integer+0x140/0x140 [ 135.908527] ? trace_hardirqs_off+0x10/0x10 [ 135.912835] ? get_pid_task+0x93/0x140 [ 135.916720] ? perf_trace_lock+0xd6/0x900 [ 135.920857] ? find_held_lock+0x35/0x1d0 [ 135.924916] ? __f_unlock_pos+0x19/0x20 [ 135.928882] ? lock_downgrade+0x980/0x980 [ 135.933019] ? get_pid_task+0xbc/0x140 [ 135.936899] ? proc_fail_nth_write+0x9b/0x1d0 [ 135.941380] ? map_files_get_link+0x3a0/0x3a0 [ 135.945871] ? handle_mm_fault+0x35b/0xb10 [ 135.950111] _do_fork+0x1f7/0xf70 [ 135.953553] ? fork_idle+0x2d0/0x2d0 [ 135.957255] ? wait_for_completion+0x770/0x770 [ 135.961832] ? __sb_end_write+0xa0/0xd0 [ 135.965790] ? fput+0xd2/0x140 [ 135.968962] ? SyS_write+0x184/0x220 [ 135.972659] ? SyS_read+0x220/0x220 [ 135.976268] SyS_clone+0x37/0x50 [ 135.979613] ? sys_vfork+0x30/0x30 [ 135.983137] do_syscall_64+0x281/0x940 [ 135.987007] ? vmalloc_sync_all+0x30/0x30 [ 135.991142] ? _raw_spin_unlock_irq+0x27/0x70 [ 135.995618] ? finish_task_switch+0x1c1/0x7e0 [ 136.000098] ? syscall_return_slowpath+0x550/0x550 [ 136.005012] ? syscall_return_slowpath+0x2ac/0x550 [ 136.009929] ? prepare_exit_to_usermode+0x350/0x350 [ 136.014932] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 136.020282] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 136.025112] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 136.030286] RIP: 0033:0x454e79 [ 136.033453] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 136.041143] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 136.048393] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 136.055645] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 136.062901] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 136.070166] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000020 2018/03/31 10:51:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:32 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:32 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x0, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:32 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) r2 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, r2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:32 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x0, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:32 executing program 6 (fault-call:10 fault-nth:33): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 136.141510] xprt_adjust_timeout: rq_timeout = 0! [ 136.157657] xprt_adjust_timeout: rq_timeout = 0! [ 136.163550] binder: 10095:10096 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:32 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={0xffffffffffffffff, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:32 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x0, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 136.247369] FAULT_INJECTION: forcing a failure. [ 136.247369] name failslab, interval 1, probability 0, space 0, times 0 [ 136.258716] CPU: 1 PID: 10104 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 136.265906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.275263] Call Trace: [ 136.277857] dump_stack+0x194/0x24d [ 136.281497] ? arch_local_irq_restore+0x53/0x53 [ 136.286185] ? __save_stack_trace+0x7e/0xd0 [ 136.290536] should_fail+0x8c0/0xa40 2018/03/31 10:51:32 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) [ 136.294261] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 136.299375] ? kasan_kmalloc+0xad/0xe0 [ 136.303267] ? kmem_cache_alloc_trace+0x136/0x740 [ 136.308115] ? __memcg_init_list_lru_node+0x169/0x270 [ 136.313307] ? __list_lru_init+0x544/0x750 [ 136.317544] ? sget_userns+0x691/0xe40 [ 136.321438] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 136.326210] ? kern_mount_data+0x50/0xb0 [ 136.330282] ? pid_ns_prepare_proc+0x1e/0x80 [ 136.334690] ? alloc_pid+0x87e/0xa00 [ 136.338407] ? copy_process.part.38+0x2516/0x4bd0 [ 136.343253] ? _do_fork+0x1f7/0xf70 [ 136.346876] ? SyS_clone+0x37/0x50 [ 136.350427] ? find_held_lock+0x35/0x1d0 [ 136.354487] ? __lock_is_held+0xb6/0x140 [ 136.358543] ? check_same_owner+0x320/0x320 [ 136.362855] ? rcu_note_context_switch+0x710/0x710 [ 136.367780] should_failslab+0xec/0x120 [ 136.371746] kmem_cache_alloc_trace+0x4b/0x740 [ 136.376311] ? __kmalloc_node+0x33/0x70 [ 136.380262] ? __kmalloc_node+0x33/0x70 [ 136.384218] ? rcu_read_lock_sched_held+0x108/0x120 [ 136.389218] __memcg_init_list_lru_node+0x169/0x270 [ 136.394213] ? list_lru_add+0x7c0/0x7c0 [ 136.398167] ? __kmalloc_node+0x47/0x70 [ 136.402122] __list_lru_init+0x544/0x750 [ 136.406163] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 136.412040] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 136.417041] ? __lockdep_init_map+0xe4/0x650 [ 136.421429] ? lockdep_init_map+0x9/0x10 [ 136.425470] sget_userns+0x691/0xe40 [ 136.429163] ? set_anon_super+0x20/0x20 [ 136.433119] ? put_filp+0x90/0x90 [ 136.436551] ? destroy_unused_super.part.6+0xd0/0xd0 [ 136.441634] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 136.446633] ? perf_trace_lock+0xd6/0x900 [ 136.450762] ? save_stack+0xa3/0xd0 [ 136.454371] ? kasan_slab_alloc+0x12/0x20 [ 136.458501] ? alloc_pid+0xc1/0xa00 [ 136.462112] ? __radix_tree_replace+0x1af/0x310 [ 136.466762] ? radix_tree_delete+0x30/0x30 [ 136.470977] ? node_tag_clear+0xf2/0x180 [ 136.475030] ? proc_get_inode+0x620/0x620 [ 136.479158] mount_ns+0x6d/0x190 [ 136.482507] proc_mount+0x7a/0x90 [ 136.485942] mount_fs+0x66/0x2d0 [ 136.489290] vfs_kern_mount.part.26+0xc6/0x4a0 [ 136.493853] ? may_umount+0xa0/0xa0 [ 136.497458] ? idr_alloc_cyclic+0x1d6/0x320 [ 136.501761] ? do_raw_spin_trylock+0x190/0x190 [ 136.506323] ? idr_alloc+0x180/0x180 [ 136.510027] kern_mount_data+0x50/0xb0 [ 136.513896] pid_ns_prepare_proc+0x1e/0x80 [ 136.518108] alloc_pid+0x87e/0xa00 [ 136.521630] ? __change_pid+0x400/0x400 [ 136.525584] ? ns_capable_common+0xcf/0x160 [ 136.529894] ? memset+0x31/0x40 [ 136.533153] ? copy_thread_tls+0x268/0x8f0 [ 136.537372] copy_process.part.38+0x2516/0x4bd0 [ 136.542036] ? __cleanup_sighand+0x40/0x40 [ 136.546255] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 136.551428] ? lock_release+0xa40/0xa40 [ 136.555387] ? trace_hardirqs_off+0x10/0x10 [ 136.559689] ? __lock_is_held+0xb6/0x140 [ 136.563745] ? perf_trace_lock+0xd6/0x900 [ 136.567876] ? trace_event_raw_event_lock+0x340/0x340 [ 136.573053] ? __perf_event_task_sched_out+0x267/0x14b0 [ 136.578398] ? trace_hardirqs_off+0x10/0x10 [ 136.582699] ? perf_trace_lock+0xd6/0x900 [ 136.586828] ? __perf_event_task_sched_in+0x200/0xc20 [ 136.591997] ? perf_trace_lock+0xd6/0x900 [ 136.596130] ? perf_event_sync_stat+0x5b0/0x5b0 [ 136.600783] ? find_held_lock+0x35/0x1d0 [ 136.604828] ? finish_task_switch+0x1c1/0x7e0 [ 136.609306] ? lock_downgrade+0x980/0x980 [ 136.613439] ? do_raw_spin_trylock+0x190/0x190 [ 136.618007] ? _raw_spin_unlock_irq+0x27/0x70 [ 136.622491] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 136.627491] ? trace_hardirqs_on+0xd/0x10 [ 136.631620] ? _raw_spin_unlock_irq+0x27/0x70 [ 136.636094] ? finish_task_switch+0x182/0x7e0 [ 136.640580] ? __schedule+0x903/0x1ec0 [ 136.644450] ? __sched_text_start+0x8/0x8 [ 136.648580] ? get_pid_task+0xbc/0x140 [ 136.652449] ? proc_fail_nth_write+0x9b/0x1d0 [ 136.656923] ? map_files_get_link+0x3a0/0x3a0 [ 136.661403] ? handle_mm_fault+0x35b/0xb10 [ 136.665622] _do_fork+0x1f7/0xf70 [ 136.669062] ? fork_idle+0x2d0/0x2d0 [ 136.672758] ? wait_for_completion+0x770/0x770 [ 136.677319] ? schedule+0xf5/0x430 [ 136.680843] ? __schedule+0x1ec0/0x1ec0 [ 136.684803] ? __sb_end_write+0xa0/0xd0 [ 136.688757] ? exit_to_usermode_loop+0x8c/0x2f0 [ 136.693408] ? trace_hardirqs_off+0xd/0x10 [ 136.697619] ? exit_to_usermode_loop+0x198/0x2f0 [ 136.702356] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 136.707874] SyS_clone+0x37/0x50 [ 136.711219] ? sys_vfork+0x30/0x30 [ 136.714742] do_syscall_64+0x281/0x940 [ 136.718611] ? vmalloc_sync_all+0x30/0x30 [ 136.722740] ? _raw_spin_unlock_irq+0x27/0x70 [ 136.727215] ? finish_task_switch+0x1c1/0x7e0 [ 136.731689] ? syscall_return_slowpath+0x550/0x550 [ 136.736597] ? syscall_return_slowpath+0x2ac/0x550 [ 136.741504] ? prepare_exit_to_usermode+0x350/0x350 [ 136.746500] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 136.751847] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 136.756673] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 136.761840] RIP: 0033:0x454e79 [ 136.765018] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 136.772709] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 136.779959] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 136.787208] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 2018/03/31 10:51:33 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) [ 136.794457] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 136.801705] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000021 2018/03/31 10:51:33 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x0, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:33 executing program 6 (fault-call:10 fault-nth:34): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 136.869557] xprt_adjust_timeout: rq_timeout = 0! [ 136.906466] xprt_adjust_timeout: rq_timeout = 0! [ 136.942372] FAULT_INJECTION: forcing a failure. [ 136.942372] name failslab, interval 1, probability 0, space 0, times 0 [ 136.953846] CPU: 0 PID: 10134 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 136.961038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.970404] Call Trace: [ 136.973006] dump_stack+0x194/0x24d [ 136.976650] ? arch_local_irq_restore+0x53/0x53 [ 136.981341] should_fail+0x8c0/0xa40 [ 136.985066] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 136.990182] ? save_stack+0x43/0xd0 [ 136.993812] ? kasan_kmalloc+0xad/0xe0 [ 136.997707] ? __kmalloc+0x162/0x760 [ 137.001338] binder: 10095:10139 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 137.001417] ? __list_lru_init+0xcf/0x750 [ 137.012465] ? find_held_lock+0x35/0x1d0 [ 137.016525] ? __lock_is_held+0xb6/0x140 [ 137.020586] ? check_same_owner+0x320/0x320 [ 137.024897] ? rcu_note_context_switch+0x710/0x710 [ 137.029831] should_failslab+0xec/0x120 [ 137.033796] kmem_cache_alloc_node_trace+0x5a/0x760 [ 137.038796] ? mark_held_locks+0xaf/0x100 [ 137.042938] ? __raw_spin_lock_init+0x1c/0x100 [ 137.047524] __kmalloc_node+0x33/0x70 [ 137.051326] kvmalloc_node+0x99/0xd0 [ 137.055037] __list_lru_init+0x5d5/0x750 [ 137.059084] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 137.064951] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 137.069954] ? lockdep_init_map+0x9/0x10 [ 137.074014] sget_userns+0x6b1/0xe40 [ 137.077728] ? set_anon_super+0x20/0x20 [ 137.081714] ? put_filp+0x90/0x90 [ 137.085162] ? destroy_unused_super.part.6+0xd0/0xd0 [ 137.090257] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 137.095255] ? perf_trace_lock+0xd6/0x900 [ 137.099385] ? save_stack+0xa3/0xd0 [ 137.102995] ? kasan_slab_alloc+0x12/0x20 [ 137.107124] ? alloc_pid+0xc1/0xa00 [ 137.110741] ? __radix_tree_replace+0x1af/0x310 [ 137.115406] ? radix_tree_delete+0x30/0x30 [ 137.119637] ? node_tag_clear+0xf2/0x180 [ 137.123700] ? proc_get_inode+0x620/0x620 [ 137.127853] mount_ns+0x6d/0x190 [ 137.131224] proc_mount+0x7a/0x90 [ 137.134679] mount_fs+0x66/0x2d0 [ 137.138048] vfs_kern_mount.part.26+0xc6/0x4a0 [ 137.142636] ? may_umount+0xa0/0xa0 [ 137.146263] ? idr_alloc_cyclic+0x1d6/0x320 [ 137.150573] ? do_raw_spin_trylock+0x190/0x190 [ 137.155134] ? idr_alloc+0x180/0x180 [ 137.158836] kern_mount_data+0x50/0xb0 [ 137.162703] pid_ns_prepare_proc+0x1e/0x80 [ 137.166916] alloc_pid+0x87e/0xa00 [ 137.170438] ? __change_pid+0x400/0x400 [ 137.174389] ? ns_capable_common+0xcf/0x160 [ 137.178711] ? memset+0x31/0x40 [ 137.181978] ? copy_thread_tls+0x268/0x8f0 [ 137.186195] copy_process.part.38+0x2516/0x4bd0 [ 137.190865] ? __cleanup_sighand+0x40/0x40 [ 137.195092] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 137.200272] ? __lock_acquire+0x664/0x3e00 [ 137.204508] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 137.209700] ? perf_trace_lock+0xd6/0x900 [ 137.213864] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 137.219050] ? perf_trace_lock+0xd6/0x900 [ 137.223180] ? mntput_no_expire+0x130/0xa90 [ 137.227489] ? trace_event_raw_event_lock+0x340/0x340 [ 137.232659] ? perf_trace_lock+0xd6/0x900 [ 137.236793] ? lock_acquire+0x1d5/0x580 [ 137.240749] ? trace_hardirqs_off+0x10/0x10 [ 137.245055] ? perf_trace_lock+0xd6/0x900 [ 137.249192] ? find_held_lock+0x35/0x1d0 [ 137.253238] ? perf_trace_lock+0xd6/0x900 [ 137.257371] ? trace_event_raw_event_lock+0x340/0x340 [ 137.262542] ? _parse_integer+0x140/0x140 [ 137.266679] ? trace_hardirqs_off+0x10/0x10 [ 137.270986] ? get_pid_task+0x93/0x140 [ 137.274859] ? perf_trace_lock+0xd6/0x900 [ 137.278996] ? find_held_lock+0x35/0x1d0 [ 137.283052] ? __f_unlock_pos+0x19/0x20 [ 137.287011] ? lock_downgrade+0x980/0x980 [ 137.291146] ? get_pid_task+0xbc/0x140 [ 137.295020] ? proc_fail_nth_write+0x9b/0x1d0 [ 137.299503] ? map_files_get_link+0x3a0/0x3a0 [ 137.303981] ? handle_mm_fault+0x35b/0xb10 [ 137.308198] _do_fork+0x1f7/0xf70 [ 137.311645] ? fork_idle+0x2d0/0x2d0 [ 137.315340] ? wait_for_completion+0x770/0x770 [ 137.319921] ? __sb_end_write+0xa0/0xd0 [ 137.323878] ? fput+0xd2/0x140 [ 137.327055] ? SyS_write+0x184/0x220 [ 137.330748] ? SyS_read+0x220/0x220 [ 137.334355] SyS_clone+0x37/0x50 [ 137.337703] ? sys_vfork+0x30/0x30 [ 137.341225] do_syscall_64+0x281/0x940 [ 137.345091] ? vmalloc_sync_all+0x30/0x30 [ 137.349231] ? _raw_spin_unlock_irq+0x27/0x70 [ 137.353719] ? finish_task_switch+0x1c1/0x7e0 [ 137.358209] ? syscall_return_slowpath+0x550/0x550 [ 137.363125] ? syscall_return_slowpath+0x2ac/0x550 [ 137.368041] ? prepare_exit_to_usermode+0x350/0x350 [ 137.373048] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 137.378398] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.383225] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 137.388393] RIP: 0033:0x454e79 2018/03/31 10:51:34 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000080)={0x10}) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)=ANY=[@ANYBLOB="00000000000000000000f743f49b7b0d2f32edb80ccd280a1d826336934fbfedb8416b2dc2700d723abc07ed8657856ed3fc1ccb53913d497c5682ef15c74c4606e242de96effbcee7adb5bdb17dc8a6ef8a492f0548c7ac9207641da2cc03c74671cd1cb5fabed23da89550db0f0d997b01f5ac48403a403883450328b7fd688559c1eead67e6cb5a5241a25c279727fa9686f3dd0c0fb3ee2606f0648a01fc5b4ec027a61f6d8cb1a6b7d71b5d29503b3a63ebd245feea5b"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x10) statx(r2, &(0x7f0000000040)='./file1\x00', 0x6000, 0x7ff, &(0x7f0000000380)) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:34 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={0xffffffffffffffff, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:34 executing program 4: clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x0, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:34 executing program 6 (fault-call:10 fault-nth:35): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 137.391560] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 137.399250] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 137.406503] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 137.413753] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 137.421004] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 137.428259] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000022 2018/03/31 10:51:34 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x0, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:34 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r2 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, r2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 137.499640] FAULT_INJECTION: forcing a failure. [ 137.499640] name failslab, interval 1, probability 0, space 0, times 0 [ 137.510986] CPU: 0 PID: 10145 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 137.518197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.527538] Call Trace: [ 137.530115] dump_stack+0x194/0x24d [ 137.533722] ? arch_local_irq_restore+0x53/0x53 [ 137.538375] should_fail+0x8c0/0xa40 [ 137.542079] ? is_bpf_text_address+0xa4/0x120 [ 137.546554] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 137.551636] ? __kernel_text_address+0xd/0x40 [ 137.556114] ? unwind_get_return_address+0x61/0xa0 [ 137.561046] ? find_held_lock+0x35/0x1d0 [ 137.565093] ? __lock_is_held+0xb6/0x140 [ 137.569146] ? check_same_owner+0x320/0x320 [ 137.573451] ? rcu_note_context_switch+0x710/0x710 [ 137.578367] should_failslab+0xec/0x120 [ 137.582324] kmem_cache_alloc_trace+0x4b/0x740 [ 137.586886] ? __kmalloc_node+0x33/0x70 [ 137.590839] ? __kmalloc_node+0x33/0x70 [ 137.594794] ? rcu_read_lock_sched_held+0x108/0x120 [ 137.599799] __memcg_init_list_lru_node+0x169/0x270 [ 137.604799] ? list_lru_add+0x7c0/0x7c0 [ 137.608758] ? __kmalloc_node+0x47/0x70 [ 137.612717] __list_lru_init+0x544/0x750 [ 137.616763] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 137.622631] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 137.627631] ? lockdep_init_map+0x9/0x10 [ 137.631676] sget_userns+0x6b1/0xe40 [ 137.635371] ? set_anon_super+0x20/0x20 [ 137.639328] ? put_filp+0x90/0x90 [ 137.642760] ? destroy_unused_super.part.6+0xd0/0xd0 [ 137.647846] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 137.652845] ? perf_trace_lock+0xd6/0x900 [ 137.656985] ? save_stack+0xa3/0xd0 [ 137.660594] ? kasan_slab_alloc+0x12/0x20 [ 137.664721] ? alloc_pid+0xc1/0xa00 [ 137.668333] ? __radix_tree_replace+0x1af/0x310 [ 137.672984] ? radix_tree_delete+0x30/0x30 [ 137.677200] ? node_tag_clear+0xf2/0x180 [ 137.681334] ? proc_get_inode+0x620/0x620 [ 137.685475] mount_ns+0x6d/0x190 [ 137.688827] proc_mount+0x7a/0x90 [ 137.692261] mount_fs+0x66/0x2d0 [ 137.695613] vfs_kern_mount.part.26+0xc6/0x4a0 [ 137.700177] ? may_umount+0xa0/0xa0 [ 137.703781] ? idr_alloc_cyclic+0x1d6/0x320 [ 137.708089] ? do_raw_spin_trylock+0x190/0x190 [ 137.712649] ? idr_alloc+0x180/0x180 [ 137.716345] kern_mount_data+0x50/0xb0 [ 137.720211] pid_ns_prepare_proc+0x1e/0x80 [ 137.724515] alloc_pid+0x87e/0xa00 [ 137.728040] ? __change_pid+0x400/0x400 [ 137.731990] ? ns_capable_common+0xcf/0x160 [ 137.736300] ? memset+0x31/0x40 [ 137.739561] ? copy_thread_tls+0x268/0x8f0 [ 137.743778] copy_process.part.38+0x2516/0x4bd0 [ 137.748434] ? __cleanup_sighand+0x40/0x40 [ 137.752656] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 137.757830] ? __lock_acquire+0x664/0x3e00 [ 137.762049] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 137.767222] ? perf_trace_lock+0xd6/0x900 [ 137.771357] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 137.776523] ? perf_trace_lock+0xd6/0x900 [ 137.780676] ? mntput_no_expire+0x130/0xa90 [ 137.784982] ? trace_event_raw_event_lock+0x340/0x340 [ 137.790154] ? perf_trace_lock+0xd6/0x900 [ 137.794293] ? lock_acquire+0x1d5/0x580 [ 137.798246] ? trace_hardirqs_off+0x10/0x10 [ 137.802548] ? perf_trace_lock+0xd6/0x900 [ 137.806684] ? find_held_lock+0x35/0x1d0 [ 137.810727] ? perf_trace_lock+0xd6/0x900 [ 137.814859] ? trace_event_raw_event_lock+0x340/0x340 [ 137.820033] ? _parse_integer+0x140/0x140 [ 137.824166] ? trace_hardirqs_off+0x10/0x10 [ 137.828470] ? get_pid_task+0x93/0x140 [ 137.832337] ? perf_trace_lock+0xd6/0x900 [ 137.836471] ? find_held_lock+0x35/0x1d0 [ 137.840515] ? __f_unlock_pos+0x19/0x20 [ 137.844467] ? lock_downgrade+0x980/0x980 [ 137.848593] ? get_pid_task+0xbc/0x140 [ 137.852459] ? proc_fail_nth_write+0x9b/0x1d0 [ 137.856932] ? map_files_get_link+0x3a0/0x3a0 [ 137.861408] ? handle_mm_fault+0x35b/0xb10 [ 137.865628] _do_fork+0x1f7/0xf70 [ 137.869075] ? fork_idle+0x2d0/0x2d0 [ 137.872946] ? wait_for_completion+0x770/0x770 [ 137.877522] ? __sb_end_write+0xa0/0xd0 [ 137.881479] ? fput+0xd2/0x140 [ 137.884650] ? SyS_write+0x184/0x220 [ 137.888342] ? SyS_read+0x220/0x220 [ 137.891951] SyS_clone+0x37/0x50 [ 137.895295] ? sys_vfork+0x30/0x30 [ 137.898822] do_syscall_64+0x281/0x940 [ 137.902692] ? vmalloc_sync_all+0x30/0x30 [ 137.906821] ? _raw_spin_unlock_irq+0x27/0x70 [ 137.911294] ? finish_task_switch+0x1c1/0x7e0 [ 137.915773] ? syscall_return_slowpath+0x550/0x550 [ 137.920683] ? syscall_return_slowpath+0x2ac/0x550 [ 137.925616] ? prepare_exit_to_usermode+0x350/0x350 [ 137.930616] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 137.935963] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.940789] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 137.945961] RIP: 0033:0x454e79 [ 137.949127] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 137.956825] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 137.964073] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 137.971321] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 137.978571] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 137.985818] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000023 2018/03/31 10:51:34 executing program 4: clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:34 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={0xffffffffffffffff, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 138.001258] binder: 10160:10161 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 138.023540] xprt_adjust_timeout: rq_timeout = 0! [ 138.043130] xprt_adjust_timeout: rq_timeout = 0! [ 138.156292] xprt_adjust_timeout: rq_timeout = 0! [ 138.290930] binder: 10160:10182 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:35 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) time(&(0x7f0000000000)) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="032a0081e8be4c4e02001800"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r3 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) fcntl$setflags(r2, 0x2, 0x1) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/39, 0x27}, {&(0x7f0000000380)=""/207, 0xcf}, {&(0x7f0000000540)=""/247, 0xf7}, {&(0x7f0000000080)=""/7, 0x7}, {&(0x7f0000000700)=""/161, 0xa1}], 0x5, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) setsockopt$ax25_int(r3, 0x101, 0x7, &(0x7f00000001c0)=0x9, 0x4) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f00000007c0)={0x160, 0x12, 0x6, 0x4, 0x70bd2a, 0x25dfdbff, {0xc, 0x0, 0x4}, [@typed={0x8, 0x90, @u32=0x200}, @generic="d884f037ba1c2840a910b47e6a611bd411e5855de8de6158ea460e1387895589a11269433aca092fa12b8313957746871da8841de18b7ba1192f7d9f6a54dd582af0ad217ef6131b72e0574f38b4f04431efaf9f22a697e407725339472c", @generic="9453ec35a7bcbb1fa962cb173373610cb7f18f83cde25018aedf8ed4dc015edecdd2eb95ded9c78fc9930a703730c61d87a9cd59836c238616c531f02ef1a5efd96cb29e2d91d492a5b35e4162df026be0d5229cdaa55585a8d6fb3a446c49beade477b5509b8b611209a5ab2fc83b6c58b0ab84b226ce88be392cf6f514d793fcf02f4fedd755f86f9055202c96860b846c0e428edfb20e4c91d8f9c2a271278c1c2d4ef71fc03e6bb44279b5cfb1251ef6be546f16e712e7b84ace4571286d8de77b0a301e9c9922ca5317b04053f2266b2b31e732f0fbfb7dc4b6f29e", @typed={0x8, 0x15, @u32=0x3}]}, 0x160}, 0x1, 0x0, 0x0, 0xe05973c7808e9829}, 0x4000004) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:35 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x0, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:35 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x0, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:35 executing program 6 (fault-call:10 fault-nth:36): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:35 executing program 4: clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:35 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={r4, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:35 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r2 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, r2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 138.487254] FAULT_INJECTION: forcing a failure. [ 138.487254] name failslab, interval 1, probability 0, space 0, times 0 [ 138.498540] CPU: 0 PID: 10190 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 138.505727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.515067] Call Trace: [ 138.517644] dump_stack+0x194/0x24d [ 138.521257] ? arch_local_irq_restore+0x53/0x53 [ 138.525907] ? __save_stack_trace+0x7e/0xd0 [ 138.530211] should_fail+0x8c0/0xa40 [ 138.533921] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 138.539000] ? kasan_kmalloc+0xad/0xe0 [ 138.542871] ? kmem_cache_alloc_trace+0x136/0x740 [ 138.547692] ? __memcg_init_list_lru_node+0x169/0x270 [ 138.552855] ? __list_lru_init+0x544/0x750 [ 138.557067] ? sget_userns+0x6b1/0xe40 [ 138.560935] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 138.565670] ? kern_mount_data+0x50/0xb0 [ 138.569709] ? pid_ns_prepare_proc+0x1e/0x80 [ 138.574092] ? alloc_pid+0x87e/0xa00 [ 138.577787] ? copy_process.part.38+0x2516/0x4bd0 [ 138.582608] ? _do_fork+0x1f7/0xf70 [ 138.586212] ? SyS_clone+0x37/0x50 [ 138.589735] ? find_held_lock+0x35/0x1d0 [ 138.593781] ? __lock_is_held+0xb6/0x140 [ 138.597825] ? check_same_owner+0x320/0x320 [ 138.602219] ? rcu_note_context_switch+0x710/0x710 [ 138.607136] should_failslab+0xec/0x120 [ 138.611094] kmem_cache_alloc_trace+0x4b/0x740 [ 138.615657] ? __kmalloc_node+0x33/0x70 [ 138.619612] ? __kmalloc_node+0x33/0x70 [ 138.623575] ? rcu_read_lock_sched_held+0x108/0x120 [ 138.628694] __memcg_init_list_lru_node+0x169/0x270 [ 138.633693] ? list_lru_add+0x7c0/0x7c0 [ 138.637653] ? __kmalloc_node+0x47/0x70 [ 138.641607] __list_lru_init+0x544/0x750 [ 138.645646] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 138.651512] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 138.656512] ? lockdep_init_map+0x9/0x10 [ 138.660554] sget_userns+0x6b1/0xe40 [ 138.664246] ? set_anon_super+0x20/0x20 [ 138.668199] ? put_filp+0x90/0x90 [ 138.671629] ? destroy_unused_super.part.6+0xd0/0xd0 [ 138.676713] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 138.681708] ? save_stack+0xa3/0xd0 [ 138.685311] ? save_stack+0x43/0xd0 [ 138.688915] ? kasan_slab_alloc+0x12/0x20 [ 138.693038] ? kmem_cache_alloc+0x12e/0x760 [ 138.697337] ? alloc_pid+0xc1/0xa00 [ 138.700945] ? __radix_tree_replace+0x1af/0x310 [ 138.705594] ? radix_tree_delete+0x30/0x30 [ 138.709810] ? node_tag_clear+0xf2/0x180 [ 138.713853] ? proc_get_inode+0x620/0x620 [ 138.717979] mount_ns+0x6d/0x190 [ 138.721331] proc_mount+0x7a/0x90 [ 138.724763] mount_fs+0x66/0x2d0 [ 138.728113] vfs_kern_mount.part.26+0xc6/0x4a0 [ 138.732674] ? may_umount+0xa0/0xa0 [ 138.736278] ? idr_alloc_cyclic+0x1d6/0x320 [ 138.740577] ? do_raw_spin_trylock+0x190/0x190 [ 138.745138] ? idr_alloc+0x180/0x180 [ 138.748838] kern_mount_data+0x50/0xb0 [ 138.752701] pid_ns_prepare_proc+0x1e/0x80 [ 138.756998] alloc_pid+0x87e/0xa00 [ 138.760522] ? __change_pid+0x400/0x400 [ 138.764472] ? ns_capable_common+0xcf/0x160 [ 138.768780] ? memset+0x31/0x40 [ 138.772039] ? copy_thread_tls+0x268/0x8f0 [ 138.776253] copy_process.part.38+0x2516/0x4bd0 [ 138.780905] ? __cleanup_sighand+0x40/0x40 [ 138.785126] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 138.790298] ? __lock_acquire+0x664/0x3e00 [ 138.794510] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 138.799676] ? environ_open+0x80/0x80 [ 138.803458] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 138.808629] ? __lock_acquire+0x664/0x3e00 [ 138.812837] ? mntput_no_expire+0x130/0xa90 [ 138.817137] ? print_irqtrace_events+0x270/0x270 [ 138.821869] ? trace_hardirqs_off+0x10/0x10 [ 138.826181] ? lock_acquire+0x1d5/0x580 [ 138.830131] ? trace_hardirqs_off+0x10/0x10 [ 138.834434] ? trace_hardirqs_off+0x10/0x10 [ 138.838732] ? __lock_acquire+0x664/0x3e00 [ 138.842944] ? check_same_owner+0x320/0x320 [ 138.847247] ? find_held_lock+0x35/0x1d0 [ 138.851293] ? _parse_integer+0xe9/0x140 [ 138.855338] ? trace_hardirqs_off+0x10/0x10 [ 138.859638] ? _parse_integer+0x140/0x140 [ 138.863769] ? trace_hardirqs_off+0x10/0x10 [ 138.869198] ? get_pid_task+0x93/0x140 [ 138.873062] ? lock_downgrade+0x980/0x980 [ 138.877189] ? find_held_lock+0x35/0x1d0 [ 138.881231] ? __f_unlock_pos+0x19/0x20 [ 138.885181] ? lock_downgrade+0x980/0x980 [ 138.889304] ? get_pid_task+0xbc/0x140 [ 138.893166] ? proc_fail_nth_write+0x9b/0x1d0 [ 138.897639] ? map_files_get_link+0x3a0/0x3a0 [ 138.902114] ? handle_mm_fault+0x35b/0xb10 [ 138.906329] _do_fork+0x1f7/0xf70 [ 138.909766] ? fork_idle+0x2d0/0x2d0 [ 138.913546] ? wait_for_completion+0x770/0x770 [ 138.918111] ? __lock_is_held+0xb6/0x140 [ 138.922154] ? __sb_end_write+0xa0/0xd0 [ 138.926104] ? fput+0xd2/0x140 [ 138.929286] ? SyS_write+0x184/0x220 [ 138.932977] ? SyS_read+0x220/0x220 [ 138.936584] SyS_clone+0x37/0x50 [ 138.939927] ? sys_vfork+0x30/0x30 [ 138.943444] do_syscall_64+0x281/0x940 [ 138.947314] ? vmalloc_sync_all+0x30/0x30 [ 138.951441] ? _raw_spin_unlock_irq+0x27/0x70 [ 138.955921] ? finish_task_switch+0x1c1/0x7e0 [ 138.960394] ? syscall_return_slowpath+0x550/0x550 [ 138.965303] ? syscall_return_slowpath+0x2ac/0x550 [ 138.970212] ? prepare_exit_to_usermode+0x350/0x350 [ 138.975209] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 138.980550] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 138.985983] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 138.991148] RIP: 0033:0x454e79 [ 138.994315] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 139.002009] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 139.009262] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 139.016858] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 139.024106] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 139.031356] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000024 2018/03/31 10:51:35 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:35 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40000000000040}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) r1 = msgget$private(0x0, 0x84) msgctl$IPC_RMID(r1, 0x0) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 139.042489] binder: 10195:10198 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 139.063261] xprt_adjust_timeout: rq_timeout = 0! [ 139.068392] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:35 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x0, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:35 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 139.204159] xprt_adjust_timeout: rq_timeout = 0! [ 139.282362] binder: 10195:10233 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:36 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={r4, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:36 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:36 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x0, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:36 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)=ANY=[@ANYBLOB="f76d0000000000fa0300000037d06af39c533234511cbc48c9880ff1238d914ba92a06d593f7f99e0ee7d96315aa110372ebfbe6381be9cdcb2726af930879eedc1b5634d37a6b38689f38cc4af13de0a2dbe120f215c5df0745dae773a3f9b860ff6a52e10ded0096b18a2a5dab96c1bc71db2603dc62cfaac856a444e2f56158dbb6c3a6cc56d9f31080929e3202264835490c6640b8ee22179c0f126df0378ee85e733b6f933630e10a50713633626a873d2cb711b8bdf98a7264c0915da2f170422723001aca12f2eb5f89dcdd775bf7e9605d532f94d6b47b9f8261e4abbd"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) setsockopt$llc_int(r1, 0x10c, 0x4, &(0x7f0000000040), 0x4) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:36 executing program 6 (fault-call:10 fault-nth:37): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:36 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r2 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r3 = dup2(0xffffffffffffffff, r2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:36 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:36 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x0, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:36 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) [ 140.070893] xprt_adjust_timeout: rq_timeout = 0! [ 140.072978] binder: 10246:10252 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 140.083272] FAULT_INJECTION: forcing a failure. [ 140.083272] name failslab, interval 1, probability 0, space 0, times 0 [ 140.094560] CPU: 0 PID: 10249 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 140.101749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.111127] Call Trace: [ 140.113722] dump_stack+0x194/0x24d 2018/03/31 10:51:36 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) [ 140.117364] ? arch_local_irq_restore+0x53/0x53 [ 140.122034] ? finish_task_switch+0x1c1/0x7e0 [ 140.126532] ? finish_task_switch+0x182/0x7e0 [ 140.131042] should_fail+0x8c0/0xa40 [ 140.134770] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 140.139885] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 140.144650] ? __sched_text_start+0x8/0x8 [ 140.148818] ? find_held_lock+0x35/0x1d0 [ 140.152891] ? __lock_is_held+0xb6/0x140 [ 140.156964] ? check_same_owner+0x320/0x320 [ 140.161293] should_failslab+0xec/0x120 [ 140.165267] kmem_cache_alloc_trace+0x4b/0x740 [ 140.169853] ? __kmalloc_node+0x33/0x70 [ 140.174089] ? __kmalloc_node+0x33/0x70 [ 140.178070] ? rcu_read_lock_sched_held+0x108/0x120 [ 140.183093] __memcg_init_list_lru_node+0x169/0x270 [ 140.188113] ? list_lru_add+0x7c0/0x7c0 [ 140.192089] ? __kmalloc_node+0x47/0x70 [ 140.196069] __list_lru_init+0x544/0x750 [ 140.200135] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 140.206026] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 140.211050] ? lockdep_init_map+0x9/0x10 [ 140.215113] sget_userns+0x6b1/0xe40 [ 140.218825] ? set_anon_super+0x20/0x20 [ 140.222801] ? put_filp+0x90/0x90 [ 140.226258] ? destroy_unused_super.part.6+0xd0/0xd0 [ 140.231367] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 140.236388] ? save_stack+0xa3/0xd0 [ 140.240019] ? save_stack+0x43/0xd0 [ 140.243652] ? kasan_slab_alloc+0x12/0x20 [ 140.247802] ? kmem_cache_alloc+0x12e/0x760 [ 140.253117] ? alloc_pid+0xc1/0xa00 [ 140.256757] ? __radix_tree_replace+0x1af/0x310 [ 140.261414] ? radix_tree_delete+0x30/0x30 [ 140.265632] ? node_tag_clear+0xf2/0x180 [ 140.269686] ? proc_get_inode+0x620/0x620 [ 140.273825] mount_ns+0x6d/0x190 [ 140.277270] proc_mount+0x7a/0x90 [ 140.280706] mount_fs+0x66/0x2d0 [ 140.284058] vfs_kern_mount.part.26+0xc6/0x4a0 [ 140.288621] ? may_umount+0xa0/0xa0 [ 140.292232] ? idr_alloc_cyclic+0x1d6/0x320 [ 140.296536] ? do_raw_spin_trylock+0x190/0x190 [ 140.301099] ? idr_alloc+0x180/0x180 [ 140.304800] kern_mount_data+0x50/0xb0 [ 140.308667] pid_ns_prepare_proc+0x1e/0x80 [ 140.312880] alloc_pid+0x87e/0xa00 [ 140.316402] ? __change_pid+0x400/0x400 [ 140.320354] ? ns_capable_common+0xcf/0x160 [ 140.324659] ? memset+0x31/0x40 [ 140.327916] ? copy_thread_tls+0x268/0x8f0 [ 140.332139] copy_process.part.38+0x2516/0x4bd0 [ 140.336801] ? __cleanup_sighand+0x40/0x40 [ 140.341035] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 140.346217] ? __lock_acquire+0x664/0x3e00 [ 140.350433] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 140.355606] ? environ_open+0x80/0x80 [ 140.359397] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 140.364564] ? __lock_acquire+0x664/0x3e00 [ 140.368788] ? mntput_no_expire+0x130/0xa90 [ 140.373095] ? print_irqtrace_events+0x270/0x270 [ 140.377832] ? trace_hardirqs_off+0x10/0x10 [ 140.382139] ? lock_acquire+0x1d5/0x580 [ 140.386096] ? trace_hardirqs_off+0x10/0x10 [ 140.390399] ? trace_hardirqs_off+0x10/0x10 [ 140.394703] ? __lock_acquire+0x664/0x3e00 [ 140.398921] ? check_same_owner+0x320/0x320 [ 140.403230] ? find_held_lock+0x35/0x1d0 [ 140.407280] ? _parse_integer+0xe9/0x140 [ 140.411324] ? trace_hardirqs_off+0x10/0x10 [ 140.415625] ? _parse_integer+0x140/0x140 [ 140.419757] ? trace_hardirqs_off+0x10/0x10 [ 140.424060] ? get_pid_task+0x93/0x140 [ 140.427932] ? lock_downgrade+0x980/0x980 [ 140.432064] ? find_held_lock+0x35/0x1d0 [ 140.436111] ? __f_unlock_pos+0x19/0x20 [ 140.440065] ? lock_downgrade+0x980/0x980 [ 140.444193] ? get_pid_task+0xbc/0x140 [ 140.448151] ? proc_fail_nth_write+0x9b/0x1d0 [ 140.452626] ? map_files_get_link+0x3a0/0x3a0 [ 140.457101] ? handle_mm_fault+0x35b/0xb10 [ 140.461321] _do_fork+0x1f7/0xf70 [ 140.464759] ? fork_idle+0x2d0/0x2d0 [ 140.468453] ? wait_for_completion+0x770/0x770 [ 140.473029] ? __lock_is_held+0xb6/0x140 [ 140.477087] ? __sb_end_write+0xa0/0xd0 [ 140.481049] ? fput+0xd2/0x140 [ 140.484227] ? SyS_write+0x184/0x220 [ 140.487926] ? SyS_read+0x220/0x220 [ 140.491537] SyS_clone+0x37/0x50 [ 140.494883] ? sys_vfork+0x30/0x30 [ 140.498404] do_syscall_64+0x281/0x940 [ 140.502270] ? vmalloc_sync_all+0x30/0x30 [ 140.506396] ? _raw_spin_unlock_irq+0x27/0x70 [ 140.510873] ? finish_task_switch+0x1c1/0x7e0 [ 140.515350] ? syscall_return_slowpath+0x550/0x550 [ 140.520259] ? syscall_return_slowpath+0x2ac/0x550 [ 140.525170] ? prepare_exit_to_usermode+0x350/0x350 [ 140.530168] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 140.535517] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 140.540367] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 140.545535] RIP: 0033:0x454e79 [ 140.548707] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 140.556411] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 140.563660] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 140.571260] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 140.578511] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 140.585763] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000025 [ 140.607615] xprt_adjust_timeout: rq_timeout = 0! [ 140.669198] xprt_adjust_timeout: rq_timeout = 0! [ 140.858533] binder: 10246:10278 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 2018/03/31 10:51:37 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:37 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0xa0200, 0x0) ioctl$TIOCEXCL(r0, 0x540c) socket$inet6(0xa, 0x1001000000080001, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:37 executing program 6 (fault-call:10 fault-nth:38): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:37 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x0, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:37 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r5 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r5, 0x7, r1, &(0x7f00000001c0)={r4, r3}) r6 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r7 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r7) close(r6) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:37 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:37 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 141.087623] FAULT_INJECTION: forcing a failure. [ 141.087623] name failslab, interval 1, probability 0, space 0, times 0 [ 141.098985] CPU: 1 PID: 10295 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 141.106174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.115529] Call Trace: [ 141.118121] dump_stack+0x194/0x24d [ 141.121752] ? arch_local_irq_restore+0x53/0x53 [ 141.126413] ? __save_stack_trace+0x7e/0xd0 [ 141.130737] should_fail+0x8c0/0xa40 [ 141.134444] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 141.139528] ? kasan_kmalloc+0xad/0xe0 [ 141.143403] ? kmem_cache_alloc_trace+0x136/0x740 [ 141.148224] ? __memcg_init_list_lru_node+0x169/0x270 [ 141.153402] ? __list_lru_init+0x544/0x750 [ 141.157708] ? sget_userns+0x6b1/0xe40 [ 141.161579] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 141.166317] ? kern_mount_data+0x50/0xb0 [ 141.170358] ? pid_ns_prepare_proc+0x1e/0x80 [ 141.174748] ? alloc_pid+0x87e/0xa00 [ 141.178443] ? copy_process.part.38+0x2516/0x4bd0 [ 141.183264] ? _do_fork+0x1f7/0xf70 [ 141.186870] ? SyS_clone+0x37/0x50 [ 141.190394] ? find_held_lock+0x35/0x1d0 [ 141.194441] ? __lock_is_held+0xb6/0x140 [ 141.198497] ? check_same_owner+0x320/0x320 [ 141.202802] ? rcu_note_context_switch+0x710/0x710 [ 141.207723] should_failslab+0xec/0x120 [ 141.211681] kmem_cache_alloc_trace+0x4b/0x740 [ 141.216248] ? __kmalloc_node+0x33/0x70 [ 141.220207] ? __kmalloc_node+0x33/0x70 [ 141.224163] ? rcu_read_lock_sched_held+0x108/0x120 [ 141.229782] __memcg_init_list_lru_node+0x169/0x270 [ 141.234783] ? list_lru_add+0x7c0/0x7c0 [ 141.238738] ? __kmalloc_node+0x47/0x70 [ 141.242701] __list_lru_init+0x544/0x750 [ 141.246751] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 141.252619] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 141.257625] ? lockdep_init_map+0x9/0x10 [ 141.261679] sget_userns+0x6b1/0xe40 [ 141.265375] ? set_anon_super+0x20/0x20 [ 141.269333] ? put_filp+0x90/0x90 [ 141.272768] ? destroy_unused_super.part.6+0xd0/0xd0 [ 141.277863] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 141.282856] ? perf_trace_lock+0xd6/0x900 [ 141.287002] ? save_stack+0xa3/0xd0 [ 141.290616] ? kasan_slab_alloc+0x12/0x20 [ 141.294746] ? alloc_pid+0xc1/0xa00 [ 141.298360] ? __radix_tree_replace+0x1af/0x310 [ 141.303015] ? radix_tree_delete+0x30/0x30 [ 141.307255] ? node_tag_clear+0xf2/0x180 [ 141.311307] ? proc_get_inode+0x620/0x620 [ 141.315438] mount_ns+0x6d/0x190 [ 141.318800] proc_mount+0x7a/0x90 [ 141.322237] mount_fs+0x66/0x2d0 [ 141.325589] vfs_kern_mount.part.26+0xc6/0x4a0 [ 141.330157] ? may_umount+0xa0/0xa0 [ 141.333764] ? idr_alloc_cyclic+0x1d6/0x320 [ 141.338089] ? do_raw_spin_trylock+0x190/0x190 [ 141.342650] ? idr_alloc+0x180/0x180 [ 141.346347] kern_mount_data+0x50/0xb0 [ 141.350220] pid_ns_prepare_proc+0x1e/0x80 [ 141.354436] alloc_pid+0x87e/0xa00 [ 141.357963] ? __change_pid+0x400/0x400 [ 141.361927] ? ns_capable_common+0xcf/0x160 [ 141.366237] ? memset+0x31/0x40 [ 141.369499] ? copy_thread_tls+0x268/0x8f0 [ 141.373723] copy_process.part.38+0x2516/0x4bd0 [ 141.378384] ? __cleanup_sighand+0x40/0x40 [ 141.382616] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 141.387802] ? __lock_acquire+0x664/0x3e00 [ 141.392107] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 141.397282] ? perf_trace_lock+0xd6/0x900 [ 141.401420] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 141.406588] ? perf_trace_lock+0xd6/0x900 [ 141.410716] ? mntput_no_expire+0x130/0xa90 [ 141.415033] ? trace_event_raw_event_lock+0x340/0x340 [ 141.420205] ? perf_trace_lock+0xd6/0x900 [ 141.424343] ? lock_acquire+0x1d5/0x580 [ 141.428298] ? trace_hardirqs_off+0x10/0x10 [ 141.432602] ? perf_trace_lock+0xd6/0x900 [ 141.436742] ? find_held_lock+0x35/0x1d0 [ 141.440788] ? perf_trace_lock+0xd6/0x900 [ 141.444926] ? trace_event_raw_event_lock+0x340/0x340 [ 141.450101] ? _parse_integer+0x140/0x140 [ 141.454237] ? trace_hardirqs_off+0x10/0x10 [ 141.458544] ? get_pid_task+0x93/0x140 [ 141.462414] ? perf_trace_lock+0xd6/0x900 [ 141.466554] ? find_held_lock+0x35/0x1d0 [ 141.470607] ? __f_unlock_pos+0x19/0x20 [ 141.474564] ? lock_downgrade+0x980/0x980 [ 141.478692] ? get_pid_task+0xbc/0x140 [ 141.482558] ? proc_fail_nth_write+0x9b/0x1d0 [ 141.487036] ? map_files_get_link+0x3a0/0x3a0 [ 141.491952] ? handle_mm_fault+0x35b/0xb10 [ 141.496175] _do_fork+0x1f7/0xf70 [ 141.499621] ? fork_idle+0x2d0/0x2d0 [ 141.503317] ? wait_for_completion+0x770/0x770 [ 141.507899] ? __sb_end_write+0xa0/0xd0 [ 141.511860] ? fput+0xd2/0x140 [ 141.515040] ? SyS_write+0x184/0x220 [ 141.518743] ? SyS_read+0x220/0x220 [ 141.522357] SyS_clone+0x37/0x50 [ 141.525707] ? sys_vfork+0x30/0x30 [ 141.529233] do_syscall_64+0x281/0x940 [ 141.533101] ? vmalloc_sync_all+0x30/0x30 [ 141.537230] ? _raw_spin_unlock_irq+0x27/0x70 [ 141.541794] ? finish_task_switch+0x1c1/0x7e0 [ 141.546274] ? syscall_return_slowpath+0x550/0x550 [ 141.551187] ? syscall_return_slowpath+0x2ac/0x550 [ 141.556098] ? prepare_exit_to_usermode+0x350/0x350 [ 141.561097] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 141.566448] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 141.571280] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 141.576453] RIP: 0033:0x454e79 [ 141.579622] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 2018/03/31 10:51:38 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/d\a\x00\x00\x00\x00\x00\b\x00iband/rdma_cm\x00', 0x18, 0x0) pause() munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) socket$pppoe(0x18, 0x1, 0x0) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) [ 141.587314] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 141.594565] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 141.601817] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 141.609073] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 141.616335] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000026 2018/03/31 10:51:38 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:38 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:38 executing program 6 (fault-call:10 fault-nth:39): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 141.639599] xprt_adjust_timeout: rq_timeout = 0! [ 141.656213] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:38 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x0, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:38 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 141.758261] FAULT_INJECTION: forcing a failure. [ 141.758261] name failslab, interval 1, probability 0, space 0, times 0 [ 141.769714] CPU: 1 PID: 10323 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 141.776909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.786262] Call Trace: [ 141.788849] dump_stack+0x194/0x24d [ 141.792473] ? arch_local_irq_restore+0x53/0x53 [ 141.797137] ? __save_stack_trace+0x7e/0xd0 [ 141.801455] should_fail+0x8c0/0xa40 [ 141.805156] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 141.810253] ? kasan_kmalloc+0xad/0xe0 [ 141.814123] ? kmem_cache_alloc_trace+0x136/0x740 [ 141.818948] ? __memcg_init_list_lru_node+0x169/0x270 [ 141.824120] ? __list_lru_init+0x544/0x750 [ 141.828336] ? sget_userns+0x6b1/0xe40 [ 141.832208] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 141.836946] ? kern_mount_data+0x50/0xb0 [ 141.840987] ? pid_ns_prepare_proc+0x1e/0x80 [ 141.845377] ? alloc_pid+0x87e/0xa00 [ 141.849078] ? copy_process.part.38+0x2516/0x4bd0 [ 141.853900] ? _do_fork+0x1f7/0xf70 [ 141.857508] ? SyS_clone+0x37/0x50 [ 141.861041] ? find_held_lock+0x35/0x1d0 [ 141.865092] ? __lock_is_held+0xb6/0x140 [ 141.869148] ? check_same_owner+0x320/0x320 [ 141.873464] ? rcu_note_context_switch+0x710/0x710 [ 141.878387] should_failslab+0xec/0x120 [ 141.882349] kmem_cache_alloc_trace+0x4b/0x740 [ 141.886918] ? __kmalloc_node+0x33/0x70 [ 141.890885] ? __kmalloc_node+0x33/0x70 [ 141.894844] ? rcu_read_lock_sched_held+0x108/0x120 [ 141.899847] __memcg_init_list_lru_node+0x169/0x270 [ 141.904867] ? list_lru_add+0x7c0/0x7c0 [ 141.908831] ? __kmalloc_node+0x47/0x70 [ 141.913492] __list_lru_init+0x544/0x750 [ 141.917542] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 141.923415] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 141.928421] ? lockdep_init_map+0x9/0x10 [ 141.932467] sget_userns+0x6b1/0xe40 [ 141.936160] ? set_anon_super+0x20/0x20 [ 141.940125] ? put_filp+0x90/0x90 [ 141.943562] ? destroy_unused_super.part.6+0xd0/0xd0 [ 141.948652] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 141.953660] ? perf_trace_lock+0xd6/0x900 [ 141.957804] ? save_stack+0xa3/0xd0 [ 141.961415] ? kasan_slab_alloc+0x12/0x20 [ 141.965547] ? alloc_pid+0xc1/0xa00 [ 141.969158] ? __radix_tree_replace+0x1af/0x310 [ 141.973818] ? radix_tree_delete+0x30/0x30 [ 141.978037] ? node_tag_clear+0xf2/0x180 [ 141.982104] ? proc_get_inode+0x620/0x620 [ 141.986231] mount_ns+0x6d/0x190 [ 141.989583] proc_mount+0x7a/0x90 [ 141.993032] mount_fs+0x66/0x2d0 [ 141.996389] vfs_kern_mount.part.26+0xc6/0x4a0 [ 142.000957] ? may_umount+0xa0/0xa0 [ 142.004566] ? idr_alloc_cyclic+0x1d6/0x320 [ 142.008871] ? do_raw_spin_trylock+0x190/0x190 [ 142.013438] ? idr_alloc+0x180/0x180 [ 142.017137] kern_mount_data+0x50/0xb0 [ 142.021012] pid_ns_prepare_proc+0x1e/0x80 [ 142.025237] alloc_pid+0x87e/0xa00 [ 142.028764] ? __change_pid+0x400/0x400 [ 142.032719] ? ns_capable_common+0xcf/0x160 [ 142.037037] ? memset+0x31/0x40 [ 142.040302] ? copy_thread_tls+0x268/0x8f0 [ 142.044526] copy_process.part.38+0x2516/0x4bd0 [ 142.049199] ? __cleanup_sighand+0x40/0x40 [ 142.053428] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.058603] ? __lock_acquire+0x664/0x3e00 [ 142.062822] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.067999] ? perf_trace_lock+0xd6/0x900 [ 142.072142] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.077315] ? perf_trace_lock+0xd6/0x900 [ 142.082402] ? mntput_no_expire+0x130/0xa90 [ 142.086715] ? trace_event_raw_event_lock+0x340/0x340 [ 142.091881] ? perf_trace_lock+0xd6/0x900 [ 142.096027] ? lock_acquire+0x1d5/0x580 [ 142.099986] ? trace_hardirqs_off+0x10/0x10 [ 142.104293] ? perf_trace_lock+0xd6/0x900 [ 142.108433] ? find_held_lock+0x35/0x1d0 [ 142.112479] ? perf_trace_lock+0xd6/0x900 [ 142.116614] ? trace_event_raw_event_lock+0x340/0x340 [ 142.121789] ? _parse_integer+0x140/0x140 [ 142.125927] ? trace_hardirqs_off+0x10/0x10 [ 142.130233] ? get_pid_task+0x93/0x140 [ 142.134102] ? perf_trace_lock+0xd6/0x900 [ 142.138238] ? find_held_lock+0x35/0x1d0 [ 142.142285] ? __f_unlock_pos+0x19/0x20 [ 142.146241] ? lock_downgrade+0x980/0x980 [ 142.150368] ? get_pid_task+0xbc/0x140 [ 142.154252] ? proc_fail_nth_write+0x9b/0x1d0 [ 142.158730] ? map_files_get_link+0x3a0/0x3a0 [ 142.163207] ? handle_mm_fault+0x35b/0xb10 [ 142.167430] _do_fork+0x1f7/0xf70 [ 142.170868] ? fork_idle+0x2d0/0x2d0 [ 142.174566] ? wait_for_completion+0x770/0x770 [ 142.179151] ? __sb_end_write+0xa0/0xd0 [ 142.183117] ? fput+0xd2/0x140 [ 142.186291] ? SyS_write+0x184/0x220 [ 142.190004] ? SyS_read+0x220/0x220 [ 142.193620] SyS_clone+0x37/0x50 [ 142.196967] ? sys_vfork+0x30/0x30 [ 142.200487] do_syscall_64+0x281/0x940 [ 142.204356] ? vmalloc_sync_all+0x30/0x30 [ 142.208484] ? _raw_spin_unlock_irq+0x27/0x70 [ 142.212961] ? finish_task_switch+0x1c1/0x7e0 [ 142.217440] ? syscall_return_slowpath+0x550/0x550 [ 142.222352] ? syscall_return_slowpath+0x2ac/0x550 [ 142.227265] ? prepare_exit_to_usermode+0x350/0x350 [ 142.232263] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 142.237611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 142.242444] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 142.247612] RIP: 0033:0x454e79 [ 142.250787] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 2018/03/31 10:51:38 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:38 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) [ 142.258479] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 142.265731] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 142.272982] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 142.280231] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 142.287482] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000027 2018/03/31 10:51:38 executing program 4 (fault-call:1 fault-nth:0): modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 142.351869] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:39 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:39 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) [ 142.386444] FAULT_INJECTION: forcing a failure. [ 142.386444] name failslab, interval 1, probability 0, space 0, times 0 [ 142.397735] CPU: 0 PID: 10339 Comm: syz-executor4 Not tainted 4.16.0-rc7+ #8 [ 142.405104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 142.414464] Call Trace: [ 142.417057] dump_stack+0x194/0x24d [ 142.420690] ? arch_local_irq_restore+0x53/0x53 [ 142.425370] should_fail+0x8c0/0xa40 [ 142.429093] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/03/31 10:51:39 executing program 6 (fault-call:10 fault-nth:40): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 142.434205] ? page_add_new_anon_rmap+0x750/0x750 [ 142.439054] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.444252] ? perf_trace_lock+0xd6/0x900 [ 142.448411] ? find_held_lock+0x35/0x1d0 [ 142.452495] ? check_same_owner+0x320/0x320 [ 142.456825] ? rcu_note_context_switch+0x710/0x710 [ 142.461765] ? reacquire_held_locks+0x1f9/0x3e0 [ 142.466446] ? alloc_set_pte+0xefd/0x1590 [ 142.470602] should_failslab+0xec/0x120 [ 142.471085] FAULT_INJECTION: forcing a failure. [ 142.471085] name failslab, interval 1, probability 0, space 0, times 0 [ 142.474575] kmem_cache_alloc_node+0x56/0x760 [ 142.474592] ? print_irqtrace_events+0x270/0x270 [ 142.474607] ? filemap_map_pages+0x919/0x15d0 [ 142.474626] copy_process.part.38+0x1a21/0x4bd0 [ 142.474640] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.474678] ? __lock_is_held+0xb6/0x140 [ 142.474696] ? __cleanup_sighand+0x40/0x40 [ 142.517602] ? __lock_acquire+0x664/0x3e00 [ 142.521831] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.527008] ? __lock_acquire+0x664/0x3e00 [ 142.531229] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.536403] ? perf_trace_lock+0xd6/0x900 [ 142.540535] ? print_irqtrace_events+0x270/0x270 [ 142.545278] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 142.550452] ? perf_trace_lock+0xd6/0x900 [ 142.554588] ? mntput_no_expire+0x130/0xa90 [ 142.558902] ? trace_event_raw_event_lock+0x340/0x340 [ 142.564073] ? perf_trace_lock+0xd6/0x900 [ 142.568211] ? lock_acquire+0x1d5/0x580 [ 142.572171] ? trace_hardirqs_off+0x10/0x10 [ 142.576478] ? __fdget_pos+0x12b/0x190 [ 142.580354] ? perf_trace_lock+0xd6/0x900 [ 142.584491] ? trace_event_raw_event_lock+0x340/0x340 [ 142.589669] ? find_held_lock+0x35/0x1d0 [ 142.593718] ? perf_trace_lock+0xd6/0x900 [ 142.597854] ? trace_event_raw_event_lock+0x340/0x340 [ 142.603032] ? _parse_integer+0x140/0x140 [ 142.607164] ? check_same_owner+0x320/0x320 [ 142.611471] ? find_held_lock+0x35/0x1d0 [ 142.615514] ? trace_hardirqs_off+0x10/0x10 [ 142.619823] ? get_pid_task+0x93/0x140 [ 142.623698] ? perf_trace_lock+0xd6/0x900 [ 142.627836] ? find_held_lock+0x35/0x1d0 [ 142.631896] ? __f_unlock_pos+0x19/0x20 [ 142.635857] ? lock_downgrade+0x980/0x980 [ 142.639990] ? get_pid_task+0xbc/0x140 [ 142.643867] ? proc_fail_nth_write+0x9b/0x1d0 [ 142.648345] ? map_files_get_link+0x3a0/0x3a0 [ 142.652825] ? handle_mm_fault+0x35b/0xb10 [ 142.657048] _do_fork+0x1f7/0xf70 [ 142.660490] ? fork_idle+0x2d0/0x2d0 [ 142.664192] ? wait_for_completion+0x770/0x770 [ 142.668776] ? __sb_end_write+0xa0/0xd0 [ 142.672739] ? fput+0xd2/0x140 [ 142.675918] ? SyS_write+0x184/0x220 [ 142.679620] ? SyS_read+0x220/0x220 [ 142.683239] SyS_clone+0x37/0x50 [ 142.686591] ? sys_vfork+0x30/0x30 [ 142.690119] do_syscall_64+0x281/0x940 [ 142.693992] ? vmalloc_sync_all+0x30/0x30 [ 142.698124] ? _raw_spin_unlock_irq+0x27/0x70 [ 142.702604] ? finish_task_switch+0x1c1/0x7e0 [ 142.707086] ? syscall_return_slowpath+0x550/0x550 [ 142.712006] ? syscall_return_slowpath+0x2ac/0x550 [ 142.716935] ? prepare_exit_to_usermode+0x350/0x350 [ 142.721939] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 142.727293] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 142.732130] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 142.737309] RIP: 0033:0x454e79 [ 142.740484] RSP: 002b:00007f9ecbcf3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 142.748180] RAX: ffffffffffffffda RBX: 00007f9ecbcf46d4 RCX: 0000000000454e79 [ 142.755437] RDX: 0000000020000100 RSI: 0000000020000800 RDI: 0000000000000000 [ 142.762691] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000000 [ 142.769952] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000013 [ 142.777294] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000000 [ 142.784566] CPU: 1 PID: 10346 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 142.791756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 142.801106] Call Trace: [ 142.802823] xprt_adjust_timeout: rq_timeout = 0! [ 142.803695] dump_stack+0x194/0x24d [ 142.803709] ? arch_local_irq_restore+0x53/0x53 [ 142.803720] ? __save_stack_trace+0x7e/0xd0 [ 142.803738] should_fail+0x8c0/0xa40 [ 142.803749] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 142.803763] ? kasan_kmalloc+0xad/0xe0 [ 142.833718] ? kmem_cache_alloc_trace+0x136/0x740 [ 142.838540] ? __memcg_init_list_lru_node+0x169/0x270 [ 142.843707] ? __list_lru_init+0x544/0x750 [ 142.847921] ? sget_userns+0x6b1/0xe40 [ 142.851793] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 142.856525] ? kern_mount_data+0x50/0xb0 [ 142.860562] ? pid_ns_prepare_proc+0x1e/0x80 [ 142.864946] ? alloc_pid+0x87e/0xa00 [ 142.868642] ? copy_process.part.38+0x2516/0x4bd0 [ 142.873466] ? _do_fork+0x1f7/0xf70 [ 142.877069] ? SyS_clone+0x37/0x50 [ 142.880591] ? find_held_lock+0x35/0x1d0 [ 142.884633] ? __lock_is_held+0xb6/0x140 [ 142.888682] ? check_same_owner+0x320/0x320 [ 142.892983] ? rcu_note_context_switch+0x710/0x710 [ 142.897895] should_failslab+0xec/0x120 [ 142.901851] kmem_cache_alloc_trace+0x4b/0x740 [ 142.906410] ? __kmalloc_node+0x33/0x70 [ 142.910364] ? __kmalloc_node+0x33/0x70 [ 142.914320] ? rcu_read_lock_sched_held+0x108/0x120 [ 142.919320] __memcg_init_list_lru_node+0x169/0x270 [ 142.924319] ? list_lru_add+0x7c0/0x7c0 [ 142.928273] ? __kmalloc_node+0x47/0x70 [ 142.932227] __list_lru_init+0x544/0x750 [ 142.936272] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 142.942141] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 142.947145] ? lockdep_init_map+0x9/0x10 [ 142.951188] sget_userns+0x6b1/0xe40 [ 142.954880] ? set_anon_super+0x20/0x20 [ 142.958834] ? put_filp+0x90/0x90 [ 142.962268] ? destroy_unused_super.part.6+0xd0/0xd0 [ 142.967356] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 142.972365] ? perf_trace_lock+0xd6/0x900 [ 142.976496] ? save_stack+0xa3/0xd0 [ 142.980106] ? kasan_slab_alloc+0x12/0x20 [ 142.984243] ? alloc_pid+0xc1/0xa00 [ 142.987853] ? __radix_tree_replace+0x1af/0x310 [ 142.992502] ? radix_tree_delete+0x30/0x30 [ 142.996725] ? node_tag_clear+0xf2/0x180 [ 143.000856] ? proc_get_inode+0x620/0x620 [ 143.004984] mount_ns+0x6d/0x190 [ 143.008332] proc_mount+0x7a/0x90 [ 143.011781] mount_fs+0x66/0x2d0 [ 143.015133] vfs_kern_mount.part.26+0xc6/0x4a0 [ 143.019699] ? may_umount+0xa0/0xa0 [ 143.023306] ? idr_alloc_cyclic+0x1d6/0x320 [ 143.027614] ? do_raw_spin_trylock+0x190/0x190 [ 143.032176] ? idr_alloc+0x180/0x180 [ 143.035870] kern_mount_data+0x50/0xb0 [ 143.039737] pid_ns_prepare_proc+0x1e/0x80 [ 143.043954] alloc_pid+0x87e/0xa00 [ 143.047477] ? __change_pid+0x400/0x400 [ 143.051430] ? ns_capable_common+0xcf/0x160 [ 143.055736] ? memset+0x31/0x40 [ 143.059000] ? copy_thread_tls+0x268/0x8f0 [ 143.063224] copy_process.part.38+0x2516/0x4bd0 [ 143.067880] ? __cleanup_sighand+0x40/0x40 [ 143.072104] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 143.077280] ? __lock_acquire+0x664/0x3e00 [ 143.081495] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 143.086669] ? perf_trace_lock+0xd6/0x900 [ 143.090812] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 143.095998] ? perf_trace_lock+0xd6/0x900 [ 143.100139] ? mntput_no_expire+0x130/0xa90 [ 143.104443] ? trace_event_raw_event_lock+0x340/0x340 [ 143.109610] ? perf_trace_lock+0xd6/0x900 [ 143.113742] ? lock_acquire+0x1d5/0x580 [ 143.117698] ? trace_hardirqs_off+0x10/0x10 [ 143.122002] ? perf_trace_lock+0xd6/0x900 [ 143.126146] ? find_held_lock+0x35/0x1d0 [ 143.130189] ? perf_trace_lock+0xd6/0x900 [ 143.134320] ? trace_event_raw_event_lock+0x340/0x340 [ 143.139493] ? _parse_integer+0x140/0x140 [ 143.143626] ? trace_hardirqs_off+0x10/0x10 [ 143.147932] ? get_pid_task+0x93/0x140 [ 143.151800] ? perf_trace_lock+0xd6/0x900 [ 143.155945] ? find_held_lock+0x35/0x1d0 [ 143.160006] ? __f_unlock_pos+0x19/0x20 [ 143.163972] ? lock_downgrade+0x980/0x980 [ 143.168097] ? get_pid_task+0xbc/0x140 [ 143.171966] ? proc_fail_nth_write+0x9b/0x1d0 [ 143.176439] ? map_files_get_link+0x3a0/0x3a0 [ 143.180909] ? handle_mm_fault+0x35b/0xb10 [ 143.185123] _do_fork+0x1f7/0xf70 [ 143.188559] ? fork_idle+0x2d0/0x2d0 [ 143.192249] ? wait_for_completion+0x770/0x770 [ 143.196823] ? __sb_end_write+0xa0/0xd0 [ 143.200776] ? fput+0xd2/0x140 [ 143.203949] ? SyS_write+0x184/0x220 [ 143.207654] ? SyS_read+0x220/0x220 [ 143.211265] SyS_clone+0x37/0x50 [ 143.214611] ? sys_vfork+0x30/0x30 [ 143.218136] do_syscall_64+0x281/0x940 [ 143.222015] ? vmalloc_sync_all+0x30/0x30 [ 143.226148] ? _raw_spin_unlock_irq+0x27/0x70 [ 143.230628] ? finish_task_switch+0x1c1/0x7e0 [ 143.235110] ? syscall_return_slowpath+0x550/0x550 [ 143.240027] ? syscall_return_slowpath+0x2ac/0x550 [ 143.244939] ? prepare_exit_to_usermode+0x350/0x350 [ 143.249939] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 143.255284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 143.260113] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 143.265295] RIP: 0033:0x454e79 [ 143.268463] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 143.276152] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 2018/03/31 10:51:39 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x0, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:39 executing program 4 (fault-call:1 fault-nth:1): modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) [ 143.283489] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 143.290738] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 143.297986] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 143.305236] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000028 2018/03/31 10:51:40 executing program 6 (fault-call:10 fault-nth:41): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 143.366771] xprt_adjust_timeout: rq_timeout = 0! [ 143.384730] FAULT_INJECTION: forcing a failure. [ 143.384730] name failslab, interval 1, probability 0, space 0, times 0 [ 143.396114] CPU: 0 PID: 10362 Comm: syz-executor4 Not tainted 4.16.0-rc7+ #8 [ 143.403310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 143.412670] Call Trace: [ 143.415268] dump_stack+0x194/0x24d [ 143.418900] ? arch_local_irq_restore+0x53/0x53 [ 143.423574] should_fail+0x8c0/0xa40 [ 143.427285] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 143.432384] ? percpu_ref_put_many+0x132/0x220 [ 143.436964] ? memcg_kmem_charge_memcg+0x74/0x110 [ 143.441791] ? percpu_ref_tryget_live+0x2f0/0x2f0 [ 143.446642] ? find_held_lock+0x35/0x1d0 [ 143.450707] ? check_same_owner+0x320/0x320 [ 143.455023] ? rcu_note_context_switch+0x710/0x710 [ 143.459952] should_failslab+0xec/0x120 [ 143.463913] kmem_cache_alloc+0x47/0x760 [ 143.467956] ? percpu_ref_put_many+0x132/0x220 [ 143.472521] ? rcu_pm_notify+0xc0/0xc0 [ 143.476397] prepare_creds+0x78/0x360 [ 143.480177] ? abort_creds+0x130/0x130 [ 143.484055] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 143.489064] copy_creds+0x7b/0x3a0 [ 143.492586] ? lockdep_init_map+0x9/0x10 [ 143.496636] copy_process.part.38+0xb64/0x4bd0 [ 143.501207] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 143.506380] ? __lock_is_held+0xb6/0x140 [ 143.510431] ? __cleanup_sighand+0x40/0x40 [ 143.514665] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 143.519843] ? __lock_acquire+0x664/0x3e00 [ 143.524061] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 143.529234] ? perf_trace_lock+0xd6/0x900 [ 143.533375] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 143.538549] ? perf_trace_lock+0xd6/0x900 [ 143.542677] ? mntput_no_expire+0x130/0xa90 [ 143.546987] ? trace_event_raw_event_lock+0x340/0x340 [ 143.552168] ? perf_trace_lock+0xd6/0x900 [ 143.556306] ? lock_acquire+0x1d5/0x580 [ 143.560262] ? trace_hardirqs_off+0x10/0x10 [ 143.564562] ? __fdget_pos+0x12b/0x190 [ 143.568432] ? perf_trace_lock+0xd6/0x900 [ 143.572570] ? trace_event_raw_event_lock+0x340/0x340 [ 143.577751] ? find_held_lock+0x35/0x1d0 [ 143.581796] ? perf_trace_lock+0xd6/0x900 [ 143.585931] ? trace_event_raw_event_lock+0x340/0x340 [ 143.591104] ? _parse_integer+0x140/0x140 [ 143.595233] ? check_same_owner+0x320/0x320 [ 143.599540] ? trace_hardirqs_off+0x10/0x10 [ 143.603846] ? get_pid_task+0x93/0x140 [ 143.607717] ? perf_trace_lock+0xd6/0x900 [ 143.611852] ? find_held_lock+0x35/0x1d0 [ 143.615902] ? __f_unlock_pos+0x19/0x20 [ 143.619857] ? lock_downgrade+0x980/0x980 [ 143.623986] ? get_pid_task+0xbc/0x140 [ 143.627858] ? proc_fail_nth_write+0x9b/0x1d0 [ 143.632336] ? map_files_get_link+0x3a0/0x3a0 [ 143.636813] ? handle_mm_fault+0x35b/0xb10 [ 143.641041] _do_fork+0x1f7/0xf70 [ 143.644479] ? fork_idle+0x2d0/0x2d0 [ 143.648174] ? wait_for_completion+0x770/0x770 [ 143.652759] ? __sb_end_write+0xa0/0xd0 [ 143.656718] ? fput+0xd2/0x140 [ 143.659890] ? SyS_write+0x184/0x220 [ 143.663584] ? SyS_read+0x220/0x220 [ 143.667207] SyS_clone+0x37/0x50 [ 143.670555] ? sys_vfork+0x30/0x30 [ 143.674076] do_syscall_64+0x281/0x940 [ 143.677944] ? vmalloc_sync_all+0x30/0x30 [ 143.682073] ? finish_task_switch+0x1c1/0x7e0 [ 143.686549] ? syscall_return_slowpath+0x550/0x550 [ 143.691461] ? syscall_return_slowpath+0x2ac/0x550 [ 143.696371] ? prepare_exit_to_usermode+0x350/0x350 [ 143.701371] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 143.706719] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 143.711548] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 143.716720] RIP: 0033:0x454e79 [ 143.719892] RSP: 002b:00007f9ecbcf3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 143.727584] RAX: ffffffffffffffda RBX: 00007f9ecbcf46d4 RCX: 0000000000454e79 [ 143.734834] RDX: 0000000020000100 RSI: 0000000020000800 RDI: 0000000000000000 [ 143.742082] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000000 [ 143.749331] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000013 [ 143.756582] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000001 [ 143.796627] FAULT_INJECTION: forcing a failure. [ 143.796627] name failslab, interval 1, probability 0, space 0, times 0 [ 143.807993] CPU: 0 PID: 10370 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 143.815364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 143.824731] Call Trace: [ 143.827320] dump_stack+0x194/0x24d [ 143.830959] ? arch_local_irq_restore+0x53/0x53 [ 143.835639] ? __save_stack_trace+0x7e/0xd0 [ 143.839971] should_fail+0x8c0/0xa40 2018/03/31 10:51:40 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="000002000200000000000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:40 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:40 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:40 executing program 4 (fault-call:1 fault-nth:2): modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) [ 143.843692] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 143.848802] ? kasan_kmalloc+0xad/0xe0 [ 143.852700] ? kmem_cache_alloc_trace+0x136/0x740 [ 143.857546] ? __memcg_init_list_lru_node+0x169/0x270 [ 143.862737] ? __list_lru_init+0x544/0x750 [ 143.866975] ? sget_userns+0x6b1/0xe40 [ 143.870878] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 143.875643] ? kern_mount_data+0x50/0xb0 [ 143.879881] ? pid_ns_prepare_proc+0x1e/0x80 [ 143.884291] ? alloc_pid+0x87e/0xa00 [ 143.888012] ? copy_process.part.38+0x2516/0x4bd0 [ 143.892861] ? _do_fork+0x1f7/0xf70 2018/03/31 10:51:40 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)=ANY=[@ANYBLOB="0000949ffee403000000376b94ccf5c2e772a8fc0cfb45ec2b8c531ce30dbcb7438ff06b348c6036faa5964d56abae7b29407bf836f7d4c5178656cc0208298c0d545cef242c021c22584ef08e57a2bc8529e0e7d68a0ec2584775ccd017ebacc631b1f74f1d5ffec831518ad09ac78b"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) socket$key(0xf, 0x3, 0x2) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) [ 143.896490] ? SyS_clone+0x37/0x50 [ 143.900039] ? find_held_lock+0x35/0x1d0 [ 143.904116] ? __lock_is_held+0xb6/0x140 [ 143.908196] ? check_same_owner+0x320/0x320 [ 143.911671] binder: BINDER_SET_CONTEXT_MGR already set [ 143.912522] ? rcu_note_context_switch+0x710/0x710 [ 143.912543] should_failslab+0xec/0x120 [ 143.912557] kmem_cache_alloc_trace+0x4b/0x740 [ 143.912566] ? __kmalloc_node+0x33/0x70 [ 143.912575] ? __kmalloc_node+0x33/0x70 [ 143.912586] ? rcu_read_lock_sched_held+0x108/0x120 [ 143.912600] __memcg_init_list_lru_node+0x169/0x270 [ 143.912619] ? list_lru_add+0x7c0/0x7c0 [ 143.918388] binder: 10377:10389 ioctl 40046207 0 returned -16 [ 143.922804] ? __kmalloc_node+0x47/0x70 [ 143.922821] __list_lru_init+0x544/0x750 [ 143.922836] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 143.922850] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 143.922865] ? lockdep_init_map+0x9/0x10 [ 143.922879] sget_userns+0x6b1/0xe40 [ 143.922887] ? set_anon_super+0x20/0x20 [ 143.922898] ? put_filp+0x90/0x90 [ 143.922908] ? destroy_unused_super.part.6+0xd0/0xd0 [ 143.922923] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 143.975059] FAULT_INJECTION: forcing a failure. [ 143.975059] name failslab, interval 1, probability 0, space 0, times 0 [ 143.978057] ? perf_trace_lock+0xd6/0x900 [ 143.978073] ? save_stack+0xa3/0xd0 [ 143.978085] ? kasan_slab_alloc+0x12/0x20 [ 143.978094] ? alloc_pid+0xc1/0xa00 [ 143.978108] ? __radix_tree_replace+0x1af/0x310 [ 143.978119] ? radix_tree_delete+0x30/0x30 [ 143.978129] ? node_tag_clear+0xf2/0x180 [ 143.978146] ? proc_get_inode+0x620/0x620 [ 143.978156] mount_ns+0x6d/0x190 [ 143.978170] proc_mount+0x7a/0x90 [ 144.053715] mount_fs+0x66/0x2d0 [ 144.057070] vfs_kern_mount.part.26+0xc6/0x4a0 [ 144.061640] ? may_umount+0xa0/0xa0 [ 144.065254] ? idr_alloc_cyclic+0x1d6/0x320 [ 144.069562] ? do_raw_spin_trylock+0x190/0x190 [ 144.074128] ? idr_alloc+0x180/0x180 [ 144.077831] kern_mount_data+0x50/0xb0 [ 144.081714] pid_ns_prepare_proc+0x1e/0x80 [ 144.085944] alloc_pid+0x87e/0xa00 [ 144.089475] ? __change_pid+0x400/0x400 [ 144.093431] ? ns_capable_common+0xcf/0x160 [ 144.097741] ? memset+0x31/0x40 [ 144.101002] ? copy_thread_tls+0x268/0x8f0 [ 144.105226] copy_process.part.38+0x2516/0x4bd0 [ 144.109888] ? __cleanup_sighand+0x40/0x40 [ 144.114114] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 144.119291] ? __lock_acquire+0x664/0x3e00 [ 144.123510] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 144.128683] ? perf_trace_lock+0xd6/0x900 [ 144.132826] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 144.137999] ? perf_trace_lock+0xd6/0x900 [ 144.142134] ? mntput_no_expire+0x130/0xa90 [ 144.146442] ? trace_event_raw_event_lock+0x340/0x340 [ 144.151616] ? perf_trace_lock+0xd6/0x900 [ 144.155751] ? lock_acquire+0x1d5/0x580 [ 144.159708] ? trace_hardirqs_off+0x10/0x10 [ 144.164018] ? perf_trace_lock+0xd6/0x900 [ 144.168158] ? find_held_lock+0x35/0x1d0 [ 144.172231] ? perf_trace_lock+0xd6/0x900 [ 144.176366] ? trace_event_raw_event_lock+0x340/0x340 [ 144.181538] ? _parse_integer+0x140/0x140 [ 144.185676] ? trace_hardirqs_off+0x10/0x10 [ 144.189986] ? get_pid_task+0x93/0x140 [ 144.193861] ? perf_trace_lock+0xd6/0x900 [ 144.197997] ? find_held_lock+0x35/0x1d0 [ 144.202051] ? __f_unlock_pos+0x19/0x20 [ 144.206011] ? lock_downgrade+0x980/0x980 [ 144.210150] ? get_pid_task+0xbc/0x140 [ 144.214029] ? proc_fail_nth_write+0x9b/0x1d0 [ 144.218510] ? map_files_get_link+0x3a0/0x3a0 [ 144.222993] ? handle_mm_fault+0x35b/0xb10 [ 144.227219] _do_fork+0x1f7/0xf70 [ 144.230662] ? fork_idle+0x2d0/0x2d0 [ 144.234363] ? wait_for_completion+0x770/0x770 [ 144.238947] ? __sb_end_write+0xa0/0xd0 [ 144.242909] ? fput+0xd2/0x140 [ 144.246087] ? SyS_write+0x184/0x220 [ 144.250747] ? SyS_read+0x220/0x220 [ 144.254365] SyS_clone+0x37/0x50 [ 144.257714] ? sys_vfork+0x30/0x30 [ 144.261242] do_syscall_64+0x281/0x940 [ 144.265114] ? vmalloc_sync_all+0x30/0x30 [ 144.269245] ? _raw_spin_unlock_irq+0x27/0x70 [ 144.273725] ? finish_task_switch+0x1c1/0x7e0 [ 144.278204] ? syscall_return_slowpath+0x550/0x550 [ 144.283117] ? syscall_return_slowpath+0x2ac/0x550 [ 144.288033] ? prepare_exit_to_usermode+0x350/0x350 [ 144.293039] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 144.298485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 144.303320] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 144.308492] RIP: 0033:0x454e79 [ 144.311660] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 144.319353] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 144.326607] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 144.333858] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 144.341108] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 2018/03/31 10:51:41 executing program 6 (fault-call:10 fault-nth:42): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 144.348360] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000029 [ 144.355630] CPU: 1 PID: 10391 Comm: syz-executor4 Not tainted 4.16.0-rc7+ #8 [ 144.362826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.372182] Call Trace: [ 144.374769] dump_stack+0x194/0x24d [ 144.378402] ? arch_local_irq_restore+0x53/0x53 [ 144.383079] ? kasan_kmalloc+0xad/0xe0 [ 144.386964] ? kasan_slab_alloc+0x12/0x20 [ 144.391098] should_fail+0x8c0/0xa40 [ 144.394801] ? percpu_ref_put_many+0x11a/0x220 [ 144.399361] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 144.404454] ? lock_release+0xa40/0xa40 [ 144.408409] ? memcg_kmem_get_cache+0x443/0x890 [ 144.413063] ? find_held_lock+0x35/0x1d0 [ 144.417112] ? check_same_owner+0x320/0x320 [ 144.421413] ? percpu_ref_put_many+0x132/0x220 [ 144.425976] ? rcu_note_context_switch+0x710/0x710 [ 144.430883] ? security_prepare_creds+0x89/0xb0 [ 144.435533] should_failslab+0xec/0x120 [ 144.439485] kmem_cache_alloc+0x47/0x760 [ 144.443534] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 144.448530] ? key_put+0x28/0x80 [ 144.451875] __delayacct_tsk_init+0x20/0x80 [ 144.456177] copy_process.part.38+0x1ccf/0x4bd0 [ 144.460836] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 144.466012] ? __lock_is_held+0xb6/0x140 [ 144.470065] ? __cleanup_sighand+0x40/0x40 [ 144.474297] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 144.479472] ? __lock_acquire+0x664/0x3e00 [ 144.483698] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 144.488885] ? perf_trace_lock+0xd6/0x900 [ 144.493022] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 144.498202] ? perf_trace_lock+0xd6/0x900 [ 144.502337] ? mntput_no_expire+0x130/0xa90 [ 144.506657] ? trace_event_raw_event_lock+0x340/0x340 [ 144.511846] ? perf_trace_lock+0xd6/0x900 [ 144.515983] ? lock_acquire+0x1d5/0x580 [ 144.519942] ? trace_hardirqs_off+0x10/0x10 [ 144.524252] ? __fdget_pos+0x12b/0x190 [ 144.528117] ? perf_trace_lock+0xd6/0x900 [ 144.532246] ? trace_event_raw_event_lock+0x340/0x340 [ 144.537421] ? find_held_lock+0x35/0x1d0 [ 144.541461] ? perf_trace_lock+0xd6/0x900 [ 144.545587] ? trace_event_raw_event_lock+0x340/0x340 [ 144.550773] ? _parse_integer+0x140/0x140 [ 144.554923] ? check_same_owner+0x320/0x320 [ 144.559235] ? trace_hardirqs_off+0x10/0x10 [ 144.563543] ? get_pid_task+0x93/0x140 [ 144.567417] ? perf_trace_lock+0xd6/0x900 [ 144.571645] ? find_held_lock+0x35/0x1d0 [ 144.575704] ? __f_unlock_pos+0x19/0x20 [ 144.579656] ? lock_downgrade+0x980/0x980 [ 144.583786] ? get_pid_task+0xbc/0x140 [ 144.587658] ? proc_fail_nth_write+0x9b/0x1d0 [ 144.592137] ? map_files_get_link+0x3a0/0x3a0 [ 144.596621] ? handle_mm_fault+0x35b/0xb10 [ 144.600838] _do_fork+0x1f7/0xf70 [ 144.604282] ? fork_idle+0x2d0/0x2d0 [ 144.607985] ? wait_for_completion+0x770/0x770 [ 144.612561] ? __sb_end_write+0xa0/0xd0 [ 144.616514] ? fput+0xd2/0x140 [ 144.619701] ? SyS_write+0x184/0x220 [ 144.623407] ? SyS_read+0x220/0x220 [ 144.627028] SyS_clone+0x37/0x50 [ 144.630374] ? sys_vfork+0x30/0x30 [ 144.633896] do_syscall_64+0x281/0x940 [ 144.637761] ? vmalloc_sync_all+0x30/0x30 [ 144.641897] ? _raw_spin_unlock_irq+0x27/0x70 [ 144.646387] ? finish_task_switch+0x1c1/0x7e0 [ 144.650869] ? syscall_return_slowpath+0x550/0x550 [ 144.655794] ? syscall_return_slowpath+0x2ac/0x550 [ 144.660711] ? prepare_exit_to_usermode+0x350/0x350 [ 144.665717] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 144.671062] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 144.675899] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 144.681066] RIP: 0033:0x454e79 [ 144.684235] RSP: 002b:00007f9ecbcf3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 144.691919] RAX: ffffffffffffffda RBX: 00007f9ecbcf46d4 RCX: 0000000000454e79 [ 144.699169] RDX: 0000000020000100 RSI: 0000000020000800 RDI: 0000000000000000 [ 144.706425] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000000 [ 144.709200] binder: 10377:10400 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 144.713691] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000013 [ 144.713697] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000002 [ 144.766943] xprt_adjust_timeout: rq_timeout = 0! [ 144.788299] FAULT_INJECTION: forcing a failure. [ 144.788299] name failslab, interval 1, probability 0, space 0, times 0 [ 144.799602] CPU: 1 PID: 10407 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 144.806797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.816156] Call Trace: [ 144.818756] dump_stack+0x194/0x24d [ 144.822391] ? arch_local_irq_restore+0x53/0x53 [ 144.827053] ? __save_stack_trace+0x7e/0xd0 [ 144.831369] should_fail+0x8c0/0xa40 [ 144.835089] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 144.840198] ? kasan_kmalloc+0xad/0xe0 [ 144.844116] ? kmem_cache_alloc_trace+0x136/0x740 [ 144.848956] ? __memcg_init_list_lru_node+0x169/0x270 [ 144.854130] ? __list_lru_init+0x544/0x750 [ 144.858348] ? sget_userns+0x6b1/0xe40 [ 144.862225] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 144.866976] ? kern_mount_data+0x50/0xb0 [ 144.871037] ? pid_ns_prepare_proc+0x1e/0x80 [ 144.875449] ? alloc_pid+0x87e/0xa00 [ 144.879165] ? copy_process.part.38+0x2516/0x4bd0 [ 144.884006] ? _do_fork+0x1f7/0xf70 [ 144.887625] ? SyS_clone+0x37/0x50 [ 144.891176] ? find_held_lock+0x35/0x1d0 [ 144.895251] ? __lock_is_held+0xb6/0x140 [ 144.899315] ? check_same_owner+0x320/0x320 [ 144.903624] ? rcu_note_context_switch+0x710/0x710 [ 144.908553] should_failslab+0xec/0x120 [ 144.912507] kmem_cache_alloc_trace+0x4b/0x740 [ 144.917090] ? __kmalloc_node+0x33/0x70 [ 144.921049] ? __kmalloc_node+0x33/0x70 [ 144.925017] ? rcu_read_lock_sched_held+0x108/0x120 [ 144.930034] __memcg_init_list_lru_node+0x169/0x270 [ 144.935041] ? list_lru_add+0x7c0/0x7c0 [ 144.939016] ? __kmalloc_node+0x47/0x70 [ 144.942984] __list_lru_init+0x544/0x750 [ 144.947038] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 144.952913] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 144.957923] ? lockdep_init_map+0x9/0x10 [ 144.961974] sget_userns+0x6b1/0xe40 [ 144.965677] ? set_anon_super+0x20/0x20 [ 144.969637] ? put_filp+0x90/0x90 [ 144.973073] ? destroy_unused_super.part.6+0xd0/0xd0 [ 144.978152] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 144.983143] ? save_stack+0xa3/0xd0 [ 144.986744] ? save_stack+0x43/0xd0 [ 144.990346] ? kasan_slab_alloc+0x12/0x20 [ 144.994467] ? kmem_cache_alloc+0x12e/0x760 [ 144.998761] ? alloc_pid+0xc1/0xa00 [ 145.002373] ? __radix_tree_replace+0x1af/0x310 [ 145.007033] ? radix_tree_delete+0x30/0x30 [ 145.011253] ? node_tag_clear+0xf2/0x180 [ 145.015294] ? proc_get_inode+0x620/0x620 [ 145.019417] mount_ns+0x6d/0x190 [ 145.022763] proc_mount+0x7a/0x90 [ 145.026206] mount_fs+0x66/0x2d0 [ 145.029574] vfs_kern_mount.part.26+0xc6/0x4a0 [ 145.034134] ? may_umount+0xa0/0xa0 [ 145.037735] ? idr_alloc_cyclic+0x1d6/0x320 [ 145.042040] ? do_raw_spin_trylock+0x190/0x190 [ 145.046612] ? idr_alloc+0x180/0x180 [ 145.050313] kern_mount_data+0x50/0xb0 [ 145.054187] pid_ns_prepare_proc+0x1e/0x80 [ 145.058688] alloc_pid+0x87e/0xa00 [ 145.062205] ? __change_pid+0x400/0x400 [ 145.066156] ? ns_capable_common+0xcf/0x160 [ 145.070468] ? memset+0x31/0x40 [ 145.073724] ? copy_thread_tls+0x268/0x8f0 [ 145.077938] copy_process.part.38+0x2516/0x4bd0 [ 145.082602] ? __cleanup_sighand+0x40/0x40 [ 145.086826] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 145.091994] ? __lock_acquire+0x664/0x3e00 [ 145.096207] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 145.101371] ? environ_open+0x80/0x80 [ 145.105152] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 145.110315] ? __lock_acquire+0x664/0x3e00 [ 145.114523] ? mntput_no_expire+0x130/0xa90 [ 145.118819] ? print_irqtrace_events+0x270/0x270 [ 145.123555] ? trace_hardirqs_off+0x10/0x10 [ 145.127852] ? lock_acquire+0x1d5/0x580 [ 145.131800] ? trace_hardirqs_off+0x10/0x10 [ 145.136108] ? trace_hardirqs_off+0x10/0x10 [ 145.140403] ? __lock_acquire+0x664/0x3e00 [ 145.144705] ? check_same_owner+0x320/0x320 [ 145.149008] ? find_held_lock+0x35/0x1d0 [ 145.153053] ? _parse_integer+0xe9/0x140 [ 145.157099] ? trace_hardirqs_off+0x10/0x10 [ 145.161743] ? _parse_integer+0x140/0x140 [ 145.165868] ? trace_hardirqs_off+0x10/0x10 [ 145.170163] ? get_pid_task+0x93/0x140 [ 145.174030] ? lock_downgrade+0x980/0x980 [ 145.178166] ? find_held_lock+0x35/0x1d0 [ 145.182208] ? __f_unlock_pos+0x19/0x20 [ 145.186164] ? lock_downgrade+0x980/0x980 [ 145.190305] ? get_pid_task+0xbc/0x140 [ 145.194172] ? proc_fail_nth_write+0x9b/0x1d0 [ 145.198642] ? map_files_get_link+0x3a0/0x3a0 [ 145.203117] ? handle_mm_fault+0x35b/0xb10 [ 145.207331] _do_fork+0x1f7/0xf70 [ 145.210763] ? fork_idle+0x2d0/0x2d0 [ 145.214456] ? wait_for_completion+0x770/0x770 [ 145.219036] ? __lock_is_held+0xb6/0x140 [ 145.223085] ? __sb_end_write+0xa0/0xd0 [ 145.227039] ? fput+0xd2/0x140 [ 145.230218] ? SyS_write+0x184/0x220 [ 145.233913] ? SyS_read+0x220/0x220 [ 145.237541] SyS_clone+0x37/0x50 [ 145.240918] ? sys_vfork+0x30/0x30 [ 145.244457] do_syscall_64+0x281/0x940 [ 145.248325] ? vmalloc_sync_all+0x30/0x30 [ 145.252458] ? _raw_spin_unlock_irq+0x27/0x70 [ 145.256941] ? finish_task_switch+0x1c1/0x7e0 [ 145.261416] ? syscall_return_slowpath+0x550/0x550 [ 145.266327] ? syscall_return_slowpath+0x2ac/0x550 [ 145.271232] ? prepare_exit_to_usermode+0x350/0x350 [ 145.276226] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 145.281567] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/03/31 10:51:42 executing program 4 (fault-call:1 fault-nth:3): modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:42 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='gretap0\x00', 0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:42 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:42 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:42 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x0, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:42 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0x249) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f000000dff8), 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:42 executing program 6 (fault-call:10 fault-nth:43): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) [ 145.286388] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 145.291554] RIP: 0033:0x454e79 [ 145.294717] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 145.302399] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 145.309645] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 145.316891] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 145.324137] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 145.331389] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000002a [ 145.390781] FAULT_INJECTION: forcing a failure. [ 145.390781] name failslab, interval 1, probability 0, space 0, times 0 [ 145.402158] CPU: 0 PID: 10431 Comm: syz-executor4 Not tainted 4.16.0-rc7+ #8 [ 145.409353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.418715] Call Trace: [ 145.421299] dump_stack+0x194/0x24d [ 145.424918] ? arch_local_irq_restore+0x53/0x53 [ 145.429580] ? find_held_lock+0x35/0x1d0 [ 145.433634] should_fail+0x8c0/0xa40 [ 145.437334] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 145.442425] ? lock_downgrade+0x980/0x980 [ 145.446562] ? find_held_lock+0x35/0x1d0 [ 145.450620] ? check_same_owner+0x320/0x320 [ 145.454919] ? debug_mutex_init+0x1c/0x60 [ 145.459050] ? rcu_note_context_switch+0x710/0x710 [ 145.463962] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 145.468964] should_failslab+0xec/0x120 [ 145.472922] kmem_cache_alloc+0x47/0x760 [ 145.476963] ? __mutex_init+0x1c7/0x2a0 [ 145.480917] ? SyS_membarrier+0x700/0x700 [ 145.485056] dup_fd+0x110/0xdf0 [ 145.488323] ? audit_alloc+0xdc/0x850 [ 145.492105] ? __fdget+0x20/0x20 [ 145.495455] ? perf_event_init_task+0x1ce/0x890 [ 145.500105] ? sched_fork+0x476/0xc10 [ 145.503891] ? ktime_get_with_offset+0x2c1/0x420 [ 145.508630] ? copy_semundo+0xb5/0x320 [ 145.512497] ? SyS_semop+0x30/0x30 [ 145.516026] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 145.521039] ? __lockdep_init_map+0xe4/0x650 [ 145.525428] ? security_task_alloc+0x81/0xb0 [ 145.529823] copy_process.part.38+0x20c4/0x4bd0 [ 145.534483] ? __cleanup_sighand+0x40/0x40 [ 145.538713] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 145.543887] ? __lock_acquire+0x664/0x3e00 [ 145.548102] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 145.553275] ? environ_open+0x80/0x80 [ 145.557067] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 145.562241] ? __lock_acquire+0x664/0x3e00 [ 145.566455] ? mntput_no_expire+0x130/0xa90 [ 145.570762] ? print_irqtrace_events+0x270/0x270 [ 145.575500] ? trace_hardirqs_off+0x10/0x10 [ 145.579809] ? lock_acquire+0x1d5/0x580 [ 145.583765] ? trace_hardirqs_off+0x10/0x10 [ 145.588071] ? trace_hardirqs_off+0x10/0x10 [ 145.592374] ? __lock_acquire+0x664/0x3e00 [ 145.596588] ? check_same_owner+0x320/0x320 [ 145.600893] ? find_held_lock+0x35/0x1d0 [ 145.604940] ? _parse_integer+0xe9/0x140 [ 145.608984] ? trace_hardirqs_off+0x10/0x10 [ 145.613284] ? _parse_integer+0x140/0x140 [ 145.617416] ? trace_hardirqs_off+0x10/0x10 [ 145.621721] ? get_pid_task+0x93/0x140 [ 145.625590] ? lock_downgrade+0x980/0x980 [ 145.629722] ? find_held_lock+0x35/0x1d0 [ 145.633770] ? __f_unlock_pos+0x19/0x20 [ 145.637724] ? lock_downgrade+0x980/0x980 [ 145.641848] ? get_pid_task+0xbc/0x140 [ 145.645713] ? proc_fail_nth_write+0x9b/0x1d0 [ 145.650188] ? map_files_get_link+0x3a0/0x3a0 [ 145.654663] ? handle_mm_fault+0x35b/0xb10 [ 145.658884] _do_fork+0x1f7/0xf70 [ 145.662322] ? fork_idle+0x2d0/0x2d0 [ 145.666020] ? wait_for_completion+0x770/0x770 [ 145.670589] ? __lock_is_held+0xb6/0x140 [ 145.674640] ? __sb_end_write+0xa0/0xd0 [ 145.678597] ? fput+0xd2/0x140 [ 145.681777] ? SyS_write+0x184/0x220 [ 145.685471] ? SyS_read+0x220/0x220 [ 145.689079] SyS_clone+0x37/0x50 [ 145.692431] ? sys_vfork+0x30/0x30 [ 145.695950] do_syscall_64+0x281/0x940 [ 145.699818] ? vmalloc_sync_all+0x30/0x30 [ 145.703947] ? _raw_spin_unlock_irq+0x27/0x70 [ 145.708632] ? finish_task_switch+0x1c1/0x7e0 [ 145.713108] ? syscall_return_slowpath+0x550/0x550 [ 145.718023] ? syscall_return_slowpath+0x2ac/0x550 [ 145.722936] ? prepare_exit_to_usermode+0x350/0x350 [ 145.727937] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 145.733285] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 145.738113] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 145.743283] RIP: 0033:0x454e79 [ 145.746453] RSP: 002b:00007f9ecbcf3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 145.754156] RAX: ffffffffffffffda RBX: 00007f9ecbcf46d4 RCX: 0000000000454e79 [ 145.761408] RDX: 0000000020000100 RSI: 0000000020000800 RDI: 0000000000000000 [ 145.768657] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000000 [ 145.775904] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000013 [ 145.783159] R13: 0000000000000051 R14: 00000000006f2838 R15: 0000000000000003 [ 145.804141] FAULT_INJECTION: forcing a failure. [ 145.804141] name failslab, interval 1, probability 0, space 0, times 0 [ 145.815476] CPU: 1 PID: 10437 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 145.822670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.832014] Call Trace: [ 145.834592] dump_stack+0x194/0x24d [ 145.838200] ? arch_local_irq_restore+0x53/0x53 [ 145.842850] ? __save_stack_trace+0x7e/0xd0 [ 145.847158] should_fail+0x8c0/0xa40 [ 145.850852] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 145.855941] ? kasan_kmalloc+0xad/0xe0 [ 145.859811] ? kmem_cache_alloc_trace+0x136/0x740 [ 145.864984] ? __memcg_init_list_lru_node+0x169/0x270 [ 145.870154] ? __list_lru_init+0x544/0x750 [ 145.874367] ? sget_userns+0x6b1/0xe40 [ 145.878233] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 145.882969] ? kern_mount_data+0x50/0xb0 [ 145.887011] ? pid_ns_prepare_proc+0x1e/0x80 [ 145.891404] ? copy_process.part.38+0x2516/0x4bd0 [ 145.896223] ? _do_fork+0x1f7/0xf70 [ 145.899827] ? SyS_clone+0x37/0x50 [ 145.903349] ? find_held_lock+0x35/0x1d0 [ 145.907401] ? __lock_is_held+0xb6/0x140 [ 145.911452] ? check_same_owner+0x320/0x320 [ 145.915756] ? rcu_note_context_switch+0x710/0x710 [ 145.920671] should_failslab+0xec/0x120 [ 145.924626] kmem_cache_alloc_trace+0x4b/0x740 [ 145.929186] ? __kmalloc_node+0x33/0x70 [ 145.933144] ? __kmalloc_node+0x33/0x70 [ 145.937099] ? rcu_read_lock_sched_held+0x108/0x120 [ 145.942101] __memcg_init_list_lru_node+0x169/0x270 [ 145.947103] ? list_lru_add+0x7c0/0x7c0 [ 145.951059] ? __kmalloc_node+0x47/0x70 [ 145.955024] __list_lru_init+0x544/0x750 [ 145.959078] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 145.964947] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 145.969949] ? lockdep_init_map+0x9/0x10 [ 145.973990] sget_userns+0x6b1/0xe40 [ 145.977682] ? set_anon_super+0x20/0x20 [ 145.981656] ? put_filp+0x90/0x90 [ 145.985087] ? destroy_unused_super.part.6+0xd0/0xd0 [ 145.990180] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 145.995182] ? perf_trace_lock+0xd6/0x900 [ 145.999309] ? perf_trace_lock_acquire+0xe3/0x980 [ 146.004130] ? save_stack+0xa3/0xd0 [ 146.007740] ? __radix_tree_replace+0x1af/0x310 [ 146.012389] ? radix_tree_delete+0x30/0x30 [ 146.016602] ? node_tag_clear+0xf2/0x180 [ 146.020644] ? proc_get_inode+0x620/0x620 [ 146.024770] mount_ns+0x6d/0x190 [ 146.028116] proc_mount+0x7a/0x90 [ 146.031550] mount_fs+0x66/0x2d0 [ 146.034907] vfs_kern_mount.part.26+0xc6/0x4a0 [ 146.039467] ? may_umount+0xa0/0xa0 [ 146.043071] ? idr_alloc_cyclic+0x1d6/0x320 [ 146.047373] ? do_raw_spin_trylock+0x190/0x190 [ 146.051933] ? idr_alloc+0x180/0x180 [ 146.055631] kern_mount_data+0x50/0xb0 [ 146.059501] pid_ns_prepare_proc+0x1e/0x80 [ 146.063714] alloc_pid+0x87e/0xa00 [ 146.067236] ? __change_pid+0x400/0x400 [ 146.071189] ? ns_capable_common+0xcf/0x160 [ 146.075496] ? memset+0x31/0x40 [ 146.078756] ? copy_thread_tls+0x268/0x8f0 [ 146.083735] copy_process.part.38+0x2516/0x4bd0 [ 146.088392] ? __cleanup_sighand+0x40/0x40 [ 146.092614] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 146.097786] ? __lock_acquire+0x664/0x3e00 [ 146.102009] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 146.107181] ? perf_trace_lock+0xd6/0x900 [ 146.111306] ? perf_trace_lock_acquire+0xe3/0x980 [ 146.116125] ? perf_trace_lock+0xd6/0x900 [ 146.120259] ? trace_event_raw_event_lock+0x340/0x340 [ 146.125428] ? perf_trace_lock+0x900/0x900 [ 146.129647] ? lock_acquire+0x1d5/0x580 [ 146.133601] ? trace_hardirqs_off+0x10/0x10 [ 146.137901] ? perf_trace_lock+0xd6/0x900 [ 146.142034] ? perf_trace_lock_acquire+0xe3/0x980 [ 146.146861] ? perf_trace_lock+0x900/0x900 [ 146.151073] ? find_held_lock+0x35/0x1d0 [ 146.155200] ? perf_trace_lock+0xd6/0x900 [ 146.159329] ? trace_event_raw_event_lock+0x340/0x340 [ 146.164498] ? _parse_integer+0x140/0x140 [ 146.168629] ? trace_hardirqs_off+0x10/0x10 [ 146.172932] ? get_pid_task+0x93/0x140 [ 146.176797] ? perf_trace_lock+0xd6/0x900 [ 146.180932] ? find_held_lock+0x35/0x1d0 [ 146.184981] ? __f_unlock_pos+0x19/0x20 [ 146.188935] ? lock_downgrade+0x980/0x980 [ 146.193061] ? get_pid_task+0xbc/0x140 [ 146.196924] ? proc_fail_nth_write+0x9b/0x1d0 [ 146.201918] ? map_files_get_link+0x3a0/0x3a0 [ 146.206396] _do_fork+0x1f7/0xf70 [ 146.209834] ? fork_idle+0x2d0/0x2d0 [ 146.213529] ? wait_for_completion+0x770/0x770 [ 146.218104] ? __sb_end_write+0xa0/0xd0 [ 146.222055] ? fput+0xd2/0x140 [ 146.225226] ? SyS_write+0x184/0x220 [ 146.228919] ? SyS_read+0x220/0x220 [ 146.232527] SyS_clone+0x37/0x50 [ 146.235868] ? sys_vfork+0x30/0x30 [ 146.239386] do_syscall_64+0x281/0x940 [ 146.243255] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 146.248790] ? syscall_return_slowpath+0x550/0x550 [ 146.253708] ? syscall_return_slowpath+0x2ac/0x550 [ 146.258618] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 146.263961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 146.268785] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 146.273954] RIP: 0033:0x454e79 [ 146.277119] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 146.284807] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 146.292057] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 146.299308] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 2018/03/31 10:51:43 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) accept4$inet6(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, @mcast2}, &(0x7f0000000040)=0x1c, 0x80800) [ 146.306563] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 146.313813] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000002b [ 146.326721] xprt_adjust_timeout: rq_timeout = 0! [ 146.339960] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:43 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x0, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:43 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:43 executing program 6 (fault-call:10 fault-nth:44): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:43 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 146.365608] binder: 10425:10443 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 146.447992] FAULT_INJECTION: forcing a failure. [ 146.447992] name failslab, interval 1, probability 0, space 0, times 0 [ 146.459424] CPU: 0 PID: 10460 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 146.466618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 146.475968] Call Trace: [ 146.478584] dump_stack+0x194/0x24d [ 146.482204] ? arch_local_irq_restore+0x53/0x53 [ 146.486867] ? __save_stack_trace+0x7e/0xd0 [ 146.491186] should_fail+0x8c0/0xa40 [ 146.494884] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 146.499975] ? kasan_kmalloc+0xad/0xe0 [ 146.503851] ? kmem_cache_alloc_trace+0x136/0x740 [ 146.508681] ? __memcg_init_list_lru_node+0x169/0x270 [ 146.513880] ? __list_lru_init+0x544/0x750 [ 146.518102] ? sget_userns+0x6b1/0xe40 [ 146.521981] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 146.526717] ? kern_mount_data+0x50/0xb0 [ 146.530764] ? pid_ns_prepare_proc+0x1e/0x80 [ 146.535159] ? alloc_pid+0x87e/0xa00 [ 146.538860] ? copy_process.part.38+0x2516/0x4bd0 [ 146.543686] ? _do_fork+0x1f7/0xf70 [ 146.547295] ? SyS_clone+0x37/0x50 [ 146.550823] ? find_held_lock+0x35/0x1d0 [ 146.554875] ? __lock_is_held+0xb6/0x140 [ 146.558931] ? check_same_owner+0x320/0x320 [ 146.563246] ? rcu_note_context_switch+0x710/0x710 [ 146.568172] should_failslab+0xec/0x120 [ 146.572132] kmem_cache_alloc_trace+0x4b/0x740 [ 146.576697] ? __kmalloc_node+0x33/0x70 [ 146.580661] ? __kmalloc_node+0x33/0x70 [ 146.584623] ? rcu_read_lock_sched_held+0x108/0x120 [ 146.589630] __memcg_init_list_lru_node+0x169/0x270 [ 146.594639] ? list_lru_add+0x7c0/0x7c0 [ 146.598603] ? __kmalloc_node+0x47/0x70 [ 146.602567] __list_lru_init+0x544/0x750 [ 146.606619] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 146.612493] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 146.617510] ? lockdep_init_map+0x9/0x10 [ 146.621563] sget_userns+0x6b1/0xe40 [ 146.625258] ? set_anon_super+0x20/0x20 [ 146.629218] ? put_filp+0x90/0x90 [ 146.632659] ? destroy_unused_super.part.6+0xd0/0xd0 [ 146.637761] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 146.642762] ? perf_trace_lock+0xd6/0x900 [ 146.646902] ? save_stack+0xa3/0xd0 [ 146.650522] ? kasan_slab_alloc+0x12/0x20 [ 146.654665] ? alloc_pid+0xc1/0xa00 [ 146.658286] ? __radix_tree_replace+0x1af/0x310 [ 146.662941] ? radix_tree_delete+0x30/0x30 [ 146.667159] ? node_tag_clear+0xf2/0x180 [ 146.671222] ? proc_get_inode+0x620/0x620 [ 146.675369] mount_ns+0x6d/0x190 [ 146.678728] proc_mount+0x7a/0x90 [ 146.682183] mount_fs+0x66/0x2d0 [ 146.685548] vfs_kern_mount.part.26+0xc6/0x4a0 [ 146.690121] ? may_umount+0xa0/0xa0 [ 146.693732] ? idr_alloc_cyclic+0x1d6/0x320 [ 146.698046] ? do_raw_spin_trylock+0x190/0x190 [ 146.702614] ? idr_alloc+0x180/0x180 [ 146.706315] kern_mount_data+0x50/0xb0 [ 146.710190] pid_ns_prepare_proc+0x1e/0x80 [ 146.714409] alloc_pid+0x87e/0xa00 [ 146.717939] ? __change_pid+0x400/0x400 [ 146.721899] ? ns_capable_common+0xcf/0x160 [ 146.726215] ? memset+0x31/0x40 [ 146.729484] ? copy_thread_tls+0x268/0x8f0 [ 146.733801] copy_process.part.38+0x2516/0x4bd0 [ 146.738490] ? __cleanup_sighand+0x40/0x40 [ 146.742745] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 146.747940] ? __lock_acquire+0x664/0x3e00 [ 146.752168] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 146.757350] ? perf_trace_lock+0xd6/0x900 [ 146.761497] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 146.766678] ? perf_trace_lock+0xd6/0x900 [ 146.770812] ? mntput_no_expire+0x130/0xa90 [ 146.775127] ? trace_event_raw_event_lock+0x340/0x340 [ 146.780319] ? perf_trace_lock+0xd6/0x900 [ 146.784462] ? lock_acquire+0x1d5/0x580 [ 146.788427] ? trace_hardirqs_off+0x10/0x10 [ 146.792736] ? perf_trace_lock+0xd6/0x900 [ 146.796882] ? find_held_lock+0x35/0x1d0 [ 146.800932] ? perf_trace_lock+0xd6/0x900 [ 146.805073] ? trace_event_raw_event_lock+0x340/0x340 [ 146.810254] ? _parse_integer+0x140/0x140 [ 146.814482] ? trace_hardirqs_off+0x10/0x10 [ 146.818796] ? get_pid_task+0x93/0x140 [ 146.822671] ? perf_trace_lock+0xd6/0x900 [ 146.826808] ? find_held_lock+0x35/0x1d0 [ 146.830879] ? __f_unlock_pos+0x19/0x20 [ 146.834840] ? lock_downgrade+0x980/0x980 [ 146.838971] ? get_pid_task+0xbc/0x140 [ 146.842846] ? proc_fail_nth_write+0x9b/0x1d0 [ 146.847328] ? map_files_get_link+0x3a0/0x3a0 [ 146.851819] ? handle_mm_fault+0x35b/0xb10 [ 146.856063] _do_fork+0x1f7/0xf70 [ 146.859524] ? fork_idle+0x2d0/0x2d0 [ 146.863228] ? wait_for_completion+0x770/0x770 [ 146.867820] ? __sb_end_write+0xa0/0xd0 [ 146.871781] ? fput+0xd2/0x140 [ 146.874959] ? SyS_write+0x184/0x220 [ 146.878803] ? SyS_read+0x220/0x220 [ 146.882420] SyS_clone+0x37/0x50 [ 146.885779] ? sys_vfork+0x30/0x30 [ 146.889307] do_syscall_64+0x281/0x940 [ 146.893180] ? vmalloc_sync_all+0x30/0x30 [ 146.897311] ? _raw_spin_unlock_irq+0x27/0x70 [ 146.901805] ? finish_task_switch+0x1c1/0x7e0 [ 146.906287] ? syscall_return_slowpath+0x550/0x550 [ 146.911203] ? syscall_return_slowpath+0x2ac/0x550 [ 146.916120] ? prepare_exit_to_usermode+0x350/0x350 [ 146.921130] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 146.926481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 146.931319] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 146.936491] RIP: 0033:0x454e79 [ 146.939675] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 146.947376] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 146.954629] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 146.961882] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 146.969133] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 146.976387] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000002c [ 147.034175] xprt_adjust_timeout: rq_timeout = 0! 2018/03/31 10:51:43 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x0, 0x0, 0x5}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000140)) 2018/03/31 10:51:43 executing program 5: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x20a000) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 2018/03/31 10:51:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x802, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000140)={r3, &(0x7f0000000100)=""/38}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000000240)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f000000dff8), 0x0, 0x0, &(0x7f0000000f4d)}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x10, 0x0, &(0x7f000000cf68)=[@request_death={0x400c630f}], 0x0, 0x0, &(0x7f0000008f37)}) r4 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) getsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/31 10:51:43 executing program 0: r0 = getpgid(0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x686d, 0x0, 0x0, 0x0, 0x1f}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000911000)={{&(0x7f0000822000/0x2000)=nil, 0x2000}}) socket$rds(0x15, 0x5, 0x0) r1 = socket(0x2, 0x3, 0x40000000000000ff) getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x401, 0x20000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000500)={&(0x7f00000004c0)=[0x0], 0x1}) r3 = perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) mq_open(&(0x7f0000a04000)='-$\x00', 0x0, 0x0, &(0x7f0000513fc0)) sendto$inet(r1, &(0x7f0000000080)="0a14f99f3bae099f9184a151c90008fc0877144128907496819a925d9aa8403df12b12c38e25989d", 0x28, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x2002, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000340)={0x71c, 0x23, 0x1ff}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x1f}, &(0x7f0000000200)=0x8) r4 = dup2(0xffffffffffffffff, r3) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000480)=0x7, 0x4) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f0000000180)) 2018/03/31 10:51:43 executing program 7: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x81f6, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x0, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) creat(&(0x7f0000000180)='./control/file0\x00', 0x0) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) 2018/03/31 10:51:43 executing program 2 (fault-call:8 fault-nth:0): r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") r1 = getpid() ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=""/221, 0xdd}) fcntl$setstatus(r0, 0x4, 0x6000) pread64(r0, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x4, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x2, 0x4e20, @multicast2=0xe0000002}, 0x0, 0x8001, 0x0, 0x0, 0x0, &(0x7f0000000100)='bridge0\x00', 0x3f800000000000, 0x80000000, 0x2c5d}) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)) request_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a}, &(0x7f00000006c0)='&*:@vboxnet1eth1}@\x00\x00', r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)) getpriority(0x0, 0x0) syncfs(r0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000880)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@multicast1=0xe0000001, 0x0, 0x100000000, 0x4e21, 0x7, 0x0, 0x0, 0x80, 0x0, r3, r4}, {0x1, 0x9, 0x855d, 0x0, 0x6, 0x101, 0x6, 0x9d}, {0x0, 0x0, 0xff, 0x100}, 0x6, 0x6e6bbe, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0xc}, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2, 0x3, 0x0, 0xeeb, 0x0, 0x7f}}, 0xe8) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000340)={'raw\x00'}, &(0x7f0000000140)=0x54) 2018/03/31 10:51:43 executing program 6 (fault-call:10 fault-nth:45): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000180)={0x1000, 0x6, 0x40}, &(0x7f0000000240)=0x10) socket$inet6(0xa, 0x1001000000080001, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/loop-control\x00', 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lsetxattr(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000500)='/dev/infiniband/rdma_cm\x00', 0x18, 0x0) munmap(&(0x7f0000a94000/0x2000)=nil, 0x2000) write$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000200180000fa03000000"], 0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) setns(0xffffffffffffffff, 0x0) clone(0x30000100, &(0x7f0000e69000), &(0x7f00009c4ffc), &(0x7f00001cc000), &(0x7f0000a46000)) mlock2(&(0x7f0000a91000/0x4000)=nil, 0x4000, 0x0) 2018/03/31 10:51:43 executing program 3: r0 = perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x0, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x0, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000340)) r1 = epoll_create1(0x80000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000001, 0x32, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x4000000068, 0x13, 0x2000000000000, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control\x00') fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x5) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x8) close(0xffffffffffffffff) r4 = fcntl$dupfd(r1, 0x0, r1) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f000086fff4)) rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='./control/file0\x00') r6 = getpid() kcmp$KCMP_EPOLL_TFD(0x0, r6, 0x7, r1, &(0x7f00000001c0)={r5, r3}) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r8 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a7dfff)}, 0xa00000400, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r8) close(r7) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 147.083221] xprt_adjust_timeout: rq_timeout = 0! [ 147.130517] FAULT_INJECTION: forcing a failure. [ 147.130517] name failslab, interval 1, probability 0, space 0, times 0 [ 147.142293] CPU: 1 PID: 10476 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 147.144451] FAULT_INJECTION: forcing a failure. [ 147.144451] name failslab, interval 1, probability 0, space 0, times 0 [ 147.149476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.149489] Call Trace: [ 147.149508] dump_stack+0x194/0x24d [ 147.149527] ? arch_local_irq_restore+0x53/0x53 [ 147.180854] ? find_held_lock+0x35/0x1d0 [ 147.184906] should_fail+0x8c0/0xa40 [ 147.188609] ? __list_lru_init+0x352/0x750 [ 147.192828] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 147.197917] ? find_next_zero_bit+0xe3/0x110 [ 147.202319] ? trace_hardirqs_off+0x10/0x10 [ 147.206633] ? find_held_lock+0x35/0x1d0 [ 147.210683] ? __lock_is_held+0xb6/0x140 [ 147.214736] ? check_same_owner+0x320/0x320 [ 147.219043] ? lock_downgrade+0x980/0x980 [ 147.223180] ? rcu_note_context_switch+0x710/0x710 [ 147.228094] ? find_held_lock+0x35/0x1d0 [ 147.232144] should_failslab+0xec/0x120 [ 147.236109] __kmalloc+0x63/0x760 [ 147.239557] ? lock_downgrade+0x980/0x980 [ 147.243699] ? register_shrinker+0x10e/0x2d0 [ 147.248795] ? trace_event_raw_event_module_request+0x320/0x320 [ 147.254849] register_shrinker+0x10e/0x2d0 [ 147.259073] ? prepare_kswapd_sleep+0x1f0/0x1f0 [ 147.263734] ? memcpy+0x45/0x50 [ 147.267010] sget_userns+0xbbf/0xe40 [ 147.270708] ? set_anon_super+0x20/0x20 [ 147.274672] ? put_filp+0x90/0x90 [ 147.278121] ? destroy_unused_super.part.6+0xd0/0xd0 [ 147.283214] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 147.288219] ? save_stack+0xa3/0xd0 [ 147.291829] ? save_stack+0x43/0xd0 [ 147.295448] ? kasan_slab_alloc+0x12/0x20 [ 147.299581] ? kmem_cache_alloc+0x12e/0x760 [ 147.303883] ? alloc_pid+0xc1/0xa00 [ 147.307496] ? __radix_tree_replace+0x1af/0x310 [ 147.312155] ? radix_tree_delete+0x30/0x30 [ 147.316376] ? node_tag_clear+0xf2/0x180 [ 147.320427] ? proc_get_inode+0x620/0x620 [ 147.324558] mount_ns+0x6d/0x190 [ 147.327916] proc_mount+0x7a/0x90 [ 147.331353] mount_fs+0x66/0x2d0 [ 147.334722] vfs_kern_mount.part.26+0xc6/0x4a0 [ 147.339287] ? may_umount+0xa0/0xa0 [ 147.342900] ? idr_alloc_cyclic+0x1d6/0x320 [ 147.347209] ? do_raw_spin_trylock+0x190/0x190 [ 147.351775] ? idr_alloc+0x180/0x180 [ 147.355477] kern_mount_data+0x50/0xb0 [ 147.359349] pid_ns_prepare_proc+0x1e/0x80 [ 147.363573] alloc_pid+0x87e/0xa00 [ 147.367101] ? __change_pid+0x400/0x400 [ 147.371059] ? ns_capable_common+0xcf/0x160 [ 147.375370] ? memset+0x31/0x40 [ 147.378637] ? copy_thread_tls+0x268/0x8f0 [ 147.382863] copy_process.part.38+0x2516/0x4bd0 [ 147.387525] ? __cleanup_sighand+0x40/0x40 [ 147.391755] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 147.396931] ? __lock_acquire+0x664/0x3e00 [ 147.401151] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 147.406327] ? environ_open+0x80/0x80 [ 147.410122] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 147.415294] ? __lock_acquire+0x664/0x3e00 [ 147.419517] ? mntput_no_expire+0x130/0xa90 [ 147.423837] ? print_irqtrace_events+0x270/0x270 [ 147.428578] ? trace_hardirqs_off+0x10/0x10 [ 147.432890] ? lock_acquire+0x1d5/0x580 [ 147.436851] ? trace_hardirqs_off+0x10/0x10 [ 147.441158] ? trace_hardirqs_off+0x10/0x10 [ 147.445469] ? __lock_acquire+0x664/0x3e00 [ 147.449685] ? check_same_owner+0x320/0x320 [ 147.453997] ? find_held_lock+0x35/0x1d0 [ 147.458053] ? _parse_integer+0xe9/0x140 [ 147.462103] ? trace_hardirqs_off+0x10/0x10 [ 147.466407] ? _parse_integer+0x140/0x140 [ 147.470543] ? trace_hardirqs_off+0x10/0x10 [ 147.474852] ? get_pid_task+0x93/0x140 [ 147.478723] ? lock_downgrade+0x980/0x980 [ 147.482861] ? find_held_lock+0x35/0x1d0 [ 147.486909] ? __f_unlock_pos+0x19/0x20 [ 147.490866] ? lock_downgrade+0x980/0x980 [ 147.495003] ? get_pid_task+0xbc/0x140 [ 147.498879] ? proc_fail_nth_write+0x9b/0x1d0 [ 147.503357] ? map_files_get_link+0x3a0/0x3a0 [ 147.507839] ? handle_mm_fault+0x35b/0xb10 [ 147.512061] _do_fork+0x1f7/0xf70 [ 147.515504] ? fork_idle+0x2d0/0x2d0 [ 147.519203] ? wait_for_completion+0x770/0x770 [ 147.523776] ? __lock_is_held+0xb6/0x140 [ 147.527832] ? __sb_end_write+0xa0/0xd0 [ 147.531796] ? fput+0xd2/0x140 [ 147.534978] ? SyS_write+0x184/0x220 [ 147.538682] ? SyS_read+0x220/0x220 [ 147.542301] SyS_clone+0x37/0x50 [ 147.545651] ? sys_vfork+0x30/0x30 [ 147.549177] do_syscall_64+0x281/0x940 [ 147.553046] ? vmalloc_sync_all+0x30/0x30 [ 147.557179] ? _raw_spin_unlock_irq+0x27/0x70 [ 147.561672] ? finish_task_switch+0x1c1/0x7e0 [ 147.566153] ? syscall_return_slowpath+0x550/0x550 [ 147.571067] ? syscall_return_slowpath+0x2ac/0x550 [ 147.575980] ? prepare_exit_to_usermode+0x350/0x350 [ 147.580988] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 147.586337] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 147.591166] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 147.596341] RIP: 0033:0x454e79 [ 147.599516] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 147.607211] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 147.614465] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 147.622325] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 147.629594] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 147.636855] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000002d [ 147.644135] CPU: 0 PID: 10484 Comm: syz-executor2 Not tainted 4.16.0-rc7+ #8 [ 147.651332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.660690] Call Trace: [ 147.663288] dump_stack+0x194/0x24d [ 147.666922] ? arch_local_irq_restore+0x53/0x53 [ 147.671597] ? find_held_lock+0x35/0x1d0 [ 147.675665] should_fail+0x8c0/0xa40 [ 147.679383] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 147.684494] ? find_held_lock+0x35/0x1d0 [ 147.688568] ? find_held_lock+0x35/0x1d0 [ 147.692653] ? check_same_owner+0x320/0x320 [ 147.694249] ------------[ cut here ]------------ [ 147.696970] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 147.696986] ? rcu_note_context_switch+0x710/0x710 [ 147.696996] ? wait_for_completion+0x770/0x770 [ 147.697013] should_failslab+0xec/0x120 [ 147.697024] __kmalloc_track_caller+0x5f/0x760 [ 147.697038] ? strncpy_from_user+0x430/0x430 [ 147.697045] ? mpi_resize+0x200/0x200 [ 147.697055] ? strndup_user+0x62/0xb0 [ 147.697067] memdup_user+0x2c/0x90 [ 147.701915] refcount_t: underflow; use-after-free. [ 147.707068] strndup_user+0x62/0xb0 [ 147.707079] SyS_request_key+0xa7/0x2d0 [ 147.707091] ? SyS_write+0x184/0x220 [ 147.707098] ? SyS_add_key+0x380/0x380 [ 147.707108] ? SyS_read+0x220/0x220 [ 147.712166] WARNING: CPU: 1 PID: 10476 at lib/refcount.c:187 refcount_sub_and_test+0x167/0x1b0 [ 147.716570] ? do_syscall_64+0xb7/0x940 [ 147.720510] Kernel panic - not syncing: panic_on_warn set ... [ 147.720510] [ 147.725067] ? SyS_add_key+0x380/0x380 [ 147.787970] do_syscall_64+0x281/0x940 [ 147.791842] ? vmalloc_sync_all+0x30/0x30 [ 147.795974] ? _raw_spin_unlock_irq+0x27/0x70 [ 147.800453] ? finish_task_switch+0x1c1/0x7e0 [ 147.804940] ? syscall_return_slowpath+0x550/0x550 [ 147.809849] ? syscall_return_slowpath+0x2ac/0x550 [ 147.814765] ? prepare_exit_to_usermode+0x350/0x350 [ 147.819766] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 147.825113] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/03/31 10:51:44 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x200, 0x20000800, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}, 0x10) clone(0x0, &(0x7f0000000800), &(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000000)) socketpair(0xa, 0x7, 0x4, &(0x7f0000000000)={0xffffffffffffffff}) accept$packet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000180)=0x14) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f00000000c0)) [ 147.829942] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 147.835115] RIP: 0033:0x454e79 [ 147.838285] RSP: 002b:00007f585a3dac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 147.845978] RAX: ffffffffffffffda RBX: 00007f585a3db6d4 RCX: 0000000000454e79 [ 147.853233] RDX: 00000000200006c0 RSI: 0000000020000700 RDI: 0000000020000680 [ 147.860490] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 147.867744] R10: 000000001d181d21 R11: 0000000000000246 R12: 0000000000000014 [ 147.874993] R13: 000000000000049d R14: 00000000006f8f58 R15: 0000000000000000 [ 147.882261] CPU: 1 PID: 10476 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #8 [ 147.889445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.898795] Call Trace: [ 147.901375] dump_stack+0x194/0x24d [ 147.904994] ? arch_local_irq_restore+0x53/0x53 [ 147.909656] ? vsnprintf+0x1ed/0x1900 [ 147.913445] panic+0x1e4/0x41c [ 147.916619] ? refcount_error_report+0x214/0x214 [ 147.921354] ? show_regs_print_info+0x18/0x18 [ 147.925829] ? vprintk_emit+0xa5f/0xb90 [ 147.929785] ? __warn+0x1c1/0x200 [ 147.933308] ? refcount_sub_and_test+0x167/0x1b0 [ 147.938042] __warn+0x1dc/0x200 [ 147.941302] ? refcount_sub_and_test+0x167/0x1b0 [ 147.946128] report_bug+0x1f4/0x2b0 [ 147.949739] fixup_bug.part.10+0x37/0x80 [ 147.953781] do_error_trap+0x2d7/0x3e0 [ 147.957650] ? vprintk_default+0x28/0x30 [ 147.961690] ? math_error+0x400/0x400 [ 147.965471] ? printk+0xaa/0xca [ 147.968728] ? show_regs_print_info+0x18/0x18 [ 147.973211] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 147.978040] do_invalid_op+0x1b/0x20 [ 147.981736] invalid_op+0x1b/0x40 [ 147.985170] RIP: 0010:refcount_sub_and_test+0x167/0x1b0 [ 147.990508] RSP: 0018:ffff88017f24f318 EFLAGS: 00010282 [ 147.995853] RAX: dffffc0000000008 RBX: 0000000000000000 RCX: ffffffff815b193e [ 148.003106] RDX: 0000000000040000 RSI: ffffc90006ed8000 RDI: 1ffff1002fe49de8 [ 148.010358] RBP: ffff88017f24f3a8 R08: ffffffff88583220 R09: 0000000000000000 [ 148.017607] R10: ffff88017f24f2d0 R11: 0000000000000000 R12: 1ffff1002fe49e64 [ 148.024858] R13: 00000000ffffffff R14: 0000000000000001 R15: ffff8801c6401850 [ 148.032118] ? vprintk_func+0x5e/0xc0 [ 148.035903] ? refcount_sub_and_test+0x167/0x1b0 [ 148.040639] ? refcount_inc+0x50/0x50 [ 148.044421] ? refcount_inc+0x50/0x50 [ 148.048202] ? ns_capable_common+0xcf/0x160 [ 148.052511] refcount_dec_and_test+0x1a/0x20 [ 148.056902] put_pid_ns+0x9d/0xc0 [ 148.060342] free_nsproxy+0xfa/0x1f0 [ 148.064039] switch_task_namespaces+0x9d/0xc0 [ 148.068515] exit_task_namespaces+0x17/0x20 [ 148.072819] copy_process.part.38+0x3aba/0x4bd0 [ 148.077493] ? __cleanup_sighand+0x40/0x40 [ 148.082523] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 148.087696] ? __lock_acquire+0x664/0x3e00 [ 148.091909] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 148.097078] ? environ_open+0x80/0x80 [ 148.100869] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 148.106041] ? __lock_acquire+0x664/0x3e00 [ 148.110255] ? mntput_no_expire+0x130/0xa90 [ 148.114560] ? print_irqtrace_events+0x270/0x270 [ 148.119296] ? trace_hardirqs_off+0x10/0x10 [ 148.123622] ? lock_acquire+0x1d5/0x580 [ 148.127575] ? trace_hardirqs_off+0x10/0x10 [ 148.131881] ? trace_hardirqs_off+0x10/0x10 [ 148.136188] ? __lock_acquire+0x664/0x3e00 [ 148.140401] ? check_same_owner+0x320/0x320 [ 148.144705] ? find_held_lock+0x35/0x1d0 [ 148.148750] ? _parse_integer+0xe9/0x140 [ 148.152799] ? trace_hardirqs_off+0x10/0x10 [ 148.157102] ? _parse_integer+0x140/0x140 [ 148.161234] ? trace_hardirqs_off+0x10/0x10 [ 148.165540] ? get_pid_task+0x93/0x140 [ 148.169408] ? lock_downgrade+0x980/0x980 [ 148.173544] ? find_held_lock+0x35/0x1d0 [ 148.177592] ? __f_unlock_pos+0x19/0x20 [ 148.181548] ? lock_downgrade+0x980/0x980 [ 148.185675] ? get_pid_task+0xbc/0x140 [ 148.189546] ? proc_fail_nth_write+0x9b/0x1d0 [ 148.194028] ? map_files_get_link+0x3a0/0x3a0 [ 148.198506] ? handle_mm_fault+0x35b/0xb10 [ 148.202728] _do_fork+0x1f7/0xf70 [ 148.206166] ? fork_idle+0x2d0/0x2d0 [ 148.209861] ? wait_for_completion+0x770/0x770 [ 148.214432] ? __lock_is_held+0xb6/0x140 [ 148.218493] ? __sb_end_write+0xa0/0xd0 [ 148.222452] ? fput+0xd2/0x140 [ 148.225627] ? SyS_write+0x184/0x220 [ 148.229335] ? SyS_read+0x220/0x220 [ 148.232951] SyS_clone+0x37/0x50 [ 148.236306] ? sys_vfork+0x30/0x30 [ 148.239827] do_syscall_64+0x281/0x940 [ 148.243698] ? vmalloc_sync_all+0x30/0x30 [ 148.247828] ? _raw_spin_unlock_irq+0x27/0x70 [ 148.252317] ? finish_task_switch+0x1c1/0x7e0 [ 148.256795] ? syscall_return_slowpath+0x550/0x550 [ 148.261708] ? syscall_return_slowpath+0x2ac/0x550 [ 148.266619] ? prepare_exit_to_usermode+0x350/0x350 [ 148.271621] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 148.276971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 148.281801] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 148.286992] RIP: 0033:0x454e79 [ 148.290161] RSP: 002b:00007f125f57cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 148.297851] RAX: ffffffffffffffda RBX: 00007f125f57d6d4 RCX: 0000000000454e79 [ 148.305099] RDX: 00000000209c4ffc RSI: 0000000020e69000 RDI: 0000000030000100 [ 148.312347] RBP: 000000000072bea0 R08: 0000000020a46000 R09: 0000000000000000 [ 148.319595] R10: 00000000201cc000 R11: 0000000000000246 R12: 0000000000000016 [ 148.326846] R13: 0000000000000051 R14: 00000000006f2838 R15: 000000000000002d [ 148.334587] Dumping ftrace buffer: [ 148.338433] (ftrace buffer empty) [ 148.342126] Kernel Offset: disabled [ 148.345736] Rebooting in 86400 seconds..