310610f7031655c2e019ee538460e6c26ba15eb209ef048021164853657f8c479666f9cc16b85f04680e374002e6174e5f7feb70f7faae6bfdec0a3f445a78156ccbf4b16a5b7affff39c934cd3a63fcfaac32339a7effc2dd429a32c244b362a790f0c3cdb384e3f66371646ab12fa33efa6da7e4319653bc7226a7c87e8b787d00931a617d200af80a32a6bab3133e13677798cc61db6cfd9bd12f094005fc2226852b480887ca2189a0ce083f4a162580011b0b37d417877830039e371593ee7b5fad32efd1545fcfd6d344c8b8e41aa3dff2a775fe63605b620eb805e7ee362549eb91e1ec3e2da2ce670d67159d4aa5c779c6641efc9cc2db126cc23a519fccc41230bb0633fb73dac84bb8aecb0153a446a7ff6727f8224f8c131997f3ddd74a5adb641c4eb11d53d961cf8797afe32c4d43928566f2b8c42f5a3cdfc1d0111733151798eaa5610fa493fb6047f5e7692733d5a60d4da2c8eccba23eace40ba550055016eb69fd57686f3fd987c7cc9a5e13b0bce5f890e581d0cec895a5901179bdcd3f2d85fad1c0208daeaeb077b7fb0ee26fec88f4372507c017db86d676d019dd02a3432da33527fa42a495661d63aaad7c1d20418f63d3ef817159ec833e9805a2a1700cf242724501518750a83e8acaeb5f7d259edae974fda736ec185607971e5040b5c5325e750941372bb3e2a1c5c92f04c662142051e08aad8a19cc8354e8449686513bef34fd953c20d10d222f6ca78e313b5f6fe51e86dfbcebd54222beee3e0ba59d0b0d089c5aad68023315a42f621b56d227779d749d0d4b746b6e4a5bad8b93c12ffaa6e94dc778091cf3100bf6b91632d27d7f914e05de6d3d899787273bf54c4cb164a94d43bdaf4009d13702b251bde7fb866feec099b01673b424f42fd1e767e71c2814900109736c383c198f39161a98a31a79a429225789e26f255228055f6abd1188b90a114f199fdfe6de60657ada5cea348629ea162f90738191a6f9140393c06bc69367702f585f1397b4bac0fdbd7e511a6b0abbaad4e369afcb598dfcb3100eae85e4b7e2041bec12e4ce7363722c67bd57fcea288febb8a4946b546b67050aaea52504576b6fbcc68aef7205c8eb119bcd04fdf483cb7664047f2728ca3929beae934a41851e49a1195ea2f3fc3ec1a498fae41f53d2d13182633a3d15e71a648612d9896be71d889eff84694c46b611daa8c422260b7ed18261eb804980e5f24c856ca5b090aa76c80865e3a54280979d98145c588255558cb28c6f9336521a0edc439bd9a7ddb85f2c2446a9ed392bc416210c56de9e2934cd127ae09801e2cb5df7fe973011ee3ef3a89d17a11d2e0a0f61650409dd3d46cfa4536223b7cfe43d9bd3148904661276c8dd9838517d3f5134af5cde59e457d4476eac6ef6091579ed2b975dd7a1d5d31aa5d83ae7857f9ec2ba8647498f470bc8b5070893842001a96746b02d4807675bd5dcc0f18eed3e2aa6f8db7cae09fc3573564f3cbada58cfe95301f0153fedf425cf01264114b52a6891c5d40ed378d3ac34336a75863abfae4f58983446a3b41ac7c27134310a66c2ce016e6ec48e3481ff8866881ffdd731c9b53dba30f1470a07283cd0c78fa72b93ee9b4f14d3166e80ffefe99ad1adb98cbb9eac28b32a29e430439e8e7a4a8ef68632707a8e27cb30f6b4b234e00931174d97b45c064a910c2e9edf5009e68e85bf6c073a8aa50c4764e5dadd4a19329d06bb2efb2ecb2bc250e45080fab050f808b8d54e7a5ee505acc95287b3bd6deb766e93fb726dea8925121f2b6c03cf9abdaf00a6343ed7b660f3f196ceb7629a6c25a9f4c1e6259f3c8ebc6f37313adac842d3421c6bee95478684f55d6d83050b733168c9faf3f2a869a7c49602a4ccbdb0bc6fcceaa836ddafab26cc982e847ed8b8dd46dc45d89bf1c27171634f9908fc2d9f9a0e1c20d271175a3661d2318ac8f85e3693fc6c1024348d1df15bfc401a423a5819114330e6ea6312d02d49dd90b5aeb6c612ac42a488e37ff0018b5dec211062f13f10fe95cab06804b675140fd170fef87311e6088e5af902303d951e1a1647879311f120ea65bcae961e303634109f6e4a4ec8fc8373f1a671b5f35c47e1879d5e61156af32dc3968af7d5c1180272c007d23fd78e68a8bf144b8a9fa2600dec4d838a08de7c226b9a00acabedf44ed25579d38efd00f834bc6b77aa6b7999154849560b73fa0a0a45c3de2e544a0afa0327e7c5c5d6290cca625ff0ca05b038a661e9b27f20b1c19a01a45e868f8971c2e21d632e49e8871f75ce0d20c4a6fce34d6b1f11c41bd8a9ffc7500495fa70ebdc11605e5684dc59aeae39d1f493aaea4ba8cafe8c5c06455ced56592f2e7ee8136a72fba08d7b62f31dec632d8162fb4617b72ac2a32d4059249232c4c57db8018232c6d4172ad2b7e382d35fa47ff7fc786e288b322acce67b4f4f0c5d518fbb4dc2e87a0de74285ba804a08260eee4a3eb1975421aa322d539f84fb0bb1818ea4b3f96d78518d102a463ba7293df1fe87f10c6e72dad662e33efca9aa9ff97c216a58e763b1f1596cb4e578995b1aba5eae6c48192ad1c326a6a59a44c4d7992ea78b6dab5a024e7cb47dcfa8efffaff0394c789397f840d0f2ec3c739bc1cc7408deec24815c57b0a404bacd612822d50efafd014b218b9b7702e1aacb9b20dc288e49f555b271429b932100e80633629655bbc308e26521dfa29aef869c93b44f8e948f00d3030daac62619d6b4c6c21598c839bcffe0cbd6c9aa09c73b9637d9299b25f2c748565231cdd3e19d8a739a8cfc35e95b5c7fdbe10af3a0ec0721adfb467d8d270d01bd8aa8256f95bfa23825fa4a3a311f15702e00cf39bb30eec79416452336901974afe7ec4ac280236e6461712ec6a120fbb6399f9d4fd707154b0571a3186c81fd5443303db0eb9c0ccf1596f9d02190a1c485e7e3aae2b6e1225eee8be0c41f6e872d37a225ed0421d44f043552d80f94b6ef90b0c23e867ea2f537a8e282e07252f929c11e4bd452850057be8109029e98538d23dbfcb1d30ff231bdb6993606f09bf6f315f22c4f", &(0x7f0000e52000)="a096e59d1b030fedf8286c7fc78d6a4156ebe552d395e785453370405629027761933a4f98dcb9d22af15f81505832cdedeb9a70a7ed15a6b6499d4474cff28e985ae72b3dbebdafead1f011d98f97099551d074b4deec94d22039584dc3ea15635aedb8270e8300329ed8b375ac2d4f0b799db063ca7fd2e818893744857d5b224c397464a44c44b3ea427b8b43e6aa24"}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00004a0000)=0x0) clock_gettime(0x0, &(0x7f0000582000)={0x0, 0x0}) timer_settime(r2, 0x1, &(0x7f0000a83000)={{r3, r4+30000000}, {0x77359400, 0x0}}, &(0x7f00007c8000)={{0x0, 0x0}, {0x0, 0x0}}) r5 = creat(&(0x7f000091a000-0xa)='./control\x00', 0x0) write$sndseq(r5, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) timer_delete(r2) 2018/01/17 19:07:24 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:24 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, 0xffffffffffffffff, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:24 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:24 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) unshare(0x8000000) r0 = mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000435000)={0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}) mq_timedsend(r0, &(0x7f0000a5c000)="", 0x0, 0x0, 0x0) mq_timedsend(r0, &(0x7f000066c000)="", 0x0, 0x0, &(0x7f000058f000-0x10)={0x77359400, 0x0}) mq_timedreceive(r0, &(0x7f0000659000)=""/131, 0x83, 0x0, 0x0) 2018/01/17 19:07:24 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:24 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:24 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:24 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x0) lseek(r0, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:24 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) syz_open_dev$adsp(&(0x7f000096e000-0xb)='/dev/adsp#\x00', 0x1, 0x200002) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:24 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 452.439621] FAULT_FLAG_ALLOW_RETRY missing 30 [ 452.448329] CPU: 0 PID: 21951 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 452.455716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.465061] Call Trace: [ 452.467651] dump_stack+0x194/0x257 [ 452.471285] ? arch_local_irq_restore+0x53/0x53 [ 452.475959] ? handle_userfault+0x12b7/0x24c0 [ 452.480459] handle_userfault+0x12fa/0x24c0 [ 452.484767] ? handle_userfault+0x150b/0x24c0 [ 452.489251] ? userfaultfd_ioctl+0x4520/0x4520 [ 452.493808] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 452.498967] ? __lock_is_held+0xb6/0x140 [ 452.503018] ? print_irqtrace_events+0x270/0x270 [ 452.507755] ? print_irqtrace_events+0x270/0x270 [ 452.512493] ? get_user_pages_fast+0x277/0x340 [ 452.517063] ? switched_to_fair+0xb0/0xb0 [ 452.521183] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 452.526172] ? trace_hardirqs_on+0xd/0x10 [ 452.530304] ? get_user_pages_fast+0x14e/0x340 [ 452.534872] ? pick_next_entity+0x197/0x400 [ 452.539168] ? __lock_acquire+0x664/0x3e00 [ 452.543374] ? check_noncircular+0x20/0x20 [ 452.547580] ? __lock_acquire+0x664/0x3e00 [ 452.550354] FAULT_FLAG_ALLOW_RETRY missing 30 [ 452.556290] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 452.561462] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 452.566643] ? find_held_lock+0x35/0x1d0 [ 452.570700] ? __handle_mm_fault+0x3296/0x3ce0 [ 452.575265] ? lock_downgrade+0x980/0x980 [ 452.579400] ? lock_release+0xa40/0xa40 [ 452.583360] ? copy_overflow+0x20/0x20 [ 452.587231] ? do_raw_spin_trylock+0x190/0x190 [ 452.591795] ? userfaultfd_ctx_put+0x740/0x740 [ 452.596379] __handle_mm_fault+0x32a3/0x3ce0 [ 452.600777] ? __pmd_alloc+0x4e0/0x4e0 [ 452.604648] ? print_irqtrace_events+0x270/0x270 [ 452.609393] ? find_held_lock+0x35/0x1d0 [ 452.613449] ? handle_mm_fault+0x248/0x8d0 [ 452.617666] ? lock_downgrade+0x980/0x980 [ 452.621835] handle_mm_fault+0x334/0x8d0 [ 452.625878] ? down_read+0x96/0x150 [ 452.629490] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 452.634053] ? vmacache_find+0x5f/0x280 [ 452.638018] ? find_vma+0x30/0x150 [ 452.641547] __do_page_fault+0x5c9/0xc90 [ 452.645608] ? mm_fault_error+0x2c0/0x2c0 [ 452.649739] ? find_held_lock+0x35/0x1d0 [ 452.653795] do_page_fault+0xee/0x720 [ 452.657580] ? __do_page_fault+0xc90/0xc90 [ 452.661802] ? lock_release+0xa40/0xa40 [ 452.665768] ? do_raw_spin_trylock+0x190/0x190 [ 452.670348] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 452.675186] page_fault+0x2c/0x60 [ 452.678620] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 452.684395] RSP: 0018:ffff8801b0c4f928 EFLAGS: 00010246 [ 452.689741] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 452.696991] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b0c4fd28 [ 452.704243] RBP: ffff8801b0c4fa08 R08: 0000000000000000 R09: 1ffff10036189ee7 [ 452.711494] R10: ffff8801b0c4f858 R11: 0000000000000003 R12: 1ffff10036189f28 [ 452.718747] R13: ffff8801b0c4f9e0 R14: 0000000000000000 R15: ffff8801b0c4fd20 [ 452.726019] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 452.731200] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 452.736373] ? iov_iter_revert+0x9d0/0x9d0 [ 452.740601] ? mark_held_locks+0xaf/0x100 [ 452.744730] ? simple_xattr_get+0xeb/0x160 [ 452.748949] ? current_kernel_time64+0x122/0x2f0 [ 452.753692] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 452.758702] generic_perform_write+0x200/0x600 [ 452.763291] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 452.768546] ? generic_update_time+0x1b2/0x270 [ 452.773115] ? __mnt_drop_write_file+0xd/0x70 [ 452.777596] ? file_update_time+0xbf/0x470 [ 452.781816] ? current_time+0xc0/0xc0 [ 452.785613] ? down_write+0x87/0x120 [ 452.789318] __generic_file_write_iter+0x366/0x5b0 [ 452.794228] ? check_noncircular+0x20/0x20 [ 452.798452] generic_file_write_iter+0x399/0x790 [ 452.803201] ? __generic_file_write_iter+0x5b0/0x5b0 [ 452.808291] ? iov_iter_init+0xaf/0x1d0 [ 452.812257] __vfs_write+0x684/0x970 [ 452.815950] ? lock_acquire+0x1d5/0x580 [ 452.819910] ? kernel_read+0x120/0x120 [ 452.823811] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 452.828547] ? __sb_start_write+0x209/0x2a0 [ 452.832858] vfs_write+0x189/0x510 [ 452.836389] SyS_write+0xef/0x220 [ 452.839829] ? SyS_read+0x220/0x220 [ 452.843436] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 452.848434] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 452.853182] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 452.857915] RIP: 0033:0x452e39 [ 452.861088] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 452.868776] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 452.876027] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 452.883278] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 2018/01/17 19:07:24 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:24 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:24 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000a3a000)=@hopopts={0x3a, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [@pad1={0x0, 0x1, 0x0}, @padn={0x1, 0x2, [0x0, 0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}}, @calipso={0x7, 0x18, {0x1, 0x4, 0x3, 0x8, [0x81, 0xfff]}}]}, 0x48) r2 = accept(r0, &(0x7f0000d41000-0x10)=@ax25={0x0, {""/7}, 0x0}, &(0x7f00004b6000-0x4)=0x10) setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000c92000)={r1, 0x4, 0xed11, 0x10000000}, 0x10) bind$bt_hci(r2, &(0x7f0000ab7000-0x6)={0x1f, 0x8, 0x0}, 0x6) sendto$inet6(r0, &(0x7f0000a70000-0x17)="12a798a3ac86bbd4d5408a9be3ec080a36705fa3d3e83d", 0x10, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x400, @loopback={0x0, 0x1}, 0x0}, 0xffac) [ 452.890530] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 452.897778] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 [ 452.905060] CPU: 1 PID: 21971 Comm: syz-executor1 Not tainted 4.15.0-rc8+ #265 [ 452.912420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.921758] Call Trace: [ 452.924343] dump_stack+0x194/0x257 [ 452.927978] ? arch_local_irq_restore+0x53/0x53 [ 452.932644] ? handle_userfault+0x12b7/0x24c0 [ 452.937152] handle_userfault+0x12fa/0x24c0 [ 452.941470] ? handle_userfault+0x150b/0x24c0 [ 452.945976] ? userfaultfd_ioctl+0x4520/0x4520 [ 452.950549] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 452.955728] ? __lock_is_held+0xb6/0x140 [ 452.959800] ? print_irqtrace_events+0x270/0x270 [ 452.964549] ? print_irqtrace_events+0x270/0x270 [ 452.969294] ? get_user_pages_fast+0x277/0x340 [ 452.973859] ? switched_to_fair+0xb0/0xb0 [ 452.977980] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 452.982974] ? trace_hardirqs_on+0xd/0x10 [ 452.987094] ? get_user_pages_fast+0x14e/0x340 [ 452.991660] ? pick_next_entity+0x197/0x400 [ 452.995977] ? __lock_acquire+0x664/0x3e00 [ 453.000193] ? check_noncircular+0x20/0x20 [ 453.004399] ? __lock_acquire+0x664/0x3e00 [ 453.008620] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 453.013786] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 453.018972] ? find_held_lock+0x35/0x1d0 [ 453.023044] ? __handle_mm_fault+0x3296/0x3ce0 [ 453.027610] ? lock_downgrade+0x980/0x980 [ 453.031737] ? lock_release+0xa40/0xa40 [ 453.035686] ? copy_overflow+0x20/0x20 [ 453.039567] ? do_raw_spin_trylock+0x190/0x190 [ 453.044144] ? userfaultfd_ctx_put+0x740/0x740 [ 453.048715] __handle_mm_fault+0x32a3/0x3ce0 [ 453.053103] ? __pmd_alloc+0x4e0/0x4e0 [ 453.056967] ? print_irqtrace_events+0x270/0x270 [ 453.061705] ? plist_check_head+0xe2/0x130 [ 453.065923] ? find_held_lock+0x35/0x1d0 [ 453.069967] ? handle_mm_fault+0x248/0x8d0 [ 453.074178] ? lock_downgrade+0x980/0x980 [ 453.078320] handle_mm_fault+0x334/0x8d0 [ 453.082365] ? down_read+0x96/0x150 [ 453.085971] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 453.090525] ? vmacache_find+0x5f/0x280 [ 453.094478] ? find_vma+0x30/0x150 [ 453.097996] __do_page_fault+0x5c9/0xc90 [ 453.102063] ? mm_fault_error+0x2c0/0x2c0 [ 453.106196] ? get_futex_value_locked+0xc3/0xf0 [ 453.110845] do_page_fault+0xee/0x720 [ 453.114623] ? __do_page_fault+0xc90/0xc90 [ 453.118831] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 453.124003] ? check_noncircular+0x20/0x20 [ 453.128224] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 453.133311] ? futex_wait+0x6a9/0x9a0 [ 453.137100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 453.141923] page_fault+0x2c/0x60 [ 453.145351] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 453.151116] RSP: 0018:ffff8801cfa27928 EFLAGS: 00010246 [ 453.156459] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 453.163699] RDX: 00000000000000c9 RSI: ffffc90003b70000 RDI: ffff8801cfa27d28 [ 453.170941] RBP: ffff8801cfa27a08 R08: 1ffff1003837b972 R09: 0000000000000000 [ 453.178183] R10: ffff8801cfa27858 R11: 0000000000000000 R12: 1ffff10039f44f28 [ 453.185428] R13: ffff8801cfa279e0 R14: 0000000000000000 R15: ffff8801cfa27d20 [ 453.192692] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 453.197863] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 453.203041] ? iov_iter_revert+0x9d0/0x9d0 [ 453.207259] ? mark_held_locks+0xaf/0x100 [ 453.211390] ? simple_xattr_get+0xeb/0x160 [ 453.215610] ? current_kernel_time64+0x122/0x2f0 [ 453.220342] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 453.225337] generic_perform_write+0x200/0x600 [ 453.229908] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 453.235157] ? current_time+0x88/0xc0 [ 453.238933] ? file_update_time+0xbf/0x470 [ 453.243154] ? current_time+0xc0/0xc0 [ 453.246942] ? down_write+0x87/0x120 [ 453.250633] __generic_file_write_iter+0x366/0x5b0 [ 453.255541] ? check_noncircular+0x20/0x20 [ 453.259754] generic_file_write_iter+0x399/0x790 [ 453.264489] ? __generic_file_write_iter+0x5b0/0x5b0 [ 453.269569] ? iov_iter_init+0xaf/0x1d0 [ 453.273523] __vfs_write+0x684/0x970 [ 453.277208] ? lock_acquire+0x1d5/0x580 [ 453.281157] ? kernel_read+0x120/0x120 [ 453.285068] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 453.289798] ? __sb_start_write+0x209/0x2a0 [ 453.294097] vfs_write+0x189/0x510 [ 453.297615] SyS_write+0xef/0x220 [ 453.301049] ? SyS_read+0x220/0x220 [ 453.304648] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 453.309639] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 453.314374] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 453.319103] RIP: 0033:0x452e39 [ 453.322263] RSP: 002b:00007f0774425c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 453.329942] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 453.337185] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 453.344428] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 453.351673] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 453.358920] R13: 00000000ffffffff R14: 00007f07744266d4 R15: 0000000000000000 [ 453.408276] FAULT_FLAG_ALLOW_RETRY missing 30 [ 453.412915] CPU: 0 PID: 21971 Comm: syz-executor1 Not tainted 4.15.0-rc8+ #265 [ 453.420271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 453.429614] Call Trace: [ 453.432181] dump_stack+0x194/0x257 [ 453.435785] ? arch_local_irq_restore+0x53/0x53 [ 453.440433] ? handle_userfault+0x12b7/0x24c0 [ 453.444903] handle_userfault+0x12fa/0x24c0 [ 453.449196] ? handle_userfault+0x150b/0x24c0 [ 453.453675] ? userfaultfd_ioctl+0x4520/0x4520 [ 453.458230] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 453.463391] ? find_held_lock+0x35/0x1d0 [ 453.467425] ? check_noncircular+0x20/0x20 [ 453.471637] ? print_irqtrace_events+0x270/0x270 [ 453.476365] ? print_irqtrace_events+0x270/0x270 [ 453.481097] ? find_held_lock+0x35/0x1d0 [ 453.485142] ? __update_idle_core+0x305/0x600 [ 453.489614] ? __lock_acquire+0x664/0x3e00 [ 453.493821] ? check_noncircular+0x20/0x20 [ 453.498029] ? __lock_acquire+0x664/0x3e00 [ 453.502250] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 453.507411] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 453.512578] ? find_held_lock+0x35/0x1d0 [ 453.516621] ? __handle_mm_fault+0x3296/0x3ce0 [ 453.521174] ? lock_downgrade+0x980/0x980 [ 453.525297] ? lock_release+0xa40/0xa40 [ 453.529242] ? copy_overflow+0x20/0x20 [ 453.533103] ? do_raw_spin_trylock+0x190/0x190 [ 453.537659] ? userfaultfd_ctx_put+0x740/0x740 [ 453.542224] __handle_mm_fault+0x32a3/0x3ce0 [ 453.546611] ? __pmd_alloc+0x4e0/0x4e0 [ 453.550471] ? print_irqtrace_events+0x270/0x270 [ 453.555203] ? find_held_lock+0x35/0x1d0 [ 453.559241] ? handle_mm_fault+0x248/0x8d0 [ 453.563448] ? lock_downgrade+0x980/0x980 [ 453.567590] handle_mm_fault+0x334/0x8d0 [ 453.571622] ? down_read+0x96/0x150 [ 453.575221] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 453.579772] ? vmacache_find+0x5f/0x280 [ 453.583723] ? find_vma+0x30/0x150 [ 453.587240] __do_page_fault+0x5c9/0xc90 [ 453.591279] ? mm_fault_error+0x2c0/0x2c0 [ 453.595398] ? find_held_lock+0x35/0x1d0 [ 453.599438] do_page_fault+0xee/0x720 [ 453.603211] ? __do_page_fault+0xc90/0xc90 [ 453.607417] ? lock_release+0xa40/0xa40 [ 453.611367] ? do_raw_spin_trylock+0x190/0x190 [ 453.615929] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 453.620748] page_fault+0x2c/0x60 [ 453.624172] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 453.629936] RSP: 0018:ffff8801cfa27928 EFLAGS: 00010246 [ 453.635269] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 453.642512] RDX: 000000000000010b RSI: ffffc90003b70000 RDI: ffff8801cfa27d28 [ 453.649751] RBP: ffff8801cfa27a08 R08: 0000000000000000 R09: 1ffff10039f44ee7 [ 453.656993] R10: ffff8801cfa27858 R11: 0000000000000003 R12: 1ffff10039f44f28 [ 453.664236] R13: ffff8801cfa279e0 R14: 0000000000000000 R15: ffff8801cfa27d20 [ 453.671501] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 453.676671] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 453.681833] ? iov_iter_revert+0x9d0/0x9d0 [ 453.686043] ? mark_held_locks+0xaf/0x100 [ 453.690163] ? simple_xattr_get+0xeb/0x160 [ 453.694371] ? current_kernel_time64+0x122/0x2f0 [ 453.699103] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 453.704093] generic_perform_write+0x200/0x600 [ 453.708659] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 453.713905] ? generic_update_time+0x1b2/0x270 [ 453.718458] ? __mnt_drop_write_file+0xd/0x70 [ 453.722925] ? file_update_time+0xbf/0x470 [ 453.727133] ? current_time+0xc0/0xc0 [ 453.730911] ? down_write+0x87/0x120 [ 453.734598] __generic_file_write_iter+0x366/0x5b0 [ 453.739503] ? check_noncircular+0x20/0x20 [ 453.743715] generic_file_write_iter+0x399/0x790 [ 453.748450] ? __generic_file_write_iter+0x5b0/0x5b0 [ 453.753528] ? iov_iter_init+0xaf/0x1d0 [ 453.757478] __vfs_write+0x684/0x970 [ 453.761161] ? lock_acquire+0x1d5/0x580 [ 453.765109] ? kernel_read+0x120/0x120 [ 453.768987] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 453.773715] ? __sb_start_write+0x209/0x2a0 [ 453.778016] vfs_write+0x189/0x510 [ 453.781538] SyS_write+0xef/0x220 [ 453.784965] ? SyS_read+0x220/0x220 [ 453.788566] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 453.793557] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 453.798291] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 453.803024] RIP: 0033:0x452e39 2018/01/17 19:07:25 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r2, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:25 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:25 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$mice(&(0x7f0000720000)='/dev/input/mice\x00', 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000af1000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f00007c0000-0x98)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/64, ""/32, [0x0, 0x0], 0x0}) 2018/01/17 19:07:25 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:25 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x40000, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) mincore(&(0x7f0000563000/0x3000)=nil, 0x3000, &(0x7f000044e000)=""/4096) clock_gettime(0x0, &(0x7f00006c2000)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00009ab000)={0x0, 0x0}) futimesat(r0, &(0x7f0000a22000)='./control\x00', &(0x7f0000668000)={{r2, r3/1000+30000}, {r4, r5/1000+30000}}) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$TTUNGETFILTER(r0, 0x801054db, &(0x7f0000f30000-0x1f)=""/31) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r6 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r6, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x4000000000000000, 0x0, @tick=0x0, {0x0, 0xfffffffffffffffc}, {0x0, 0x40000}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00008c1000-0xe)='./file0\x00', &(0x7f0000bb4000)='./control\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:25 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:25 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x0) lseek(r0, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:25 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00009a7000)='/dev/rtc\x00', 0x80000, 0x0) syslog(0xe, &(0x7f0000516000-0x7e)=""/126, 0x7e) accept$ipx(r1, &(0x7f00008c2000)={0x0, 0x0, 0x0, ""/6, 0x0, 0x0}, &(0x7f000005d000-0x4)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:25 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) [ 453.806186] RSP: 002b:00007f0774425c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 453.813865] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 453.821106] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000019 [ 453.828355] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 453.835594] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 453.842841] R13: 00000000ffffffff R14: 00007f07744266d4 R15: 0000000000000000 2018/01/17 19:07:25 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:25 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:25 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:25 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) socket$bt_cmtp(0x1f, 0x3, 0x5) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000514000)='westwood\x00', 0x9) 2018/01/17 19:07:25 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 453.920891] FAULT_FLAG_ALLOW_RETRY missing 30 [ 453.925646] CPU: 0 PID: 22009 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 453.933021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 453.942366] Call Trace: [ 453.944964] dump_stack+0x194/0x257 [ 453.948611] ? arch_local_irq_restore+0x53/0x53 [ 453.953297] ? handle_userfault+0x12b7/0x24c0 [ 453.957804] handle_userfault+0x12fa/0x24c0 [ 453.962132] ? handle_userfault+0x150b/0x24c0 [ 453.966650] ? userfaultfd_ioctl+0x4520/0x4520 2018/01/17 19:07:25 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) r1 = syz_open_dev$vcsn(&(0x7f0000029000)='/dev/vcs#\x00', 0x8, 0x410080) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000265000-0xe8)={{{@in6=@ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0], @multicast2=0x0}, @in=@dev={0x0, 0x0, 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in=@broadcast=0x0, 0xffffffffffffffff, 0x0}, 0x0, @in6=@mcast1={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000dfe000-0x4)=0xe8) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000e98000)={@remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, r2}, 0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0xfffffffffffffea7) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000602000-0x7)='ns/net\x00') ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f000055d000)=0x0) lgetxattr(&(0x7f00007c9000)='./file0\x00', &(0x7f00002a2000)=@known='system.posix_acl_default\x00', &(0x7f0000ca8000)=""/162, 0xa2) [ 453.971234] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 453.976420] ? __lock_is_held+0xb6/0x140 [ 453.980507] ? print_irqtrace_events+0x270/0x270 [ 453.985280] ? print_irqtrace_events+0x270/0x270 [ 453.990031] ? get_user_pages_fast+0x277/0x340 [ 453.994610] ? switched_to_fair+0xb0/0xb0 [ 453.998751] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 454.003762] ? trace_hardirqs_on+0xd/0x10 [ 454.007898] ? get_user_pages_fast+0x14e/0x340 [ 454.012470] ? pick_next_entity+0x197/0x400 [ 454.016776] ? __lock_acquire+0x664/0x3e00 2018/01/17 19:07:26 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f0000759000)='/dev/snd/midiC#D#\x00', 0x20, 0x220000) ioctl$KVM_PPC_GET_SMMU_INFO(r1, 0x8250aea6, &(0x7f0000025000)=""/237) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) getsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000a6d000-0x4)=0x0, &(0x7f0000f85000)=0x4) [ 454.020993] ? check_noncircular+0x20/0x20 [ 454.025216] ? __lock_acquire+0x664/0x3e00 [ 454.029475] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 454.034665] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 454.039866] ? find_held_lock+0x35/0x1d0 [ 454.043932] ? __handle_mm_fault+0x3296/0x3ce0 [ 454.048511] ? lock_downgrade+0x980/0x980 [ 454.052651] ? lock_release+0xa40/0xa40 [ 454.056622] ? copy_overflow+0x20/0x20 [ 454.060505] ? do_raw_spin_trylock+0x190/0x190 [ 454.065079] ? userfaultfd_ctx_put+0x740/0x740 [ 454.069673] __handle_mm_fault+0x32a3/0x3ce0 [ 454.074070] ? __pmd_alloc+0x4e0/0x4e0 [ 454.077937] ? print_irqtrace_events+0x270/0x270 [ 454.082673] ? find_held_lock+0x35/0x1d0 [ 454.086714] ? handle_mm_fault+0x248/0x8d0 [ 454.090922] ? lock_downgrade+0x980/0x980 [ 454.095063] handle_mm_fault+0x334/0x8d0 [ 454.099101] ? down_read+0x96/0x150 [ 454.102701] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 454.107256] ? vmacache_find+0x5f/0x280 [ 454.111208] ? find_vma+0x30/0x150 [ 454.114727] __do_page_fault+0x5c9/0xc90 [ 454.118769] ? mm_fault_error+0x2c0/0x2c0 [ 454.122889] ? find_held_lock+0x35/0x1d0 [ 454.126928] do_page_fault+0xee/0x720 [ 454.130701] ? __do_page_fault+0xc90/0xc90 [ 454.134908] ? lock_release+0xa40/0xa40 [ 454.138864] ? do_raw_spin_trylock+0x190/0x190 [ 454.143441] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 454.148266] page_fault+0x2c/0x60 [ 454.151694] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 454.157461] RSP: 0018:ffff8801d0e37928 EFLAGS: 00010246 [ 454.162800] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 454.170042] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d0e37d28 [ 454.177285] RBP: ffff8801d0e37a08 R08: 0000000000000000 R09: 1ffff1003a1c6ee7 [ 454.184555] R10: ffff8801d0e37858 R11: 0000000000000003 R12: 1ffff1003a1c6f28 [ 454.191802] R13: ffff8801d0e379e0 R14: 0000000000000000 R15: ffff8801d0e37d20 [ 454.199064] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 454.204233] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 454.209398] ? iov_iter_revert+0x9d0/0x9d0 [ 454.213615] ? mark_held_locks+0xaf/0x100 [ 454.217735] ? simple_xattr_get+0xeb/0x160 [ 454.221942] ? current_kernel_time64+0x122/0x2f0 [ 454.226675] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 454.231669] generic_perform_write+0x200/0x600 [ 454.236239] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 454.241490] ? generic_update_time+0x1b2/0x270 [ 454.246054] ? __mnt_drop_write_file+0xd/0x70 [ 454.250521] ? file_update_time+0xbf/0x470 [ 454.254728] ? current_time+0xc0/0xc0 [ 454.258509] ? down_write+0x87/0x120 [ 454.262201] __generic_file_write_iter+0x366/0x5b0 [ 454.267104] ? check_noncircular+0x20/0x20 [ 454.271315] generic_file_write_iter+0x399/0x790 [ 454.276052] ? __generic_file_write_iter+0x5b0/0x5b0 [ 454.281136] ? iov_iter_init+0xaf/0x1d0 [ 454.285087] __vfs_write+0x684/0x970 [ 454.288771] ? lock_acquire+0x1d5/0x580 [ 454.292721] ? kernel_read+0x120/0x120 [ 454.296601] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 454.301328] ? __sb_start_write+0x209/0x2a0 [ 454.305624] vfs_write+0x189/0x510 [ 454.309139] SyS_write+0xef/0x220 [ 454.312568] ? SyS_read+0x220/0x220 [ 454.316166] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 454.321159] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 454.325896] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 454.330623] RIP: 0033:0x452e39 [ 454.333784] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 454.341465] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 454.348706] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 454.355949] RBP: 000000000000004a R08: 0000000000000000 R09: 0000000000000000 [ 454.363192] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee790 [ 454.370433] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:26 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000945000)=0x330, 0x4) sendto$inet(r3, &(0x7f0000013000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendmmsg(r3, &(0x7f0000c18000)=[{{&(0x7f0000164000)=@pppoe={0x18, 0x0, {0x0, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], @syzn={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}}}, 0x1e, &(0x7f00003d8000-0x40)=[{&(0x7f00007c2000-0x2)="b3", 0x1}], 0x1, &(0x7f0000c37000)=[], 0x0, 0x0}, 0x0}], 0x1, 0x0) sendmsg(r3, &(0x7f0000531000-0x38)={&(0x7f0000bed000-0xe)=@l2={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0}, 0xe, &(0x7f00002e3000)=[{&(0x7f0000013000-0x1000)="80", 0x1}], 0x1, &(0x7f00003ab000-0x260)=[], 0x0, 0x0}, 0x0) read(r3, &(0x7f0000e82000)=""/54, 0x36) close(r3) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) socketpair$ipx(0x4, 0x2, 0x0, &(0x7f0000a60000)={0x0, 0x0}) 2018/01/17 19:07:26 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x0) lseek(r0, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:26 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:26 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000944000)='/dev/loop#\x00', 0x0, 0x2) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00007d5000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, "84abe06e7e045dbe2890ea25fde83d721f0e89644e9ff366d449e226e0301185c3fedf62422aeda3243fa6da8b4890eec7a6eb23fe76b91a28ae2b7082b5d58a", "32966be6e70ef92c229db0afa2d550b86ad313cdbee264a7b8b5a6e9f49b65f6f769b395becc7711bb4965f4cb017c228d56a6f4f0c2d053277251d07a2bb1b9", "8475350739f6fdca195387035640c0861f44fb897301382392d741f11ccb6b01", [0x0, 0x0]}) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000709000-0x8c)={0x0, @in6={{0xa, 0xffffffffffffffff, 0x18faeadd, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @rand_addr=0x0}, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x8c) 2018/01/17 19:07:26 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:26 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x103) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) clock_settime(0x7, &(0x7f0000460000)={0x0, 0x1c9c380}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000dcc000-0x1)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000349000-0x2e)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0xffffffffffffffff, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2, 0x0, 0x0, 0x0}}, 0x2e) r4 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r4, &(0x7f00005fb000-0x2e)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4, 0x0, 0x0, 0x0}}, 0x2e) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control\x00') fremovexattr(r0, &(0x7f0000e90000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) socket$bt_hidp(0x1f, 0x3, 0x6) 2018/01/17 19:07:26 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:26 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) pipe(&(0x7f0000e12000-0x8)={0x0, 0x0}) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000712000)={0x11, 0xc8, &(0x7f0000eb2000)="29346f6e36e47df4787f68aba446d62cc5458210bb085da53df0e4273a48565581f10b61bed353803f4c130b3ac9134f8049c92894bef993e280c04a6700b4ed6ef8b072e7d5f3ca6ec110221fa21b71b169bb0d86c261d02f14426bd6c98cccf1f573427878c8174bd9649ea8044c8ce34281f0be71ebbdb442f75efd14cb98123072d452a93822f06407cc576b6fa4a6327a2344aa0697890c4348d9926d541dea24751801eb9437679d966103b672ba8af53bdbb2b72e207f39da89687cbdc1634e0f259a4e38"}) 2018/01/17 19:07:26 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:26 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:26 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:26 executing program 7: mmap(&(0x7f0000000000/0x1c000)=nil, 0x1c000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000001a000)={0x14, 0x0, &(0x7f000001a000)=[@acquire={0x40046305, 0x3}, @free_buffer={0x40086303, 0x0}], 0x0, 0x0, &(0x7f000001b000-0x25)=""}) 2018/01/17 19:07:26 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00004d4000-0x1c)=[@in6={0xa, 0x1, 0x20, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x40}], 0x1c) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000ef1000-0xc6)={0x0, 0xbe, "9e00e0a98ef4405a65da643395c59260d9bd24ae717f1400fc24259d57b8097b53916f39ee5e1a7ba2b98fd25df7e0ab1a2b2f6e43c59c250fb543697752816f7f5c12f7edaa36a58ee65e2df9228c30cd70ce96817875079c7431b71adbb066ef9305d0d5af9804954f81fd34af4fc52d4e2991ff91f9209ec1f1c3ac5e440eca30425f82a90eadffde3d0e16cdf31844296aac804835d70965514e81cb8426f0eb3e362e7b81ced60984eefd6874ad334358c1e38bcd7d69978e5110e0"}, &(0x7f0000369000-0x4)=0xc6) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000047000)={r1, 0x55, &(0x7f0000728000-0x68)=[@in={0x2, 0x1, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f0000a53000)=0x1ce) r2 = syz_open_procfs(0x0, &(0x7f0000433000)='clear_refs\x00') getsockname$inet(r2, &(0x7f0000d59000)={0x0, 0xffffffffffffffff, @multicast2=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000db9000-0x4)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f00005d8000)=0x80000) 2018/01/17 19:07:26 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(0xffffffffffffffff, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:26 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000f39000)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, {[]}}, @tcp={{0xffffffffffffffff, 0xffffffffffffffff, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}, &(0x7f000010e000-0xc)={0x0, 0x1, [0x0]}) [ 454.515410] binder: 22081:22083 ioctl c0306201 2001a000 returned -14 [ 454.522961] binder: 22081:22086 ioctl c0306201 2001a000 returned -14 2018/01/17 19:07:26 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:26 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(0xffffffffffffffff, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:26 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:26 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:26 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000b26000)={0x5, [0x1000, 0x1, 0x9, 0xdd81, 0x9]}, 0xe) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000836000-0x18)={0x0, 0x8000, 0x10, 0x0, 0x4}, &(0x7f00008f1000)=0x18) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={r1, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x1, @rand_addr=0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:26 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000f02000)={0xaa, 0x20000000001, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:26 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000002000-0x20)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000011000)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000003000-0x16)=""/22) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00000c1000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:26 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f000099e000-0x12)={0x0, 0x1f, "94c2b381b21b664e07b1c1ff8ee124ee61cc71e3cd45efcd443c420ef2ce45"}, &(0x7f00006e3000-0x4)=0x27) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000a5f000-0xa0)={r2, @in={{0x2, 0x2, @dev={0xac, 0x14, 0x0, 0x11}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x7, 0x14, 0x7, 0x6, 0x10}, 0xa0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:26 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) [ 454.708196] FAULT_FLAG_ALLOW_RETRY missing 30 [ 454.713182] CPU: 0 PID: 22119 Comm: syz-executor7 Not tainted 4.15.0-rc8+ #265 [ 454.720566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 454.729902] Call Trace: [ 454.732475] dump_stack+0x194/0x257 [ 454.736080] ? arch_local_irq_restore+0x53/0x53 [ 454.740725] ? gup_pgd_range+0x843/0x2cf0 [ 454.744849] ? handle_userfault+0x12b7/0x24c0 [ 454.749323] handle_userfault+0x12fa/0x24c0 [ 454.753619] ? handle_userfault+0x150b/0x24c0 [ 454.758101] ? userfaultfd_ioctl+0x4520/0x4520 [ 454.762657] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 454.767819] ? __gup_device_huge+0x170/0x170 [ 454.772211] ? print_irqtrace_events+0x270/0x270 [ 454.776941] ? print_irqtrace_events+0x270/0x270 [ 454.781674] ? __lock_acquire+0x664/0x3e00 [ 454.785888] ? check_noncircular+0x20/0x20 [ 454.790103] ? __lock_acquire+0x664/0x3e00 [ 454.794316] ? check_noncircular+0x20/0x20 [ 454.798522] ? __lock_acquire+0x664/0x3e00 [ 454.802745] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 454.807911] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 454.813077] ? rb_next+0x140/0x140 [ 454.816593] ? find_held_lock+0x35/0x1d0 [ 454.820636] ? __handle_mm_fault+0x3296/0x3ce0 [ 454.825192] ? lock_downgrade+0x980/0x980 [ 454.829316] ? lock_release+0xa40/0xa40 [ 454.833268] ? do_raw_spin_trylock+0x190/0x190 [ 454.837824] ? userfaultfd_ctx_put+0x740/0x740 [ 454.842390] __handle_mm_fault+0x32a3/0x3ce0 [ 454.846781] ? __pmd_alloc+0x4e0/0x4e0 [ 454.850644] ? cpuacct_charge+0x2e6/0x5c0 [ 454.854769] ? find_held_lock+0x35/0x1d0 [ 454.858813] ? handle_mm_fault+0x248/0x8d0 [ 454.863025] ? lock_downgrade+0x980/0x980 [ 454.867175] handle_mm_fault+0x334/0x8d0 [ 454.871209] ? down_read+0x96/0x150 [ 454.874811] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 454.879366] ? vmacache_find+0x5f/0x280 [ 454.883321] ? find_vma+0x30/0x150 [ 454.886841] __do_page_fault+0x5c9/0xc90 [ 454.890883] ? mm_fault_error+0x2c0/0x2c0 [ 454.895026] do_page_fault+0xee/0x720 [ 454.898803] ? __do_page_fault+0xc90/0xc90 [ 454.903026] ? find_held_lock+0x35/0x1d0 [ 454.907071] ? __might_fault+0x110/0x1d0 [ 454.911111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 454.915939] page_fault+0x2c/0x60 [ 454.919368] RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 [ 454.924963] RSP: 0018:ffff8801d07ff530 EFLAGS: 00010202 [ 454.930301] RAX: ffffed003a0fff56 RBX: 0000000020011000 RCX: 0000000000000002 [ 454.937543] RDX: 0000000000000000 RSI: 0000000020011000 RDI: ffff8801d07ffaa0 [ 454.944786] RBP: ffff8801d07ff560 R08: ffffed003a0fff56 R09: ffffed003a0fff56 [ 454.952032] R10: 0000000000000002 R11: ffffed003a0fff55 R12: 0000000000000010 [ 454.959278] R13: ffff8801d07ffaa0 R14: 00007ffffffff000 R15: 0000000020011010 [ 454.966546] ? _copy_from_user+0xc5/0x110 [ 454.970673] userfaultfd_ioctl+0xf1b/0x4520 [ 454.974969] ? lock_downgrade+0x980/0x980 [ 454.979098] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 454.984264] ? do_raw_spin_trylock+0x190/0x190 [ 454.988823] ? userfaultfd_read+0x220/0x220 [ 454.993118] ? __lock_is_held+0xb6/0x140 [ 454.997160] ? print_irqtrace_events+0x270/0x270 [ 455.001894] ? __lock_is_held+0xb6/0x140 [ 455.005941] ? __perf_event_task_sched_out+0x266/0x1490 [ 455.011285] ? __lock_acquire+0x664/0x3e00 [ 455.015495] ? perf_event_sync_stat+0x5b0/0x5b0 [ 455.020144] ? __perf_event_task_sched_in+0x200/0xc20 [ 455.025327] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 455.030489] ? find_held_lock+0x35/0x1d0 [ 455.034532] ? finish_task_switch+0x1d3/0x740 [ 455.039006] ? lock_downgrade+0x980/0x980 [ 455.043133] ? load_balance+0x34c0/0x34c0 [ 455.047258] ? lock_release+0xa40/0xa40 [ 455.051206] ? compat_start_thread+0x80/0x80 [ 455.055590] ? do_raw_spin_trylock+0x190/0x190 [ 455.060149] ? _raw_spin_unlock_irq+0x27/0x70 [ 455.064622] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 455.069615] ? trace_hardirqs_on+0xd/0x10 [ 455.073746] ? check_noncircular+0x20/0x20 [ 455.077950] ? finish_task_switch+0x1d3/0x740 [ 455.082418] ? finish_task_switch+0x1aa/0x740 [ 455.086891] ? copy_overflow+0x20/0x20 [ 455.090771] ? find_held_lock+0x35/0x1d0 [ 455.094817] ? __fget+0x333/0x570 [ 455.098244] ? lock_downgrade+0x980/0x980 [ 455.102370] ? lock_release+0xa40/0xa40 [ 455.106324] ? __lock_is_held+0xb6/0x140 [ 455.110372] ? __fget+0x35c/0x570 [ 455.113809] ? iterate_fd+0x3f0/0x3f0 [ 455.117587] ? __fd_install+0x288/0x740 [ 455.121540] ? userfaultfd_read+0x220/0x220 [ 455.125836] do_vfs_ioctl+0x1b1/0x1520 [ 455.129693] ? do_vfs_ioctl+0x1b1/0x1520 [ 455.133737] ? ioctl_preallocate+0x2b0/0x2b0 [ 455.138126] ? selinux_capable+0x40/0x40 [ 455.142172] ? syscall_return_slowpath+0x2ad/0x550 [ 455.147082] ? security_file_ioctl+0x89/0xb0 [ 455.151467] SyS_ioctl+0x8f/0xc0 [ 455.154816] entry_SYSCALL_64_fastpath+0x29/0xa0 2018/01/17 19:07:27 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f00006e5000)=[@in={0x2, 0x1, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:27 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000b09000-0xd0)=""/208, &(0x7f00005c4000-0x4)=0xd0) 2018/01/17 19:07:27 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:27 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:27 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 455.159545] RIP: 0033:0x452e39 [ 455.162752] RSP: 002b:00007fefcf6b6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 455.170433] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 455.177677] RDX: 0000000020011000 RSI: 000000008010aa01 RDI: 0000000000000013 [ 455.184919] RBP: 0000000000000317 R08: 0000000000000000 R09: 0000000000000000 [ 455.192163] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2ac8 [ 455.199405] R13: 00000000ffffffff R14: 00007fefcf6b76d4 R15: 0000000000000000 2018/01/17 19:07:27 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(0xffffffffffffffff, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:27 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:27 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000533000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f00001ac000-0x4)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000548000-0x8)={0x0, 0x0, ""}, &(0x7f0000ae1000)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f000071c000)={0x200, 0x7ff, 0x0, 0x7fffffff, 0x1f, 0xfff, 0x5, 0xbf72, r4}, &(0x7f0000333000)=0x20) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r2, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) sendmsg$nl_route(r3, &(0x7f0000c40000)={&(0x7f000097f000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f000085c000-0x10)={&(0x7f0000452000)=@newneigh={0x2c, 0x1c, 0x112, 0x3, 0x2, {0xa, 0x0, 0x0, r1, 0x9, 0x80, 0x1}, [@NDA_LINK_NETNSID={0x8, 0xa, 0x5}, @NDA_MASTER={0x8, 0x9, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f000005f000-0x4)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000d87000)={{0x10000, 0x1, 0x8e0a, 0x81, "51b4b9db2b8cbeb062f116201e830b1ad4368bc43851353b41f1dfe6cdb1b7e2cb0fc997eb2431ea47b2bf54", 0x7}, 0x0, 0x0, 0x9b5e, r5, 0x7fff, 0x0, "4418004955287f1c9b662e948058cc13b11991d051c008fcf136b75679b22de83a71dbaf9ac4e3f66daee63dffa03ea52bb2390f85f57e457e030c99803d43a3", &(0x7f00006e6000)='\x00', 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x9, 0xfff, 0x18, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 2018/01/17 19:07:27 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000b41000)='net/if_inet6\x00') preadv(r0, &(0x7f0000218000)=[{&(0x7f0000198000-0xc5)=""/197, 0xc5}], 0x1, 0x0) 2018/01/17 19:07:27 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:27 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:27 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:27 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) fcntl$setstatus(r0, 0x4, 0x2800) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0xfffffcb4, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0xfffffffffffffe95, 0x400083f, &(0x7f000086d000)={0xa, 0x3, 0x9387, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x16}, 0x0}, 0x1c) 2018/01/17 19:07:27 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:27 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:27 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:27 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_open_dev$dmmidi(&(0x7f0000772000-0xd)='/dev/dmmidi#\x00', 0x6, 0x8800) [ 455.393416] FAULT_FLAG_ALLOW_RETRY missing 30 [ 455.398140] CPU: 0 PID: 22148 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 455.405495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 455.414824] Call Trace: [ 455.417391] dump_stack+0x194/0x257 [ 455.420994] ? arch_local_irq_restore+0x53/0x53 [ 455.425645] ? handle_userfault+0x12b7/0x24c0 [ 455.430127] handle_userfault+0x12fa/0x24c0 [ 455.430366] FAULT_FLAG_ALLOW_RETRY missing 30 [ 455.438911] ? handle_userfault+0x150b/0x24c0 [ 455.443407] ? userfaultfd_ioctl+0x4520/0x4520 [ 455.447971] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 455.453139] ? __lock_is_held+0xb6/0x140 [ 455.457200] ? print_irqtrace_events+0x270/0x270 [ 455.461941] ? print_irqtrace_events+0x270/0x270 [ 455.466680] ? get_user_pages_fast+0x277/0x340 [ 455.471251] ? perf_event_sync_stat+0x5b0/0x5b0 [ 455.475903] ? __perf_event_task_sched_in+0x200/0xc20 [ 455.481087] ? __lock_acquire+0x664/0x3e00 [ 455.485306] ? check_noncircular+0x20/0x20 [ 455.489518] ? __lock_acquire+0x664/0x3e00 [ 455.493754] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 455.498927] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 455.504106] ? find_held_lock+0x35/0x1d0 [ 455.508160] ? __handle_mm_fault+0x3296/0x3ce0 [ 455.512728] ? lock_downgrade+0x980/0x980 [ 455.516862] ? lock_release+0xa40/0xa40 [ 455.520823] ? copy_overflow+0x20/0x20 [ 455.524696] ? do_raw_spin_trylock+0x190/0x190 [ 455.529265] ? userfaultfd_ctx_put+0x740/0x740 [ 455.533847] __handle_mm_fault+0x32a3/0x3ce0 [ 455.538247] ? __pmd_alloc+0x4e0/0x4e0 [ 455.542114] ? print_irqtrace_events+0x270/0x270 [ 455.546863] ? find_held_lock+0x35/0x1d0 [ 455.550916] ? handle_mm_fault+0x248/0x8d0 [ 455.555132] ? lock_downgrade+0x980/0x980 [ 455.559296] handle_mm_fault+0x334/0x8d0 [ 455.563338] ? down_read+0x96/0x150 [ 455.566952] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 455.571514] ? vmacache_find+0x5f/0x280 [ 455.575476] ? find_vma+0x30/0x150 [ 455.579005] __do_page_fault+0x5c9/0xc90 [ 455.583061] ? mm_fault_error+0x2c0/0x2c0 [ 455.587195] ? find_held_lock+0x35/0x1d0 [ 455.591250] do_page_fault+0xee/0x720 [ 455.595038] ? __do_page_fault+0xc90/0xc90 [ 455.599258] ? lock_release+0xa40/0xa40 [ 455.603221] ? do_raw_spin_trylock+0x190/0x190 [ 455.607799] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 455.612637] page_fault+0x2c/0x60 [ 455.616074] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 455.621849] RSP: 0018:ffff8801cf1cf928 EFLAGS: 00010246 [ 455.627193] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 455.634446] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801cf1cfd28 [ 455.641695] RBP: ffff8801cf1cfa08 R08: 0000000000000000 R09: 1ffff10039e39ee7 [ 455.648942] R10: ffff8801cf1cf858 R11: 0000000000000003 R12: 1ffff10039e39f28 [ 455.656190] R13: ffff8801cf1cf9e0 R14: 0000000000000000 R15: ffff8801cf1cfd20 [ 455.663457] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 455.668635] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 455.673809] ? iov_iter_revert+0x9d0/0x9d0 [ 455.678034] ? mark_held_locks+0xaf/0x100 [ 455.682161] ? simple_xattr_get+0xeb/0x160 [ 455.686381] ? current_kernel_time64+0x122/0x2f0 [ 455.691124] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 455.696125] generic_perform_write+0x200/0x600 [ 455.700711] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 455.705968] ? generic_update_time+0x1b2/0x270 [ 455.710532] ? __mnt_drop_write_file+0xd/0x70 [ 455.715012] ? file_update_time+0xbf/0x470 [ 455.719234] ? current_time+0xc0/0xc0 [ 455.723024] ? down_write+0x87/0x120 [ 455.726729] __generic_file_write_iter+0x366/0x5b0 [ 455.731637] ? check_noncircular+0x20/0x20 [ 455.735861] generic_file_write_iter+0x399/0x790 [ 455.740609] ? __generic_file_write_iter+0x5b0/0x5b0 [ 455.745700] ? iov_iter_init+0xaf/0x1d0 [ 455.749663] __vfs_write+0x684/0x970 [ 455.753362] ? lock_acquire+0x1d5/0x580 [ 455.757324] ? kernel_read+0x120/0x120 [ 455.761231] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 455.765968] ? __sb_start_write+0x209/0x2a0 [ 455.770279] vfs_write+0x189/0x510 [ 455.773807] SyS_write+0xef/0x220 [ 455.777250] ? SyS_read+0x220/0x220 [ 455.780855] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 455.785854] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 455.790602] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 455.795343] RIP: 0033:0x452e39 [ 455.798513] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 455.806203] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 455.813451] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 455.820700] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 455.827949] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 455.835200] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 [ 455.842480] CPU: 1 PID: 22154 Comm: syz-executor1 Not tainted 4.15.0-rc8+ #265 [ 455.849854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 455.859193] Call Trace: [ 455.861767] dump_stack+0x194/0x257 [ 455.862727] FAULT_FLAG_ALLOW_RETRY missing 30 [ 455.869856] ? arch_local_irq_restore+0x53/0x53 [ 455.874515] ? handle_userfault+0x12b7/0x24c0 [ 455.878999] handle_userfault+0x12fa/0x24c0 [ 455.883304] ? handle_userfault+0x150b/0x24c0 [ 455.887796] ? userfaultfd_ioctl+0x4520/0x4520 [ 455.892363] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 455.897536] ? __lock_is_held+0xb6/0x140 [ 455.901597] ? print_irqtrace_events+0x270/0x270 [ 455.906336] ? print_irqtrace_events+0x270/0x270 [ 455.911074] ? get_user_pages_fast+0x277/0x340 [ 455.915647] ? perf_event_sync_stat+0x5b0/0x5b0 [ 455.920300] ? __perf_event_task_sched_in+0x200/0xc20 [ 455.925487] ? __lock_acquire+0x664/0x3e00 [ 455.929703] ? check_noncircular+0x20/0x20 [ 455.933924] ? __lock_acquire+0x664/0x3e00 [ 455.938161] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 455.943334] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 455.948531] ? find_held_lock+0x35/0x1d0 [ 455.952586] ? __handle_mm_fault+0x3296/0x3ce0 [ 455.957153] ? lock_downgrade+0x980/0x980 [ 455.961286] ? lock_release+0xa40/0xa40 [ 455.965243] ? copy_overflow+0x20/0x20 [ 455.969114] ? do_raw_spin_trylock+0x190/0x190 [ 455.973679] ? userfaultfd_ctx_put+0x740/0x740 [ 455.978259] __handle_mm_fault+0x32a3/0x3ce0 [ 455.982660] ? __pmd_alloc+0x4e0/0x4e0 [ 455.986532] ? print_irqtrace_events+0x270/0x270 [ 455.991280] ? find_held_lock+0x35/0x1d0 [ 455.995342] ? handle_mm_fault+0x248/0x8d0 [ 455.999563] ? lock_downgrade+0x980/0x980 [ 456.003730] handle_mm_fault+0x334/0x8d0 [ 456.007776] ? down_read+0x96/0x150 [ 456.011389] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 456.015951] ? vmacache_find+0x5f/0x280 [ 456.019913] ? find_vma+0x30/0x150 [ 456.023445] __do_page_fault+0x5c9/0xc90 [ 456.027516] ? mm_fault_error+0x2c0/0x2c0 [ 456.031649] ? find_held_lock+0x35/0x1d0 [ 456.035702] do_page_fault+0xee/0x720 [ 456.039488] ? __do_page_fault+0xc90/0xc90 [ 456.043711] ? lock_release+0xa40/0xa40 [ 456.047676] ? do_raw_spin_trylock+0x190/0x190 [ 456.052257] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 456.057094] page_fault+0x2c/0x60 [ 456.060531] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 456.066305] RSP: 0018:ffff8801b0c47928 EFLAGS: 00010246 [ 456.071649] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 456.078898] RDX: 000000000000010b RSI: ffffc90003b70000 RDI: ffff8801b0c47d28 [ 456.086148] RBP: ffff8801b0c47a08 R08: 0000000000000000 R09: 1ffff10036188ee7 [ 456.093399] R10: ffff8801b0c47858 R11: 0000000000000003 R12: 1ffff10036188f28 [ 456.100648] R13: ffff8801b0c479e0 R14: 0000000000000000 R15: ffff8801b0c47d20 [ 456.107916] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 456.113095] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 456.118269] ? iov_iter_revert+0x9d0/0x9d0 [ 456.122493] ? mark_held_locks+0xaf/0x100 [ 456.126622] ? simple_xattr_get+0xeb/0x160 [ 456.131015] ? current_kernel_time64+0x122/0x2f0 [ 456.135759] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 456.140764] generic_perform_write+0x200/0x600 [ 456.145356] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 456.150614] ? generic_update_time+0x1b2/0x270 [ 456.155183] ? __mnt_drop_write_file+0xd/0x70 [ 456.159662] ? file_update_time+0xbf/0x470 [ 456.163883] ? current_time+0xc0/0xc0 [ 456.167672] ? down_write+0x87/0x120 [ 456.171378] __generic_file_write_iter+0x366/0x5b0 [ 456.176288] ? check_noncircular+0x20/0x20 [ 456.180511] generic_file_write_iter+0x399/0x790 [ 456.185260] ? __generic_file_write_iter+0x5b0/0x5b0 [ 456.190771] ? iov_iter_init+0xaf/0x1d0 [ 456.194737] __vfs_write+0x684/0x970 [ 456.198432] ? lock_acquire+0x1d5/0x580 [ 456.202393] ? kernel_read+0x120/0x120 [ 456.206295] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 456.211032] ? __sb_start_write+0x209/0x2a0 [ 456.215340] vfs_write+0x189/0x510 [ 456.218870] SyS_write+0xef/0x220 [ 456.222318] ? SyS_read+0x220/0x220 [ 456.225927] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 456.230926] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 456.235679] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 456.240416] RIP: 0033:0x452e39 [ 456.243586] RSP: 002b:00007f0774425c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 456.251274] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 456.258523] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 456.265772] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 456.273021] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 456.280271] R13: 00000000ffffffff R14: 00007f07744266d4 R15: 0000000000000000 [ 456.287551] CPU: 0 PID: 22148 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 456.294900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 456.304233] Call Trace: [ 456.306799] dump_stack+0x194/0x257 [ 456.310405] ? arch_local_irq_restore+0x53/0x53 [ 456.315052] ? handle_userfault+0x12b7/0x24c0 [ 456.319525] handle_userfault+0x12fa/0x24c0 [ 456.323817] ? handle_userfault+0x150b/0x24c0 [ 456.328317] ? userfaultfd_ioctl+0x4520/0x4520 [ 456.332873] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 456.338039] ? find_held_lock+0x35/0x1d0 [ 456.342074] ? check_noncircular+0x20/0x20 [ 456.346290] ? print_irqtrace_events+0x270/0x270 [ 456.351029] ? print_irqtrace_events+0x270/0x270 [ 456.355766] ? perf_event_sync_stat+0x5b0/0x5b0 [ 456.360408] ? __perf_event_task_sched_in+0x200/0xc20 [ 456.365571] ? __update_idle_core+0x305/0x600 [ 456.370047] ? __lock_acquire+0x664/0x3e00 [ 456.374253] ? check_noncircular+0x20/0x20 [ 456.378462] ? __lock_acquire+0x664/0x3e00 [ 456.382685] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 456.387848] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 456.393023] ? find_held_lock+0x35/0x1d0 [ 456.397071] ? __handle_mm_fault+0x3296/0x3ce0 [ 456.401630] ? lock_downgrade+0x980/0x980 [ 456.405755] ? lock_release+0xa40/0xa40 [ 456.409705] ? copy_overflow+0x20/0x20 [ 456.413569] ? do_raw_spin_trylock+0x190/0x190 [ 456.418125] ? userfaultfd_ctx_put+0x740/0x740 [ 456.422692] __handle_mm_fault+0x32a3/0x3ce0 [ 456.427080] ? __pmd_alloc+0x4e0/0x4e0 [ 456.430942] ? print_irqtrace_events+0x270/0x270 [ 456.435678] ? find_held_lock+0x35/0x1d0 [ 456.439719] ? handle_mm_fault+0x248/0x8d0 [ 456.443928] ? lock_downgrade+0x980/0x980 [ 456.448078] handle_mm_fault+0x334/0x8d0 [ 456.452111] ? down_read+0x96/0x150 [ 456.455711] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 456.460268] ? vmacache_find+0x5f/0x280 [ 456.464222] ? find_vma+0x30/0x150 [ 456.467742] __do_page_fault+0x5c9/0xc90 [ 456.471788] ? mm_fault_error+0x2c0/0x2c0 [ 456.475910] ? find_held_lock+0x35/0x1d0 [ 456.479952] do_page_fault+0xee/0x720 [ 456.483729] ? __do_page_fault+0xc90/0xc90 [ 456.487951] ? lock_release+0xa40/0xa40 [ 456.491906] ? do_raw_spin_trylock+0x190/0x190 [ 456.496473] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 456.501305] page_fault+0x2c/0x60 [ 456.504737] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 456.510503] RSP: 0018:ffff8801cf1cf928 EFLAGS: 00010246 [ 456.515842] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 456.523085] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801cf1cfd28 [ 456.530331] RBP: ffff8801cf1cfa08 R08: 0000000000000000 R09: 1ffff10039e39ee7 [ 456.537581] R10: ffff8801cf1cf858 R11: 0000000000000003 R12: 1ffff10039e39f28 [ 456.544824] R13: ffff8801cf1cf9e0 R14: 0000000000000000 R15: ffff8801cf1cfd20 [ 456.552079] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 456.557250] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 456.562416] ? iov_iter_revert+0x9d0/0x9d0 [ 456.566630] ? mark_held_locks+0xaf/0x100 [ 456.570749] ? simple_xattr_get+0xeb/0x160 [ 456.574958] ? current_kernel_time64+0x122/0x2f0 [ 456.579688] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 456.584691] generic_perform_write+0x200/0x600 [ 456.589263] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 456.594514] ? generic_update_time+0x1b2/0x270 [ 456.599070] ? __mnt_drop_write_file+0xd/0x70 [ 456.603541] ? file_update_time+0xbf/0x470 [ 456.607752] ? current_time+0xc0/0xc0 [ 456.611532] ? down_write+0x87/0x120 [ 456.615224] __generic_file_write_iter+0x366/0x5b0 [ 456.620124] ? check_noncircular+0x20/0x20 [ 456.624341] generic_file_write_iter+0x399/0x790 [ 456.629076] ? __generic_file_write_iter+0x5b0/0x5b0 [ 456.634157] ? iov_iter_init+0xaf/0x1d0 [ 456.638113] __vfs_write+0x684/0x970 [ 456.641800] ? lock_acquire+0x1d5/0x580 [ 456.645752] ? kernel_read+0x120/0x120 [ 456.649637] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 456.654366] ? __sb_start_write+0x209/0x2a0 [ 456.658667] vfs_write+0x189/0x510 [ 456.662186] SyS_write+0xef/0x220 [ 456.665615] ? SyS_read+0x220/0x220 [ 456.669216] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 456.674209] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 456.678945] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 456.683671] RIP: 0033:0x452e39 [ 456.686835] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 2018/01/17 19:07:28 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:28 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:28 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:28 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:28 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000d7000-0x4)=0x0, &(0x7f00008c7000-0x4)=0x4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r1, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:28 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000368000)='/dev/usbmon#\x00', 0x1000, 0x28000) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00008d9000-0x20)={0x7, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r0, 0x40106436, &(0x7f00009aa000-0x10)={r1, 0x7ba}) r2 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) recvfrom(r3, &(0x7f00001bf000)=""/92, 0xfffffffffffffeab, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x2, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000e38000-0x50)={@common='irlan0\x00', @ifru_map={0x7, 0x5, 0x10000, 0x9, 0x200, 0xffffffffffffffca}}) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r2, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:28 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:28 executing program 1: socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000297000-0x8)={0x0, 0x0}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r1 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000bc0000-0x12)={@generic="58ec55238c7dd5f7d1fb82892b659a58", 0x3f}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = userfaultfd(0x0) r3 = syz_open_dev$adsp(&(0x7f0000321000-0xb)='/dev/adsp#\x00', 0x8, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f000069d000-0x15)=[@in={0x2, 0x3, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x3, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x1, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}], 0x30) sendmsg(r1, &(0x7f0000368000-0x38)={&(0x7f00002df000-0x10)=@nfc={0x27, 0x2, 0x58, 0x3}, 0x10, &(0x7f000091b000)=[{&(0x7f0000268000-0x60)="4af5756beb93c594cff4ffbed33d5646fdff319d57b19e245830e8b2d61410bf318ecc267953b63f65dbf5ea63be740db38eda012bdbe2d7902325d618284d6f886bb204820ea480135d93dcee4fc051c592aa7c949cbe32f7591d846b7bfdb5", 0x60}, {&(0x7f0000871000-0x3)="9f891f", 0x3}, {&(0x7f000067c000-0xaa)="ee2dd867448e7c13eb417ca020f56a0b3ea4d93041f8dca55bcd01e8e98ab5ceb8472a39eedef32aeac42c26f4e5d1e5c8975c58222be411d3bbe15c210521e8cdcc7dd6fcebe18cd07e8ddfa57b70a1f409db5db2914fdc5ef14447cd78c4df40d941d00b3688cb5e8863edf4371087af3a21674058b8d0a2f90464cb97f3623f821aab16bf1f81319a1ca8b9de5a2914c1fcd866fbc00c9ce2364b88cf31ec40ac11ff4d43714f56f9", 0xaa}, {&(0x7f0000e2d000-0x6b)="ef6ff80c28dba70bd7a3226bc15bcf56be6cb8cb1d408533eded79006c3da87bf75e6748b52db8999339813a45f59b336844bef6773dd343dfc2043d79aaa007a21dd45c4168b9cea87aaa1972c6ef794959a8f9626a58da565e74739d6c4d7dd27a27528128d62b1221b7", 0x6b}, {&(0x7f0000bd8000-0x86)="23641ffcd78620bd5b17561168a75034e6dcaa91baf1a4447b947ee6fce2c21b7feed60b50131e82af6a7b2105fb8f97b40a7d773b910c3e098d13d423c0efa501a35c9bf63570cb922aa4f1cd5c5eb560bbc9c006606eb89d04e4d7399922de0a0e51a5b270fd6f88fafe2d69d96f999c4fe26123f3673c906e80e9633f683497fa69d93b3d", 0x86}, {&(0x7f000094f000)="b43d631984616ae7df4cc1ade4edfaa4150adbb8d2d4d3479fc84194a3100076a80e8d5a49363ca19197d3ca52d775d72ba9daf563c64daf39357f0262b79b6d6995fc7e5db92ae10a026713d3c1c310b601e604a24f72b3f306dd27d9635cef86d7afabd725ce72b521973f32535ed75be05b316154297d5d0aaebb36478ee280d80736f1d569a10a7b07341beef3456029f815c791583f2e79249c9d9919ea62f9979c8a22034b0eef9c3e5440e36e06afeabd701b4e0bf44e7c4ebbaaae083f2fff937f32e455779b903dcd7b142e", 0xd0}], 0x6, &(0x7f000073d000-0xc0)=[{0xc0, 0x29, 0x5, "1f61ba3b63317d89c443b950e41c044e51a73b17734cce42b0c3e5c97014fb5905337210f5adfb28179cf26ec601c094937e3c5a546da170abab4a10d1e232b59cba16da3a142c00706b3a9908db986a0a4d0f74f54cfcc012c96de7fa90543254be9bf13b2d497045d26139ad3f6b9f55d5a8905d076d535a586151cf82852922f056fcaf774e5bffdd81494424b7bedd951b63a3420ff8e90f85b832bf9c7fd7d8b999a90a5635f6"}], 0xc0, 0x40}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000814000/0x2000)=nil, 0x2000}, 0x1, 0x0}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f0000b5a000)=0x1d38, 0x4) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r1, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r1, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r2, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) [ 456.694516] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 456.701758] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 456.709000] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 456.716246] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 456.723494] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:28 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:28 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:28 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:28 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:28 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:28 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:28 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:28 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000197000-0xd)='/selinux/access\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00004c0000)={0x8, 0x0}) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:28 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 456.879466] FAULT_FLAG_ALLOW_RETRY missing 30 [ 456.884189] CPU: 1 PID: 22192 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 456.891557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 456.900905] Call Trace: [ 456.903501] dump_stack+0x194/0x257 [ 456.907138] ? arch_local_irq_restore+0x53/0x53 [ 456.911811] ? handle_userfault+0x12b7/0x24c0 [ 456.916308] handle_userfault+0x12fa/0x24c0 [ 456.920629] ? handle_userfault+0x150b/0x24c0 [ 456.925136] ? userfaultfd_ioctl+0x4520/0x4520 [ 456.929715] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 456.934898] ? __lock_is_held+0xb6/0x140 [ 456.938944] ? print_irqtrace_events+0x270/0x270 [ 456.943676] ? print_irqtrace_events+0x270/0x270 [ 456.948411] ? get_user_pages_fast+0x277/0x340 [ 456.952974] ? switched_to_fair+0xb0/0xb0 [ 456.957095] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 456.962088] ? trace_hardirqs_on+0xd/0x10 [ 456.966210] ? get_user_pages_fast+0x14e/0x340 [ 456.970766] ? pick_next_entity+0x197/0x400 [ 456.975065] ? __lock_acquire+0x664/0x3e00 [ 456.979271] ? check_noncircular+0x20/0x20 [ 456.983478] ? __lock_acquire+0x664/0x3e00 [ 456.987700] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 456.992863] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 456.998043] ? find_held_lock+0x35/0x1d0 [ 457.002093] ? __handle_mm_fault+0x3296/0x3ce0 [ 457.006648] ? lock_downgrade+0x980/0x980 [ 457.010774] ? lock_release+0xa40/0xa40 [ 457.014722] ? copy_overflow+0x20/0x20 [ 457.018587] ? do_raw_spin_trylock+0x190/0x190 [ 457.023144] ? userfaultfd_ctx_put+0x740/0x740 [ 457.027709] __handle_mm_fault+0x32a3/0x3ce0 [ 457.032098] ? __pmd_alloc+0x4e0/0x4e0 [ 457.035960] ? print_irqtrace_events+0x270/0x270 [ 457.040695] ? find_held_lock+0x35/0x1d0 [ 457.044739] ? handle_mm_fault+0x248/0x8d0 [ 457.048947] ? lock_downgrade+0x980/0x980 [ 457.053089] handle_mm_fault+0x334/0x8d0 [ 457.057123] ? down_read+0x96/0x150 [ 457.060725] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 457.065282] ? vmacache_find+0x5f/0x280 [ 457.069233] ? find_vma+0x30/0x150 [ 457.072754] __do_page_fault+0x5c9/0xc90 [ 457.076800] ? mm_fault_error+0x2c0/0x2c0 [ 457.080921] ? find_held_lock+0x35/0x1d0 [ 457.084961] do_page_fault+0xee/0x720 [ 457.088739] ? __do_page_fault+0xc90/0xc90 [ 457.092951] ? lock_release+0xa40/0xa40 [ 457.096901] ? do_raw_spin_trylock+0x190/0x190 [ 457.101465] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 457.106289] page_fault+0x2c/0x60 [ 457.109724] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 457.115494] RSP: 0018:ffff8801d4977928 EFLAGS: 00010246 [ 457.120836] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 457.128084] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d4977d28 [ 457.135327] RBP: ffff8801d4977a08 R08: 0000000000000000 R09: 1ffff1003a92eee7 [ 457.142572] R10: ffff8801d4977858 R11: 0000000000000003 R12: 1ffff1003a92ef28 [ 457.149821] R13: ffff8801d49779e0 R14: 0000000000000000 R15: ffff8801d4977d20 [ 457.157082] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 457.162252] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 457.167418] ? iov_iter_revert+0x9d0/0x9d0 [ 457.171630] ? mark_held_locks+0xaf/0x100 [ 457.175752] ? simple_xattr_get+0xeb/0x160 [ 457.179959] ? current_kernel_time64+0x122/0x2f0 [ 457.184691] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 457.189686] generic_perform_write+0x200/0x600 [ 457.194253] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 457.199503] ? generic_update_time+0x1b2/0x270 [ 457.204062] ? __mnt_drop_write_file+0xd/0x70 [ 457.208529] ? file_update_time+0xbf/0x470 [ 457.212742] ? current_time+0xc0/0xc0 [ 457.216520] ? down_write+0x87/0x120 [ 457.220211] __generic_file_write_iter+0x366/0x5b0 [ 457.225114] ? check_noncircular+0x20/0x20 [ 457.229325] generic_file_write_iter+0x399/0x790 [ 457.234072] ? __generic_file_write_iter+0x5b0/0x5b0 [ 457.239159] ? iov_iter_init+0xaf/0x1d0 [ 457.243110] __vfs_write+0x684/0x970 [ 457.246796] ? lock_acquire+0x1d5/0x580 [ 457.250749] ? kernel_read+0x120/0x120 [ 457.254641] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 457.259369] ? __sb_start_write+0x209/0x2a0 [ 457.263665] vfs_write+0x189/0x510 [ 457.267181] SyS_write+0xef/0x220 [ 457.270616] ? SyS_read+0x220/0x220 [ 457.274221] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 457.279212] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 457.283949] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 457.288676] RIP: 0033:0x452e39 [ 457.291835] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 457.299514] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 457.306755] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 457.313997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 457.321246] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 2018/01/17 19:07:29 executing program 6: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x40800, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in=@multicast1=0x0, @in6=@mcast2={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in=@remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0}, 0x0, @in6=@local={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000001000)=0xe8) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendmsg$netrom(r1, &(0x7f00001d1000-0x38)={&(0x7f0000000000)=@full={{0x3, {"798cdcbf02f9cf"}, 0x5}, [{"37ade92d1b88c5"}, {"35dfbbb2d016e8"}, {"e1c5cd94f80d4a"}, {"51e29807c9abdd"}, {"a3c89eee22911e"}, {"a81a5f0a253436"}, {"8d5a359468c737"}, {"d0d7a09cc03e52"}]}, 0x48, &(0x7f0000d36000-0x10)=[{&(0x7f0000c63000-0x32)="d41184ba644b87af26c7c1a21d3753f9ba3f722ce8968ef27ac61545a91de4ca3e96e64a3149ef6fac0fdc36f533ae4d7272", 0x32}], 0x1, &(0x7f0000001000-0x11b8)=[{0x1010, 0x103, 0x8b98, "b743015ebcdb8cafd882bd985910f3c0708829b3248bfbd5b5bf0767a2508455502c646d8119be1bd3f02b398964d1159522b807850c45f8d464b345a2568604c19c17eaddc208103625cc7b96240fcb60255ca507fd403074449b232fa793b6a55e6268f460c6ebb5109b1f9592a942dfb3d9cdbd5d72989e3728fad6272c64950ddc538054c1b20b95442e5e560e57af04e55f76fce67a6aa3db8ecad41215d630e34bf5b6c2694d1c4e4a3642cf590bb76b6cd3c8527948e5864757b06d60856432b8d7f105e5a0bc8c82a42675e81aa02f33898bcd1e91422a69c1a0774436345fb58f767c2c140ccbbadd36156b07b3777e1fa92f0295e48140ed6e709adb7ba7adef903e7d5889720483537d9aee8c457d4e11c9b15af594259ae897d2d79e243fa8599df3227f9449a30c08a0a8bb9395515bfd5cb90efd15db3a20df637ec463652e7a3891570e1eed6d292b91fd5b71c18624abe0f0340097d8f0072368ee6816e506151a15963577c6c5c088c4669c3fe6b3342287c4f59a8a5fa889621ae09cd9708f2e4a33452a86bf546b83303d4d956dfe1550e339f7c9d6485085cb0e4a9739598a6452e1a709d2f09bfdd1bf806f439f2850161d35627b99481de5e6a480b18095d1ab152d5ee64d1c383449a1594d12c6658a207bb17133b88ff212cc905579fc8221930d8a3e6567c752422a0c1e968c1f32fff1b57264f961e90ce7e6e0a27c66b459e1892eaeec515f230521644f0213edbe8b337a455c90aa7cd147cb092387de2ab48c625de71d474124729833da6cb0dd3913b8187cdeb1c7439ecd704b6729dc8a83226218653b5fce6ee26d532670643e7338e16f935c174d4d35fd2d9e898e108b9961904d1c12f312bbbcd4217c3985fb1b16eded31e7b6fe0287254ec04d5a6b9ff5cb416aa0ede2d145f3e18fd69bb08a81f0836e0d0056a6a324e2cc795d0794376dad2ad30c8ac8ae9d268781893ac0774efe66c61f475af8afc46facb0dea55b4c21eaa243161850b7bdcb813c5ac27c5af88bb49d620b59a70a93e976890820379dee680eb20ac01cd711eb671fa015964b1248f9ed766cb3db696942c10e7d1c64cebcd43960288802ad0b0a4ee9b4131e0a36140b07040c8e9591e4011c94e58bc433089f665d4c4ef1a0ca2bd1989247d2d7b8a09fad40a5278e144f7ebfcbf45dd07073a16354cca7164afa1efddec0122bf00ceb3af6c52bf4b8bc0e266eb410aa2917ff90f3c1c42376a85d70ffb48cc46c9006dd3b696b20458e9bc4d180828242b45abb9522649c887a4a037490a5cfce671a639c02007d43c5dc1b7f4bf430942401879458e264524e0fb8a05b1540b813a0e2c4345bfe484ffb493cb49ba6add37c7d8073ba093710872ebe6701877cb4a5479aea03f508fcae2dff8b36d94a0a6021aa8a448bb24dd259a602ac3800480b95246fb8b8f53a0f3c13680a93b73c8c9ebdcaf99fccbe5a569b014a723d85baf5f93318da69f19c06ec4768ab90621dce6997ae10435534d423d89d91c45d1862df6de1fe2b09913960e589fde4d7372ccc72a5194386b37721b50044b751161dca0826889f79a90a4f3de3184d545bee4de483b72832016bb71831e1f1f5202217d1ec78b0d806458d47f6b03705c4e04aec47a533fea618a28248c6211024a522beffee1faadd6369afef733eb0d46e890d663ef07ca64bafdb63417ec9222e261de7f3efebaf9f05bd6e085273cf7404416ee1fa6465e8366d9b52a4af5aa1cb41c11474d60552702808ee6a4ef998282ac19ea6927e9eb06e99362ff1ae84047604a29246854006d1d6b8c2c9f6a9bbabf042f2b6b25e3a792f29db12353c632c77a97e7119a77886a48e8956d671b2c5b555352c6df6fe77fc050e9cbcc4d8fd80259a4c766c711141ac43cf1d3539f159491ecb1e2884732d83eb5a44eb0736dce7da5204cfdcf071d57e17799f20771431d7892dbc295974f8235459687ce37668b944c7e7f67c4c398057526c710871b6a48271988c601eaf51d6b20486727a5bf4b2be710c0053b83ac2747872c9d549e83da8bc237cdbdf802aebcb33b5011ffaffa31400bf858c597d5915f0ea415d9b4c5cae549281db9858510bde7061b46f96283769b8f0de06ff6aefc430dd498fbfda79e216f8d65684b1969b28a7046483aefeeaa59e2d5b307842dde7db56f0a2ff259c1b128ecc62abbade17aa3891eeffee13d61fdcfc578fb5b01d36aeb905a0d70f790d21422f9d705cb5bbbd52e35a6d82345046106fbd664f1d8832726ca51c6f1d4942f44f6442a4f2a94e842e0732908e07e5bf78f801b600d5a8a535a99fd12663ae5a380d73d238527e22738f19049104045b4122c3ff2af4b9bded19eabf940d109799ba32da53079cc035bbd17d165e028689027f772c8bbde2a729df270d440a0a50e03e81995275c29148f7fa07942834dc1838afb76c2951fc6a5b2d31a1778179a071e6dc62f135a291eaf54a43b9e05d399bf7251595b215aecbbab27f11ef2ba58daec31efcf46c224429d28a36872af23ba4016798810acf5dd94de71cf67d5f9e60c5dbca419f4104e20a2465029bd7b0fb4cf9a49cf7d6355baf28c48c57f95bf77132ab85bf571000176777703cc8c59a1d546250d1820bdb1b6a7f38bff4c2dd53bf1b79f8adacee45d60c0bebf920ed95359c04368c42abc0b7e2f7f4b45c2e2daa5419bfdc212576b5ec0430a9c039888e88aa8f6a8e91009713a01705fbc07f4f8e05335a8afc014151e0b5cff323349d2568df5d3f45ab99495dca740ab653146510e67705cf99e2c22283ef00b695ca29feef4e71506effb87c8d44941c251f256e18e361d87a6a22cfd3e6117a58930673a73a1e4a14f9948f9361c00d718109477087bbcb0d6bb9d464a41857830d063a9c2945c004b20a6072f626f0a5216297251fcf1d5fd9409950925089a12277179d4e959664e6bdbe53a6b6215d00693ac52e40ee4b8e2fc4f646be8bd4bac16b5f393a27f8edbefc21d363ed4222b8e5fecf6cb07948c5b0b002d2a9b8aaafbd781e49c800d4a26fb7a6d73798cec68a0324a018cb9cb43a87aa647965db6459b997ec9a3397f71ba2a10576f445e06b05fcecc3e247a7835e7d551849b1c2fbab50c9a8464335a044f774e5cd8221546f11eecd4c9158c156cc2a0a8cfcb99ab985492c32483dfa2ff7c2390914ed9c8e09520255725bf99e5043bf10dfdc138703a3f6e68a02bc8905c06582f5543c2f78b834a917801d9213d9ec982f63b17150afc80f187509b4a225b1a9f9cf988294234c552de6e678aba6de5dcf725e02804c00bfd75ab939c2792deb935819a88743e0d91dc71af7ef9edb37f3b37ee990e8f26d5d7d5a6a84f582aad1ae2e8da4620cb12e75e9ef5d776554daa3c3b45ca9b998963f43104f62978482eb4fff7c0154ec65d63e4767a224303d6bbe6139804f4190280b34e3a1d6ab106023b1ca970302ab0733e4673c22ca5796b2ee10d8072d627f6677205ba8d8652abba8573e0f7f534e219a64e5091a6a8757e0b2bdae852e894d76b2fa57b5e0167977daabbfe11f4d6ea3ef304ac891bf7c061d9b539a691273ff9a11c30e9fe4106e1200a437376bb78b7d29f402a85d33996ebd64cdf3744b929dc92d00fe3f4a29771f48abd13af9f9b459bb7cd3f7bfe6f4e4914c0daa742b0cc7cbfd833e8b426459c66be1a62da04b3cd1c0f207ff53c7d258da6ead5a7cb8fc0f5c403b2306a45bf65e2631e2fe82db798fb00b4b57d36467bfbc8fe8df164e1d86b772c8e384790892d83090d560d803b9fb99899d9513653aa92329e5fd89ff25997730eca227ccdd70551f52f26f75906d7bc05debf290f1c0a7290647557e44833c95815ac15250f31230684aca13528722a3d9f2203fe321c205c7719c7dd8e1f58b7c81cb894b396911f7db2c5f331939d0106475de57d93bef0fa9652590a8fcc479f2e07d9b41ec70f054b25a74d19a906138bb46e86dd8afafff63f67724fccc45873c0af626b4ca17bca85529ba99f9d072a45290e8cc69f0bbee62cf697086c938f73a04a80649c46eccd8abda97c58fe55a3f516e9e303361b1bfc6152e36780cfb7b6f5b8c406e55a5953fc0f2ac73b56d6b0ed330e584243485725f488edf7a20ba95a5a3079385f4abecf91574492f8539dfed926a524e8dc49712144210e076ec8301c31b1883d8c0f3d81860c0d59594295bcabfa4477519463f9b0965bff8a3bf66a997867eadaa58e847f1f12a1459e88f362280cbe14e963ed6221fda460da4b9600a6d6996ccbb43a056c4fcd00c1a74459df499b1d870943dea9aa86777895f0d1f564ccc307c275bebd552fa0edf1aa864914cfd8abf9f8c43e8a0473a9a368e721495097e60ff7bdd7f0336c1397f732b7d11145d36403411d37b318671de566f592106b6f38ee676a4648c91a3161b05e3d531da7790eb05d88f8a9177bc252aad5c55b3672348c8a53671c86ee4a61edd3783a6937f0a1b2493fe183d48cc2a9adedfb1586a1f2e82c40c6dc73f19ce145b51f22e2b8457d9a3f6f01a861b32b68f204eb79e116809e339505b315c40d3159335012efc1f051ccbf3bb5a3dc9427fc105c9528af3dcc927b7604e4e88aed49b3361cbb12a766b33a73218200c8359cf9b4a2fc773b7323f80b6c8e34607f669bb6632748cf9ecc8ae7c6f939890640f4145ec559ad68c39593831881367acca11b4b9bcdc4596a44a02f14b11ae5b5f5012e242653508df2a5c5c3b55e4b012e160558af75e4a8c81fba2906b06a97148766f104575485a895fadcd6619bf47975ff053606984e127d290870c5a9630a6ac12204c3d93d672ff4f6cd5291152cdd763f08e50e14067ef23aebedb868dad612d78db8ec8e68f0009b2bce58840af1bc8f0e86779fe1015ce88de3de033fccdc5f1143d33e2485eb9b64e93674fe663e6d48975055fa8ace771ca9579aad3f6f3db70d57287d9c6ec40c2ed7705336412e16a6efc83bd5d0356e20ea280882c7640fb5afba41294c482735b101e66ad5f72d8542d1fc3817ae3fccae0b65c947f9335628f80f10a472f37df067d5581e0f5ba5ace30f8bfe1c90f92145623f9fcabad075af08cda3914cbdc90aaf58ee90562407b1583e4bc66a9be7a7dcd2500ac4ff32f56a7f541408505b781e1dcb45aabedddc0e4e86ccc24b2e5f0c3bebadb28b26492c1427bf418585720f046385608ec84cd70a98dc1816a338fb3cd53406f9186a379e6634e2bcff0e3c3ed953e4c56bf4e586d57790cdeec3f333d013f944df30aa22730d36bb46fbbab8cb8cbc9a4c7c5590584e364aae91ab60aacae79c0e6cecd8c53064f02181f3e52010fff04d38ac4229316dba0cd285d9d8441632e7a694bfc77d26b3d5f95afb3b1ce199e51ebbf98aff739037b5ed504bfc87bbc8e7e7af4ddbab7115d16b88a909e98512d823c4c481071b7a00b47a80cd4d283828591470e6a77e42d47b7eeab2621183a0122a5fa459725ab2bf425565dbd9580fccc4bc8036e9f2835e400998da63bbcddd31689d9d1ea14f9c6cd314e30382736f815708033d07cf6a47d7a9621be56ae94b38d8da273b8a733d3899e8b11cbaf2acde4e3a5317d15ef08574b9fba1e089e1c77ce55d440385a33fddab495b149ae053abd92cb25849e249161a9192f1add32ae3d2d01e41668bead05085d7b3ac4a872590d75fdb7f219fb3aff5b004dbdf13b11e1d58fc5806bcbdc9dc8ea63"}, {0xb8, 0x113, 0x4f, "dd2c8a7f198455104c715c6274a4c60b4c819a4a784ffd8ba05261c2bbd8493d801b362b6266a85030bc310cac6601730bd90749288d0bfde8bdd4705a897642ce073fe2959ef0781a64b5742e2ea6811cbd4c96e7286ea0a84311d954972fb2eab4437d472fc4cd4e5684ca6394ceef35bcade71a45c1b9d767697aa7c3eba8ff6920f6dadf80124826a0f0a128289e7bafe389cdc7596a321eae361cd8ebde07264f93e6348da1"}, {0xf0, 0x11b, 0x10001, "5cfdd30c5622140e8ea9c8915595311bd25e7077bbe94258ffb9130eacf05c5826c7968522d55ca114b5f28c2bece3516af3c44004b084455a6acc86fe7a34204067e0d2b953b316aa17335d1742d0e147e12ee8a315ba456623ba9ce7cfb2afedf00a7f081de91b406e6ad312daa0cf5bb3a875ba086c6e6a5209234fe8c37e68b6aa6950fb830ebb660547959e2adc3e68acca111b71f49beda4bc38523b59670a2ed8b0136826fd4745d3087ce546de61711b071816981c13eb40692f385b02e7d62b640e0f5b022d201db7f8fa2f2bb7785ae3af12867b956f2a84fa6804"}], 0x11b8, 0x0}, 0x880) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) write$eventfd(r1, &(0x7f0000340000)=0x20, 0xe2) r2 = socket$inet6_sctp(0xa, 0x40000000001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) socketpair(0xb, 0x801, 0x8, &(0x7f0000ba7000-0x8)={0x0, 0x0}) sendto$inet6(r2, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:29 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:29 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:29 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000515000)=0x0) accept$nfc_llcp(r0, &(0x7f0000ec2000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/63, 0x0}, &(0x7f0000f8f000)=0x60) capget(&(0x7f0000fa2000)={0x20071026, r2}, &(0x7f0000d7a000-0x18)={0x40, 0x1, 0x10001, 0x15f, 0xfffffffffffffffc, 0x6}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000ac1000-0xf)={0x0, 0x7, "9bde58db9300d8"}, &(0x7f000088a000)=0xf) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000584000-0x6e)={r4, 0x66, "5ecda78069a1d39e9335f51b9b0138062e67c925dc37f48378c7487c5002747918ad2bbed2a065cfdf932146089ae5900f66a4e08b726a26d582282f8d62beeb9b8ee7ef7bafb3588bb3e7d03b297d3e3e5de406928e4dc44a9295569492df8ea2c47179ec36"}, &(0x7f0000ef2000-0x4)=0x6e) 2018/01/17 19:07:29 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:29 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:29 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 457.328499] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 2018/01/17 19:07:29 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000b7d000)={0x0, 0x2, 0xd18, 0x6}, &(0x7f0000372000-0x4)=0x10) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000d7d000-0x8)={r0, r0}) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00001db000)={r2, 0x0, 0x100}, &(0x7f0000c89000)=0x8) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) openat$audio(0xffffffffffffff9c, &(0x7f0000574000)='/dev/audio\x00', 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00005a3000-0xe8)={{{@in6=@local={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, @in=@multicast1=0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in6=@ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0], @dev={0x0, 0x0, 0xffffffffffffffff, 0x0}}, 0xffffffffffffffff, 0x0}, 0x0, @in6=@remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000879000-0x4)=0xe8) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) r4 = add_key(&(0x7f0000fd3000-0xd)='dns_resolver\x00', &(0x7f0000ba0000-0x5)={0x73, 0x79, 0x7a, 0x2, 0x0}, &(0x7f00003c2000-0x9b)="8956965b156986716f5196817df3a9026e5a0afb44e7ba14073d4e4b74988f05dbc32ad0f716169c9381914abbccc64c38df51a044d3a7cbb4615c2e0aeb4659cc3b80e759438cb4f9ff9ed8def5197a329e051fca57a9dc612f8afc681ea0cc6c6d655cd7c7c7d623fb02a3a791b789871a1514f53a8f3c27784e119f393017b5e4b90e3ffa8190dc97e593678212a824a8f861403837e3cc73db", 0x9b, 0xffffffffffffffff) add_key(&(0x7f0000453000-0x5)='ceph\x00', &(0x7f000058f000-0x5)={0x73, 0x79, 0x7a, 0x3, 0x0}, &(0x7f0000806000)="7402de63494ff4a81bcbd77bc4242ce0c79cfddff3", 0x15, r4) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) getsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f0000efa000-0x4)=0x502, &(0x7f0000638000)=0x4) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00004c0000)={r0, &(0x7f000046f000-0x1b)="b6fd3efdf78681d72d896ce225d7135cadd49e9c05e670399b5ced", &(0x7f0000db2000-0xbd)=""/189}, 0x18) 2018/01/17 19:07:29 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:29 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x9c1, 0x200, 0x7, 0x68}) [ 457.478224] FAULT_FLAG_ALLOW_RETRY missing 30 [ 457.482858] CPU: 1 PID: 22242 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 457.490203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.499534] Call Trace: [ 457.502102] dump_stack+0x194/0x257 [ 457.505725] ? arch_local_irq_restore+0x53/0x53 [ 457.510378] ? handle_userfault+0x12b7/0x24c0 [ 457.514853] handle_userfault+0x12fa/0x24c0 [ 457.518406] FAULT_FLAG_ALLOW_RETRY missing 30 [ 457.523631] ? handle_userfault+0x150b/0x24c0 [ 457.528125] ? userfaultfd_ioctl+0x4520/0x4520 [ 457.532687] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 457.537861] ? __lock_is_held+0xb6/0x140 [ 457.541921] ? print_irqtrace_events+0x270/0x270 [ 457.546658] ? print_irqtrace_events+0x270/0x270 [ 457.551399] ? get_user_pages_fast+0x277/0x340 [ 457.555963] ? switched_to_fair+0xb0/0xb0 [ 457.560093] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 457.565096] ? trace_hardirqs_on+0xd/0x10 [ 457.569224] ? get_user_pages_fast+0x14e/0x340 [ 457.573795] ? pick_next_entity+0x197/0x400 [ 457.578105] ? __lock_acquire+0x664/0x3e00 [ 457.582324] ? check_noncircular+0x20/0x20 [ 457.586536] ? __lock_acquire+0x664/0x3e00 [ 457.590776] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 457.595951] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 457.601130] ? find_held_lock+0x35/0x1d0 [ 457.605187] ? __handle_mm_fault+0x3296/0x3ce0 [ 457.609754] ? lock_downgrade+0x980/0x980 [ 457.613890] ? lock_release+0xa40/0xa40 [ 457.617848] ? copy_overflow+0x20/0x20 [ 457.621721] ? do_raw_spin_trylock+0x190/0x190 [ 457.626287] ? userfaultfd_ctx_put+0x740/0x740 [ 457.630870] __handle_mm_fault+0x32a3/0x3ce0 [ 457.635270] ? __pmd_alloc+0x4e0/0x4e0 [ 457.639142] ? print_irqtrace_events+0x270/0x270 [ 457.643889] ? find_held_lock+0x35/0x1d0 [ 457.647946] ? handle_mm_fault+0x248/0x8d0 [ 457.652165] ? lock_downgrade+0x980/0x980 [ 457.656331] handle_mm_fault+0x334/0x8d0 [ 457.660379] ? down_read+0x96/0x150 [ 457.663988] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 457.668549] ? vmacache_find+0x5f/0x280 [ 457.672513] ? find_vma+0x30/0x150 [ 457.676043] __do_page_fault+0x5c9/0xc90 [ 457.680096] ? mm_fault_error+0x2c0/0x2c0 [ 457.684228] ? find_held_lock+0x35/0x1d0 [ 457.688290] do_page_fault+0xee/0x720 [ 457.692075] ? __do_page_fault+0xc90/0xc90 [ 457.696309] ? lock_release+0xa40/0xa40 [ 457.700274] ? do_raw_spin_trylock+0x190/0x190 [ 457.704853] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 457.709694] page_fault+0x2c/0x60 [ 457.713130] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 457.718903] RSP: 0018:ffff8801b61f7928 EFLAGS: 00010246 [ 457.724247] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 457.731495] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b61f7d28 [ 457.738744] RBP: ffff8801b61f7a08 R08: 0000000000000000 R09: 1ffff10036c3eee7 [ 457.745993] R10: ffff8801b61f7858 R11: 0000000000000003 R12: 1ffff10036c3ef28 [ 457.753243] R13: ffff8801b61f79e0 R14: 0000000000000000 R15: ffff8801b61f7d20 [ 457.760509] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 457.765694] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 457.770873] ? iov_iter_revert+0x9d0/0x9d0 [ 457.775096] ? mark_held_locks+0xaf/0x100 [ 457.779224] ? simple_xattr_get+0xeb/0x160 [ 457.783443] ? current_kernel_time64+0x122/0x2f0 [ 457.788186] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 457.793195] generic_perform_write+0x200/0x600 [ 457.797783] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 457.803042] ? generic_update_time+0x1b2/0x270 [ 457.807612] ? __mnt_drop_write_file+0xd/0x70 [ 457.812087] ? file_update_time+0xbf/0x470 [ 457.816312] ? current_time+0xc0/0xc0 [ 457.820103] ? down_write+0x87/0x120 [ 457.823804] __generic_file_write_iter+0x366/0x5b0 [ 457.828715] ? check_noncircular+0x20/0x20 [ 457.832940] generic_file_write_iter+0x399/0x790 [ 457.837689] ? __generic_file_write_iter+0x5b0/0x5b0 [ 457.842779] ? iov_iter_init+0xaf/0x1d0 [ 457.846742] __vfs_write+0x684/0x970 [ 457.850435] ? lock_acquire+0x1d5/0x580 [ 457.854398] ? kernel_read+0x120/0x120 [ 457.858300] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 457.863038] ? __sb_start_write+0x209/0x2a0 [ 457.867346] vfs_write+0x189/0x510 [ 457.870875] SyS_write+0xef/0x220 [ 457.874316] ? SyS_read+0x220/0x220 [ 457.877925] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 457.882929] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 457.887683] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 457.892417] RIP: 0033:0x452e39 [ 457.895585] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 457.903273] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 457.910523] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 457.917773] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 457.925025] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 457.932273] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 [ 457.939556] CPU: 0 PID: 22244 Comm: syz-executor1 Not tainted 4.15.0-rc8+ #265 [ 457.946914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.956257] Call Trace: [ 457.958854] dump_stack+0x194/0x257 [ 457.962473] ? arch_local_irq_restore+0x53/0x53 [ 457.967124] ? handle_userfault+0x12b7/0x24c0 [ 457.971597] handle_userfault+0x12fa/0x24c0 [ 457.975890] ? handle_userfault+0x150b/0x24c0 [ 457.980368] ? userfaultfd_ioctl+0x4520/0x4520 [ 457.984936] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 457.990110] ? __lock_is_held+0xb6/0x140 [ 457.994157] ? print_irqtrace_events+0x270/0x270 [ 457.998895] ? print_irqtrace_events+0x270/0x270 [ 458.003630] ? get_user_pages_fast+0x277/0x340 [ 458.008187] ? switched_to_fair+0xb0/0xb0 [ 458.012305] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 458.017301] ? trace_hardirqs_on+0xd/0x10 [ 458.021424] ? get_user_pages_fast+0x14e/0x340 [ 458.025982] ? pick_next_entity+0x197/0x400 [ 458.030289] ? __lock_acquire+0x664/0x3e00 [ 458.034499] ? check_noncircular+0x20/0x20 [ 458.038701] ? __lock_acquire+0x664/0x3e00 [ 458.042919] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 458.048083] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 458.053247] ? find_held_lock+0x35/0x1d0 [ 458.057287] ? __handle_mm_fault+0x3296/0x3ce0 [ 458.061842] ? lock_downgrade+0x980/0x980 [ 458.065966] ? lock_release+0xa40/0xa40 [ 458.069915] ? copy_overflow+0x20/0x20 [ 458.073775] ? do_raw_spin_trylock+0x190/0x190 [ 458.078330] ? userfaultfd_ctx_put+0x740/0x740 [ 458.082892] __handle_mm_fault+0x32a3/0x3ce0 [ 458.087280] ? __pmd_alloc+0x4e0/0x4e0 [ 458.091142] ? print_irqtrace_events+0x270/0x270 [ 458.095880] ? find_held_lock+0x35/0x1d0 [ 458.099922] ? handle_mm_fault+0x248/0x8d0 [ 458.104131] ? lock_downgrade+0x980/0x980 [ 458.108305] handle_mm_fault+0x334/0x8d0 [ 458.112342] ? down_read+0x96/0x150 [ 458.115941] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 458.120493] ? vmacache_find+0x5f/0x280 [ 458.124443] ? find_vma+0x30/0x150 [ 458.127962] __do_page_fault+0x5c9/0xc90 [ 458.132000] ? mm_fault_error+0x2c0/0x2c0 [ 458.136128] ? find_held_lock+0x35/0x1d0 [ 458.140171] do_page_fault+0xee/0x720 [ 458.143945] ? __do_page_fault+0xc90/0xc90 [ 458.148158] ? lock_release+0xa40/0xa40 [ 458.152108] ? do_raw_spin_trylock+0x190/0x190 [ 458.156671] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 458.161491] page_fault+0x2c/0x60 [ 458.164917] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 458.170684] RSP: 0018:ffff8801c5d07928 EFLAGS: 00010246 [ 458.176026] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 458.183268] RDX: 000000000000010b RSI: ffffc90003b70000 RDI: ffff8801c5d07d28 [ 458.190510] RBP: ffff8801c5d07a08 R08: 0000000000000000 R09: 1ffff10038ba0ee7 [ 458.197750] R10: ffff8801c5d07858 R11: 0000000000000003 R12: 1ffff10038ba0f28 [ 458.204993] R13: ffff8801c5d079e0 R14: 0000000000000000 R15: ffff8801c5d07d20 [ 458.212258] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 458.217432] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 458.222597] ? iov_iter_revert+0x9d0/0x9d0 [ 458.226810] ? mark_held_locks+0xaf/0x100 [ 458.230930] ? simple_xattr_get+0xeb/0x160 [ 458.235145] ? current_kernel_time64+0x122/0x2f0 [ 458.239876] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 458.244875] generic_perform_write+0x200/0x600 [ 458.249445] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 458.254694] ? generic_update_time+0x1b2/0x270 [ 458.259251] ? __mnt_drop_write_file+0xd/0x70 [ 458.263720] ? file_update_time+0xbf/0x470 [ 458.267929] ? current_time+0xc0/0xc0 [ 458.271710] ? down_write+0x87/0x120 [ 458.275408] __generic_file_write_iter+0x366/0x5b0 [ 458.280308] ? check_noncircular+0x20/0x20 [ 458.284519] generic_file_write_iter+0x399/0x790 [ 458.289255] ? __generic_file_write_iter+0x5b0/0x5b0 [ 458.294337] ? iov_iter_init+0xaf/0x1d0 [ 458.298287] __vfs_write+0x684/0x970 [ 458.301970] ? lock_acquire+0x1d5/0x580 [ 458.305930] ? kernel_read+0x120/0x120 [ 458.309811] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 458.314540] ? __sb_start_write+0x209/0x2a0 [ 458.318837] vfs_write+0x189/0x510 [ 458.322354] SyS_write+0xef/0x220 [ 458.325785] ? SyS_read+0x220/0x220 [ 458.329384] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 458.334380] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 458.339120] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 458.343848] RIP: 0033:0x452e39 [ 458.347011] RSP: 002b:00007f0774425c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 458.354699] RAX: ffffffffffffffda RBX: 00007f0774426700 RCX: 0000000000452e39 [ 458.361940] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 [ 458.369181] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 458.376421] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 458.383663] R13: 0000000000a2f7ef R14: 00007f07744269c0 R15: 0000000000000000 2018/01/17 19:07:30 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:30 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x200, 0x7, 0x68}) 2018/01/17 19:07:30 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:30 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:30 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00007c8000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x1, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) r2 = syz_open_dev$amidi(&(0x7f0000af2000-0xc)='/dev/amidi#\x00', 0x5, 0x620282) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r0, &(0x7f000074a000)={0x20000001, 0x0}) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f00000a8000)={r1, 0x8}, 0x8) connect$inet6(r2, &(0x7f00006f5000-0x1c)={0xa, 0x0, 0x8, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x1}, 0x1c) 2018/01/17 19:07:30 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:30 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = memfd_create(&(0x7f0000a7a000)='\x00', 0x2) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000256000-0x8)={0x0, 0x0}, &(0x7f0000b83000-0x4)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f000057e000-0x98)={r1, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x0, 0x10}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x6, 0x0}, 0x98) r2 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r3 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r2, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r2, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000dc3000)={&(0x7f0000e72000/0x2000)=nil, 0x2000}) 2018/01/17 19:07:30 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000459000-0xa)='./control\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:30 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:30 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x7, 0x68}) 2018/01/17 19:07:30 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x105400) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:30 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000ff000)=@assoc_id=0x0, &(0x7f0000d68000-0x4)=0x4) syslog(0x1, &(0x7f0000fcb000-0x50)=""/80, 0x50) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={r1, 0x10, &(0x7f0000e93000+0xd8d)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x2e86763d) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f0000c1a000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) setitimer(0x3, &(0x7f00000c8000-0x20)={{0x77359400, 0x0}, {0x0, 0x0}}, &(0x7f0000f6b000)={{0x0, 0x0}, {0x0, 0x0}}) 2018/01/17 19:07:30 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}) 2018/01/17 19:07:30 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:30 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:30 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000703000-0x4)=0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000caf000)=@pic={0x0, 0x31, 0x400, 0x6, 0x5, 0x9f62, 0x4, 0x30000000000, 0x3f0, 0x40, 0x9, 0x80000000, 0x1ff, 0x40, 0x400, 0x7fff}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f0000d98000-0xa)='./control\x00', &(0x7f00004f8000)='./file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') r3 = syz_open_dev$vcsa(&(0x7f000056f000-0xb)='/dev/vcsa#\x00', 0x5, 0x101001) ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000159000/0x1000)=nil, 0x1000}) 2018/01/17 19:07:30 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:30 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 458.568392] sctp: [Deprecated]: syz-executor6 (pid 22303) Use of int in maxseg socket option. [ 458.568392] Use struct sctp_assoc_value instead [ 458.609230] sctp: [Deprecated]: syz-executor6 (pid 22303) Use of int in maxseg socket option. [ 458.609230] Use struct sctp_assoc_value instead 2018/01/17 19:07:30 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:30 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:30 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x2, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:30 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000ab8000)='/selinux/load\x00', 0x2, 0x0) connect$unix(r1, &(0x7f0000bda000-0x8)=@abs={0x1, 0x0, 0x1}, 0x8) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000531000-0x10)={0xd000, 0x1000, 0x0}) 2018/01/17 19:07:30 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)="", 0x0, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:30 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:30 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f000051f000-0x17)='/selinux/validatetrans\x00', 0x1, 0x0) getsockname$unix(r0, &(0x7f000079b000)=@abs={0x0, 0x0, 0xffffffffffffffff}, &(0x7f0000ee9000)=0x8) r1 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r1, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r2, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:30 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}) 2018/01/17 19:07:30 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)="", 0x0, 0x0, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:30 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/17 19:07:30 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:30 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:30 executing program 6: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000b27000)='/dev/cuse\x00', 0x400, 0x0) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000871000)={@common='bpq0\x00', @ifru_addrs={0x2, 0x3, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) flock(r0, 0x5) sendto$inet6(r1, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:30 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)="", 0x0, 0x0, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:30 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:30 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/17 19:07:30 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:30 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) [ 458.835945] FAULT_FLAG_ALLOW_RETRY missing 30 [ 458.841840] CPU: 1 PID: 22343 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 458.849219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 458.858568] Call Trace: [ 458.861163] dump_stack+0x194/0x257 [ 458.864794] ? arch_local_irq_restore+0x53/0x53 [ 458.869466] ? handle_userfault+0x12b7/0x24c0 [ 458.873963] handle_userfault+0x12fa/0x24c0 [ 458.878285] ? handle_userfault+0x150b/0x24c0 [ 458.882798] ? userfaultfd_ioctl+0x4520/0x4520 [ 458.887375] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 458.892559] ? __lock_is_held+0xb6/0x140 [ 458.896638] ? print_irqtrace_events+0x270/0x270 [ 458.901382] ? print_irqtrace_events+0x270/0x270 [ 458.906116] ? get_user_pages_fast+0x277/0x340 [ 458.910675] ? switched_to_fair+0xb0/0xb0 [ 458.914806] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 458.919829] ? trace_hardirqs_on+0xd/0x10 [ 458.923953] ? get_user_pages_fast+0x14e/0x340 [ 458.928513] ? pick_next_entity+0x197/0x400 [ 458.932811] ? __lock_acquire+0x664/0x3e00 [ 458.937033] ? check_noncircular+0x20/0x20 [ 458.941254] ? __lock_acquire+0x664/0x3e00 [ 458.945496] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 458.950671] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 458.955842] ? find_held_lock+0x35/0x1d0 [ 458.959896] ? __handle_mm_fault+0x3296/0x3ce0 [ 458.964461] ? lock_downgrade+0x980/0x980 [ 458.968591] ? lock_release+0xa40/0xa40 [ 458.972542] ? copy_overflow+0x20/0x20 [ 458.976418] ? do_raw_spin_trylock+0x190/0x190 [ 458.980988] ? userfaultfd_ctx_put+0x740/0x740 [ 458.985565] __handle_mm_fault+0x32a3/0x3ce0 [ 458.989957] ? __pmd_alloc+0x4e0/0x4e0 [ 458.993822] ? print_irqtrace_events+0x270/0x270 [ 458.998567] ? find_held_lock+0x35/0x1d0 [ 459.002621] ? handle_mm_fault+0x248/0x8d0 [ 459.006834] ? lock_downgrade+0x980/0x980 [ 459.010987] handle_mm_fault+0x334/0x8d0 [ 459.015036] ? down_read+0x96/0x150 [ 459.018648] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 459.023216] ? vmacache_find+0x5f/0x280 [ 459.027195] ? find_vma+0x30/0x150 [ 459.030721] __do_page_fault+0x5c9/0xc90 [ 459.034764] ? mm_fault_error+0x2c0/0x2c0 [ 459.038886] ? find_held_lock+0x35/0x1d0 [ 459.042928] do_page_fault+0xee/0x720 [ 459.046704] ? __do_page_fault+0xc90/0xc90 [ 459.050912] ? lock_release+0xa40/0xa40 [ 459.054876] ? do_raw_spin_trylock+0x190/0x190 [ 459.059444] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 459.064267] page_fault+0x2c/0x60 [ 459.067695] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 459.073468] RSP: 0018:ffff8801cf957928 EFLAGS: 00010246 [ 459.078804] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 459.086052] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801cf957d28 [ 459.093293] RBP: ffff8801cf957a08 R08: 0000000000000000 R09: 1ffff10039f2aee7 [ 459.100533] R10: ffff8801cf957858 R11: 0000000000000003 R12: 1ffff10039f2af28 [ 459.107778] R13: ffff8801cf9579e0 R14: 0000000000000000 R15: ffff8801cf957d20 [ 459.115047] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 459.120226] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 459.125395] ? iov_iter_revert+0x9d0/0x9d0 [ 459.129614] ? mark_held_locks+0xaf/0x100 [ 459.133733] ? simple_xattr_get+0xeb/0x160 [ 459.137940] ? current_kernel_time64+0x122/0x2f0 [ 459.142670] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 459.147666] generic_perform_write+0x200/0x600 [ 459.152238] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 459.157487] ? generic_update_time+0x1b2/0x270 [ 459.162051] ? __mnt_drop_write_file+0xd/0x70 [ 459.166522] ? file_update_time+0xbf/0x470 [ 459.170742] ? current_time+0xc0/0xc0 [ 459.174530] ? down_write+0x87/0x120 [ 459.178222] __generic_file_write_iter+0x366/0x5b0 [ 459.183124] ? check_noncircular+0x20/0x20 [ 459.187349] generic_file_write_iter+0x399/0x790 [ 459.192089] ? __generic_file_write_iter+0x5b0/0x5b0 [ 459.197174] ? iov_iter_init+0xaf/0x1d0 [ 459.201135] __vfs_write+0x684/0x970 [ 459.204820] ? lock_acquire+0x1d5/0x580 [ 459.208786] ? kernel_read+0x120/0x120 [ 459.212666] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 459.217397] ? __sb_start_write+0x209/0x2a0 [ 459.221697] vfs_write+0x189/0x510 [ 459.225216] SyS_write+0xef/0x220 [ 459.228646] ? SyS_read+0x220/0x220 [ 459.232247] ? trace_hardirqs_on_caller+0x421/0x5c0 2018/01/17 19:07:31 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) r2 = add_key(&(0x7f0000c3b000)='ceph\x00', &(0x7f000095f000)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f0000b67000)="5281efd0685e06cf0737ecc4eb9e93f6afae0bb74c4901b00e40e2de069af466750cc5beb154ff7bfdbb052b0e8c2d34ca160340e216d8c95a8b198c17b73bf8b0adb32ad1ed80b9492cbe40f34832b83f8cfe73a511971d544d3a14f3c1cf5a26e8b7fc", 0x64, 0xfffffffffffffffd) keyctl$invalidate(0x15, r2) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:31 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) [ 459.237260] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.242028] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 459.246772] RIP: 0033:0x452e39 [ 459.249947] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 459.257651] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 459.264911] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 459.272175] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 459.279427] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 2018/01/17 19:07:31 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$midi(&(0x7f0000ffd000)='/dev/midi#\x00', 0x1ff, 0x20000) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f00005fc000-0xc)={0xffffffff, 0x4, [0x1]}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r1, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) [ 459.286674] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 459.335931] FAULT_FLAG_ALLOW_RETRY missing 30 [ 459.340600] CPU: 1 PID: 22343 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 459.347956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.357305] Call Trace: [ 459.359593] FAULT_FLAG_ALLOW_RETRY missing 30 [ 459.364358] dump_stack+0x194/0x257 [ 459.367978] ? arch_local_irq_restore+0x53/0x53 [ 459.372637] ? handle_userfault+0x12b7/0x24c0 [ 459.377122] handle_userfault+0x12fa/0x24c0 [ 459.381427] ? handle_userfault+0x150b/0x24c0 [ 459.385921] ? userfaultfd_ioctl+0x4520/0x4520 [ 459.390487] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 459.395656] ? __lock_is_held+0xb6/0x140 [ 459.399695] ? print_irqtrace_events+0x270/0x270 [ 459.404447] ? print_irqtrace_events+0x270/0x270 [ 459.409185] ? print_irqtrace_events+0x270/0x270 [ 459.413924] ? get_user_pages_fast+0x277/0x340 [ 459.418488] ? switched_to_fair+0xb0/0xb0 [ 459.422617] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 459.427613] ? trace_hardirqs_on+0xd/0x10 [ 459.431741] ? get_user_pages_fast+0x14e/0x340 [ 459.436310] ? pick_next_entity+0x197/0x400 [ 459.440619] ? __lock_acquire+0x664/0x3e00 [ 459.444836] ? check_noncircular+0x20/0x20 [ 459.449053] ? __lock_acquire+0x664/0x3e00 [ 459.453289] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 459.458463] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 459.463641] ? find_held_lock+0x35/0x1d0 [ 459.467698] ? __handle_mm_fault+0x3296/0x3ce0 [ 459.472263] ? lock_downgrade+0x980/0x980 [ 459.476397] ? lock_release+0xa40/0xa40 [ 459.480355] ? copy_overflow+0x20/0x20 [ 459.484229] ? do_raw_spin_trylock+0x190/0x190 [ 459.488793] ? userfaultfd_ctx_put+0x740/0x740 [ 459.493373] __handle_mm_fault+0x32a3/0x3ce0 [ 459.497771] ? __pmd_alloc+0x4e0/0x4e0 [ 459.501641] ? print_irqtrace_events+0x270/0x270 [ 459.506386] ? find_held_lock+0x35/0x1d0 [ 459.510445] ? handle_mm_fault+0x248/0x8d0 [ 459.514662] ? lock_downgrade+0x980/0x980 [ 459.518833] handle_mm_fault+0x334/0x8d0 [ 459.522877] ? down_read+0x96/0x150 [ 459.526489] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 459.531057] ? vmacache_find+0x5f/0x280 [ 459.535019] ? find_vma+0x30/0x150 [ 459.538551] __do_page_fault+0x5c9/0xc90 [ 459.542607] ? mm_fault_error+0x2c0/0x2c0 [ 459.546739] ? find_held_lock+0x35/0x1d0 [ 459.550792] do_page_fault+0xee/0x720 [ 459.554580] ? __do_page_fault+0xc90/0xc90 [ 459.558800] ? lock_release+0xa40/0xa40 [ 459.562769] ? do_raw_spin_trylock+0x190/0x190 [ 459.567345] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 459.572183] page_fault+0x2c/0x60 [ 459.575619] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 459.581393] RSP: 0018:ffff8801cf957928 EFLAGS: 00010246 [ 459.586737] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 459.593986] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801cf957d28 [ 459.601236] RBP: ffff8801cf957a08 R08: 0000000000000000 R09: 1ffff10039f2aee7 [ 459.608487] R10: ffff8801cf957858 R11: 0000000000000003 R12: 1ffff10039f2af28 [ 459.615736] R13: ffff8801cf9579e0 R14: 0000000000000000 R15: ffff8801cf957d20 [ 459.623003] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 459.628184] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 459.633358] ? iov_iter_revert+0x9d0/0x9d0 [ 459.637585] ? mark_held_locks+0xaf/0x100 [ 459.641712] ? simple_xattr_get+0xeb/0x160 [ 459.645932] ? current_kernel_time64+0x122/0x2f0 [ 459.650674] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 459.655680] generic_perform_write+0x200/0x600 [ 459.660265] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 459.665524] ? generic_update_time+0x1b2/0x270 [ 459.670094] ? __mnt_drop_write_file+0xd/0x70 [ 459.674569] ? file_update_time+0xbf/0x470 [ 459.678788] ? current_time+0xc0/0xc0 [ 459.682581] ? down_write+0x87/0x120 [ 459.686283] __generic_file_write_iter+0x366/0x5b0 [ 459.691192] ? check_noncircular+0x20/0x20 [ 459.695416] generic_file_write_iter+0x399/0x790 [ 459.700159] ? __generic_file_write_iter+0x5b0/0x5b0 [ 459.705248] ? iov_iter_init+0xaf/0x1d0 [ 459.709212] __vfs_write+0x684/0x970 [ 459.712903] ? lock_acquire+0x1d5/0x580 [ 459.716863] ? kernel_read+0x120/0x120 [ 459.720765] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 459.725503] ? __sb_start_write+0x209/0x2a0 [ 459.729814] vfs_write+0x189/0x510 [ 459.733344] SyS_write+0xef/0x220 [ 459.736783] ? SyS_read+0x220/0x220 [ 459.740392] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 459.745391] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.750139] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 459.754873] RIP: 0033:0x452e39 [ 459.758045] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 459.765735] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 459.772987] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 459.780235] RBP: 0000000000000408 R08: 0000000000000000 R09: 0000000000000000 [ 459.787485] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4160 [ 459.794734] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 459.802030] CPU: 0 PID: 22390 Comm: syz-executor1 Not tainted 4.15.0-rc8+ #265 [ 459.809501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.818842] Call Trace: [ 459.821426] dump_stack+0x194/0x257 [ 459.825058] ? arch_local_irq_restore+0x53/0x53 [ 459.829739] ? handle_userfault+0x12b7/0x24c0 [ 459.834232] handle_userfault+0x12fa/0x24c0 [ 459.838547] ? handle_userfault+0x150b/0x24c0 [ 459.843059] ? userfaultfd_ioctl+0x4520/0x4520 [ 459.847621] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 459.852781] ? __lock_is_held+0xb6/0x140 [ 459.856824] ? print_irqtrace_events+0x270/0x270 [ 459.861555] ? print_irqtrace_events+0x270/0x270 [ 459.866283] ? get_user_pages_fast+0x277/0x340 [ 459.870841] ? switched_to_fair+0xb0/0xb0 [ 459.874960] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 459.879950] ? trace_hardirqs_on+0xd/0x10 [ 459.884070] ? get_user_pages_fast+0x14e/0x340 [ 459.888629] ? pick_next_entity+0x197/0x400 [ 459.892927] ? __lock_acquire+0x664/0x3e00 [ 459.897140] ? check_noncircular+0x20/0x20 [ 459.901351] ? __lock_acquire+0x664/0x3e00 [ 459.905573] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 459.910736] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 459.915907] ? find_held_lock+0x35/0x1d0 [ 459.919947] ? __handle_mm_fault+0x3296/0x3ce0 [ 459.924505] ? lock_downgrade+0x980/0x980 [ 459.928637] ? lock_release+0xa40/0xa40 [ 459.932584] ? copy_overflow+0x20/0x20 [ 459.936445] ? do_raw_spin_trylock+0x190/0x190 [ 459.941002] ? userfaultfd_ctx_put+0x740/0x740 [ 459.945580] __handle_mm_fault+0x32a3/0x3ce0 [ 459.949984] ? __pmd_alloc+0x4e0/0x4e0 [ 459.953872] ? print_irqtrace_events+0x270/0x270 [ 459.958608] ? find_held_lock+0x35/0x1d0 [ 459.962656] ? handle_mm_fault+0x248/0x8d0 [ 459.966862] ? lock_downgrade+0x980/0x980 [ 459.971009] handle_mm_fault+0x334/0x8d0 [ 459.975058] ? down_read+0x96/0x150 [ 459.978662] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 459.983218] ? vmacache_find+0x5f/0x280 [ 459.987172] ? find_vma+0x30/0x150 [ 459.990688] __do_page_fault+0x5c9/0xc90 [ 459.994729] ? mm_fault_error+0x2c0/0x2c0 [ 459.998851] ? find_held_lock+0x35/0x1d0 [ 460.002893] do_page_fault+0xee/0x720 [ 460.006669] ? __do_page_fault+0xc90/0xc90 [ 460.010886] ? lock_release+0xa40/0xa40 [ 460.014841] ? do_raw_spin_trylock+0x190/0x190 [ 460.019405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 460.024228] page_fault+0x2c/0x60 [ 460.027656] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 460.033420] RSP: 0018:ffff8801cf1cf928 EFLAGS: 00010246 [ 460.038756] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 460.046027] RDX: 000000000000010b RSI: ffffc90003b70000 RDI: ffff8801cf1cfd28 [ 460.053271] RBP: ffff8801cf1cfa08 R08: 0000000000000000 R09: 1ffff10039e39ee7 [ 460.060512] R10: ffff8801cf1cf858 R11: 0000000000000003 R12: 1ffff10039e39f28 [ 460.067752] R13: ffff8801cf1cf9e0 R14: 0000000000000000 R15: ffff8801cf1cfd20 [ 460.075018] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 460.080206] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 460.085377] ? iov_iter_revert+0x9d0/0x9d0 [ 460.089589] ? mark_held_locks+0xaf/0x100 [ 460.093709] ? simple_xattr_get+0xeb/0x160 [ 460.097917] ? current_kernel_time64+0x122/0x2f0 [ 460.102648] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 460.107652] generic_perform_write+0x200/0x600 [ 460.112220] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 460.117470] ? generic_update_time+0x1b2/0x270 [ 460.122038] ? __mnt_drop_write_file+0xd/0x70 [ 460.126509] ? file_update_time+0xbf/0x470 [ 460.130718] ? current_time+0xc0/0xc0 [ 460.134494] ? down_write+0x87/0x120 [ 460.138196] __generic_file_write_iter+0x366/0x5b0 [ 460.143099] ? check_noncircular+0x20/0x20 [ 460.147312] generic_file_write_iter+0x399/0x790 [ 460.152048] ? __generic_file_write_iter+0x5b0/0x5b0 [ 460.157138] ? iov_iter_init+0xaf/0x1d0 [ 460.161095] __vfs_write+0x684/0x970 [ 460.164781] ? lock_acquire+0x1d5/0x580 [ 460.168732] ? kernel_read+0x120/0x120 [ 460.172611] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 460.177338] ? __sb_start_write+0x209/0x2a0 [ 460.181638] vfs_write+0x189/0x510 [ 460.185156] SyS_write+0xef/0x220 [ 460.188592] ? SyS_read+0x220/0x220 [ 460.192209] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 460.197468] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.202202] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 460.206928] RIP: 0033:0x452e39 [ 460.210090] RSP: 002b:00007f0774425c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 460.217771] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 460.225021] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 460.232273] RBP: 0000000000000315 R08: 0000000000000000 R09: 0000000000000000 [ 460.239524] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2a98 [ 460.246765] R13: 00000000ffffffff R14: 00007f07744266d4 R15: 0000000000000000 2018/01/17 19:07:32 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:32 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)="", 0x0, 0x0, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:32 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:32 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/17 19:07:32 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000159000)='.', 0x1, 0x800, &(0x7f000086d000)={0xa, 0x3, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa}, 0x0}, 0x1c) 2018/01/17 19:07:32 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000a6d000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f000093e000)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000b3000-0x28)={@generic="8eecbd8be05819619bbe4bfbff26268e", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x2, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') getdents64(r0, &(0x7f0000cdc000)=""/0, 0x0) signalfd4(r1, &(0x7f0000acf000)={0x10000}, 0x8, 0x80000) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:32 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x42200, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c3a000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x3}, {0x3, 0xfffffffffffffffe}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f000021a000-0x10)={&(0x7f00006cb000/0x1000)=nil, 0x1000}) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') userfaultfd(0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:32 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:32 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:32 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:32 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)="", 0x0, 0x4000841, &(0x7f000086d000)={0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:32 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:32 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000227000)={@common='gre0\x00', @ifru_flags=0x800}) sendto$inet6(r0, &(0x7f0000704000)='.', 0x0, 0x8004, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0xffffffffffffff93) io_setup(0x8, &(0x7f0000571000+0x675)=0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000805000-0x4)=0x0) [ 460.399624] FAULT_FLAG_ALLOW_RETRY missing 30 [ 460.413956] CPU: 1 PID: 22418 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 460.421358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.430700] Call Trace: [ 460.433265] dump_stack+0x194/0x257 [ 460.436873] ? arch_local_irq_restore+0x53/0x53 [ 460.441541] ? handle_userfault+0x12b7/0x24c0 [ 460.446037] handle_userfault+0x12fa/0x24c0 [ 460.450350] ? handle_userfault+0x150b/0x24c0 [ 460.454858] ? userfaultfd_ioctl+0x4520/0x4520 [ 460.459438] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 460.464619] ? find_held_lock+0x35/0x1d0 [ 460.468658] ? print_irqtrace_events+0x270/0x270 [ 460.473386] ? print_irqtrace_events+0x270/0x270 [ 460.478111] ? cpuacct_charge+0x2e6/0x5c0 [ 460.482243] ? find_held_lock+0x35/0x1d0 [ 460.483369] FAULT_FLAG_ALLOW_RETRY missing 30 [ 460.490770] ? __lock_acquire+0x664/0x3e00 [ 460.494988] ? check_noncircular+0x20/0x20 [ 460.499201] ? __lock_acquire+0x664/0x3e00 [ 460.503415] ? lock_release+0xa40/0xa40 [ 460.507375] ? __lock_is_held+0xb6/0x140 [ 460.511430] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 460.516602] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 460.521781] ? find_held_lock+0x35/0x1d0 [ 460.525840] ? __handle_mm_fault+0x3296/0x3ce0 [ 460.530406] ? lock_downgrade+0x980/0x980 [ 460.534540] ? lock_release+0xa40/0xa40 [ 460.538499] ? update_cfs_rq_load_avg.part.69+0x2d0/0x2d0 [ 460.544025] ? do_raw_spin_trylock+0x190/0x190 [ 460.548593] ? userfaultfd_ctx_put+0x740/0x740 [ 460.553176] __handle_mm_fault+0x32a3/0x3ce0 [ 460.557575] ? __pmd_alloc+0x4e0/0x4e0 [ 460.561441] ? print_irqtrace_events+0x270/0x270 [ 460.566190] ? find_held_lock+0x35/0x1d0 [ 460.570245] ? handle_mm_fault+0x248/0x8d0 [ 460.574469] ? lock_downgrade+0x980/0x980 [ 460.578634] handle_mm_fault+0x334/0x8d0 [ 460.582678] ? down_read+0x96/0x150 [ 460.586288] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 460.590852] ? vmacache_find+0x5f/0x280 [ 460.594815] ? find_vma+0x30/0x150 [ 460.598345] __do_page_fault+0x5c9/0xc90 [ 460.602402] ? mm_fault_error+0x2c0/0x2c0 [ 460.606531] ? find_held_lock+0x35/0x1d0 [ 460.610585] do_page_fault+0xee/0x720 [ 460.614368] ? __do_page_fault+0xc90/0xc90 [ 460.618586] ? lock_release+0xa40/0xa40 [ 460.622551] ? do_raw_spin_trylock+0x190/0x190 [ 460.627129] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 460.631964] page_fault+0x2c/0x60 [ 460.635401] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 460.641174] RSP: 0018:ffff8801d07ff928 EFLAGS: 00010246 [ 460.646517] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 460.653766] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d07ffd28 [ 460.661019] RBP: ffff8801d07ffa08 R08: 0000000000000000 R09: 1ffff1003a0ffee7 [ 460.668267] R10: ffff8801d07ff858 R11: 0000000000000003 R12: 1ffff1003a0fff28 [ 460.675520] R13: ffff8801d07ff9e0 R14: 0000000000000000 R15: ffff8801d07ffd20 [ 460.682787] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 460.687970] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 460.693146] ? iov_iter_revert+0x9d0/0x9d0 [ 460.697367] ? mark_held_locks+0xaf/0x100 [ 460.701497] ? simple_xattr_get+0xeb/0x160 [ 460.705717] ? current_kernel_time64+0x122/0x2f0 [ 460.710465] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 460.715472] generic_perform_write+0x200/0x600 [ 460.720058] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 460.725315] ? generic_update_time+0x1b2/0x270 [ 460.729885] ? __mnt_drop_write_file+0xd/0x70 [ 460.734365] ? file_update_time+0xbf/0x470 [ 460.738587] ? current_time+0xc0/0xc0 [ 460.742376] ? down_write+0x87/0x120 [ 460.746081] __generic_file_write_iter+0x366/0x5b0 [ 460.750991] ? check_noncircular+0x20/0x20 [ 460.755217] generic_file_write_iter+0x399/0x790 [ 460.759962] ? __generic_file_write_iter+0x5b0/0x5b0 [ 460.765052] ? iov_iter_init+0xaf/0x1d0 [ 460.769023] __vfs_write+0x684/0x970 [ 460.772714] ? lock_acquire+0x1d5/0x580 [ 460.776676] ? kernel_read+0x120/0x120 [ 460.780578] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 460.785315] ? __sb_start_write+0x209/0x2a0 [ 460.789627] vfs_write+0x189/0x510 [ 460.793156] SyS_write+0xef/0x220 [ 460.796596] ? SyS_read+0x220/0x220 [ 460.800201] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 460.805201] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.809953] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 460.814688] RIP: 0033:0x452e39 [ 460.817856] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 460.825545] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 460.832794] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 [ 460.840052] RBP: 0000000000000062 R08: 0000000000000000 R09: 0000000000000000 2018/01/17 19:07:32 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 460.847301] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee9d0 [ 460.854552] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 460.861835] CPU: 0 PID: 22420 Comm: syz-executor1 Not tainted 4.15.0-rc8+ #265 [ 460.869192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.878536] Call Trace: [ 460.881122] dump_stack+0x194/0x257 [ 460.884750] ? arch_local_irq_restore+0x53/0x53 [ 460.889430] ? handle_userfault+0x12b7/0x24c0 [ 460.893925] handle_userfault+0x12fa/0x24c0 [ 460.898266] ? handle_userfault+0x150b/0x24c0 [ 460.898437] FAULT_FLAG_ALLOW_RETRY missing 30 [ 460.907238] ? userfaultfd_ioctl+0x4520/0x4520 [ 460.911803] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 460.916971] ? __lock_is_held+0xb6/0x140 [ 460.921034] ? print_irqtrace_events+0x270/0x270 [ 460.925773] ? print_irqtrace_events+0x270/0x270 [ 460.930510] ? get_user_pages_fast+0x277/0x340 [ 460.935079] ? switched_to_fair+0xb0/0xb0 [ 460.939206] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 460.944205] ? trace_hardirqs_on+0xd/0x10 [ 460.948337] ? get_user_pages_fast+0x14e/0x340 [ 460.952907] ? pick_next_entity+0x197/0x400 [ 460.957222] ? __lock_acquire+0x664/0x3e00 [ 460.961437] ? check_noncircular+0x20/0x20 [ 460.965649] ? __lock_acquire+0x664/0x3e00 [ 460.969885] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 460.975061] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 460.980240] ? find_held_lock+0x35/0x1d0 [ 460.984298] ? __handle_mm_fault+0x3296/0x3ce0 [ 460.988863] ? lock_downgrade+0x980/0x980 [ 460.993000] ? lock_release+0xa40/0xa40 [ 460.996961] ? copy_overflow+0x20/0x20 [ 461.000836] ? do_raw_spin_trylock+0x190/0x190 [ 461.005401] ? userfaultfd_ctx_put+0x740/0x740 [ 461.009983] __handle_mm_fault+0x32a3/0x3ce0 [ 461.014381] ? __pmd_alloc+0x4e0/0x4e0 [ 461.018249] ? print_irqtrace_events+0x270/0x270 [ 461.022988] ? plist_check_head+0xe2/0x130 [ 461.027214] ? find_held_lock+0x35/0x1d0 [ 461.031267] ? handle_mm_fault+0x248/0x8d0 [ 461.035482] ? lock_downgrade+0x980/0x980 [ 461.039649] handle_mm_fault+0x334/0x8d0 [ 461.043692] ? down_read+0x96/0x150 [ 461.047303] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 461.051864] ? vmacache_find+0x5f/0x280 [ 461.055828] ? find_vma+0x30/0x150 [ 461.059356] __do_page_fault+0x5c9/0xc90 [ 461.063412] ? mm_fault_error+0x2c0/0x2c0 [ 461.067545] ? get_futex_value_locked+0xc3/0xf0 [ 461.072207] do_page_fault+0xee/0x720 [ 461.075994] ? __do_page_fault+0xc90/0xc90 [ 461.080216] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 461.085390] ? check_noncircular+0x20/0x20 [ 461.089611] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 461.094697] ? futex_wait+0x6a9/0x9a0 [ 461.098490] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 461.103328] page_fault+0x2c/0x60 [ 461.106762] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 461.112537] RSP: 0018:ffff8801d4967928 EFLAGS: 00010246 [ 461.117880] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 461.125127] RDX: 00000000000000c9 RSI: ffffc90003b70000 RDI: ffff8801d4967d28 [ 461.132377] RBP: ffff8801d4967a08 R08: 1ffff1003837b972 R09: 0000000000000000 [ 461.139627] R10: ffff8801d4967858 R11: 0000000000000000 R12: 1ffff1003a92cf28 [ 461.146878] R13: ffff8801d49679e0 R14: 0000000000000000 R15: ffff8801d4967d20 [ 461.154146] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 461.159327] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 461.164506] ? iov_iter_revert+0x9d0/0x9d0 [ 461.168728] ? mark_held_locks+0xaf/0x100 [ 461.172857] ? simple_xattr_get+0xeb/0x160 [ 461.177077] ? current_kernel_time64+0x122/0x2f0 [ 461.181816] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 461.186822] generic_perform_write+0x200/0x600 [ 461.191411] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 461.196673] ? current_time+0x88/0xc0 [ 461.200461] ? file_update_time+0xbf/0x470 [ 461.204680] ? current_time+0xc0/0xc0 [ 461.208471] ? down_write+0x87/0x120 [ 461.212175] __generic_file_write_iter+0x366/0x5b0 [ 461.217084] ? check_noncircular+0x20/0x20 [ 461.221312] generic_file_write_iter+0x399/0x790 [ 461.226057] ? __generic_file_write_iter+0x5b0/0x5b0 [ 461.231150] ? iov_iter_init+0xaf/0x1d0 [ 461.235115] __vfs_write+0x684/0x970 [ 461.238809] ? lock_acquire+0x1d5/0x580 [ 461.242772] ? kernel_read+0x120/0x120 [ 461.246674] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 461.251410] ? __sb_start_write+0x209/0x2a0 [ 461.255717] vfs_write+0x189/0x510 [ 461.259246] SyS_write+0xef/0x220 [ 461.262685] ? SyS_read+0x220/0x220 [ 461.266293] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 461.271298] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 461.276046] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 461.280780] RIP: 0033:0x452e39 [ 461.283952] RSP: 002b:00007f0774425c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 461.291643] RAX: ffffffffffffffda RBX: 00007f0774426700 RCX: 0000000000452e39 [ 461.298899] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 461.306148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 461.313398] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 461.320646] R13: 0000000000a2f7ef R14: 00007f07744269c0 R15: 0000000000000000 [ 461.327931] CPU: 1 PID: 22418 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 461.335289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 461.344630] Call Trace: [ 461.347196] dump_stack+0x194/0x257 [ 461.350800] ? arch_local_irq_restore+0x53/0x53 [ 461.355446] ? handle_userfault+0x12b7/0x24c0 [ 461.359920] handle_userfault+0x12fa/0x24c0 [ 461.364231] ? handle_userfault+0x150b/0x24c0 [ 461.368727] ? userfaultfd_ioctl+0x4520/0x4520 [ 461.373285] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 461.378458] ? __lock_is_held+0xb6/0x140 [ 461.382489] ? print_irqtrace_events+0x270/0x270 [ 461.387224] ? print_irqtrace_events+0x270/0x270 [ 461.391952] ? print_irqtrace_events+0x270/0x270 [ 461.396678] ? get_user_pages_fast+0x277/0x340 [ 461.401231] ? switched_to_fair+0xb0/0xb0 [ 461.405349] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 461.410338] ? trace_hardirqs_on+0xd/0x10 [ 461.414457] ? get_user_pages_fast+0x14e/0x340 [ 461.419025] ? pick_next_entity+0x197/0x400 [ 461.423324] ? __lock_acquire+0x664/0x3e00 [ 461.427528] ? check_noncircular+0x20/0x20 [ 461.431730] ? __lock_acquire+0x664/0x3e00 [ 461.435947] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 461.441107] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 461.446269] ? find_held_lock+0x35/0x1d0 [ 461.450308] ? __handle_mm_fault+0x3296/0x3ce0 [ 461.454860] ? lock_downgrade+0x980/0x980 [ 461.458983] ? lock_release+0xa40/0xa40 [ 461.462931] ? copy_overflow+0x20/0x20 [ 461.466792] ? do_raw_spin_trylock+0x190/0x190 [ 461.471358] ? userfaultfd_ctx_put+0x740/0x740 [ 461.475921] __handle_mm_fault+0x32a3/0x3ce0 [ 461.480309] ? __pmd_alloc+0x4e0/0x4e0 [ 461.484170] ? print_irqtrace_events+0x270/0x270 [ 461.488900] ? find_held_lock+0x35/0x1d0 [ 461.492938] ? handle_mm_fault+0x248/0x8d0 [ 461.497153] ? lock_downgrade+0x980/0x980 [ 461.501297] handle_mm_fault+0x334/0x8d0 [ 461.505331] ? down_read+0x96/0x150 [ 461.508931] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 461.513487] ? vmacache_find+0x5f/0x280 [ 461.517437] ? find_vma+0x30/0x150 [ 461.520956] __do_page_fault+0x5c9/0xc90 [ 461.524996] ? mm_fault_error+0x2c0/0x2c0 [ 461.529119] ? find_held_lock+0x35/0x1d0 [ 461.533158] do_page_fault+0xee/0x720 [ 461.536932] ? __do_page_fault+0xc90/0xc90 [ 461.541141] ? lock_release+0xa40/0xa40 [ 461.545090] ? do_raw_spin_trylock+0x190/0x190 [ 461.549652] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 461.554476] page_fault+0x2c/0x60 [ 461.557900] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 461.563663] RSP: 0018:ffff8801d07ff928 EFLAGS: 00010246 [ 461.568996] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 461.576240] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d07ffd28 [ 461.583479] RBP: ffff8801d07ffa08 R08: 0000000000000000 R09: 1ffff1003a0ffee7 [ 461.590718] R10: ffff8801d07ff858 R11: 0000000000000003 R12: 1ffff1003a0fff28 [ 461.597957] R13: ffff8801d07ff9e0 R14: 0000000000000000 R15: ffff8801d07ffd20 [ 461.605209] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 461.610377] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 461.615540] ? iov_iter_revert+0x9d0/0x9d0 [ 461.619752] ? mark_held_locks+0xaf/0x100 [ 461.623872] ? simple_xattr_get+0xeb/0x160 [ 461.628081] ? current_kernel_time64+0x122/0x2f0 [ 461.632811] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 461.637805] generic_perform_write+0x200/0x600 [ 461.642372] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 461.647619] ? generic_update_time+0x1b2/0x270 [ 461.652173] ? __mnt_drop_write_file+0xd/0x70 [ 461.656638] ? file_update_time+0xbf/0x470 [ 461.660848] ? current_time+0xc0/0xc0 [ 461.664627] ? down_write+0x87/0x120 [ 461.668315] __generic_file_write_iter+0x366/0x5b0 [ 461.673216] ? check_noncircular+0x20/0x20 [ 461.677435] generic_file_write_iter+0x399/0x790 [ 461.682167] ? __generic_file_write_iter+0x5b0/0x5b0 [ 461.687245] ? iov_iter_init+0xaf/0x1d0 [ 461.691198] __vfs_write+0x684/0x970 [ 461.694881] ? lock_acquire+0x1d5/0x580 [ 461.698829] ? kernel_read+0x120/0x120 [ 461.702715] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 461.707443] ? __sb_start_write+0x209/0x2a0 [ 461.711746] vfs_write+0x189/0x510 [ 461.715261] SyS_write+0xef/0x220 [ 461.718690] ? SyS_read+0x220/0x220 [ 461.722287] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 461.727284] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 461.732040] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 461.736766] RIP: 0033:0x452e39 [ 461.739926] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 461.747606] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 2018/01/17 19:07:33 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)="", 0x0, 0x4000841, &(0x7f000086d000)={0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:33 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:33 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:33 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f000016d000-0x4)=0x4, 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f000086f000)=0x0) sched_rr_get_interval(r1, &(0x7f00009de000-0x10)={0x0, 0x0}) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000467000)=0x0) sched_getscheduler(r2) 2018/01/17 19:07:33 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:33 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x0) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:33 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f0000c52000)=""/94) r1 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r1, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000932000)=0x0) fremovexattr(r0, &(0x7f0000382000-0xc3)=@known="636f6d2e6170708b652e696e64657249c5666f0093a9604e47682cc58f905569cb111b4f6a2dde5b2d96aa981e605cf00ddc79dd4fa1082475bb30ecf0dbeda16f3ae2dd8fb4855d335b2b73adc3cc73f4bd18aa3ecb5de572ede26c5c2857d9f56c494bb8368e2cfc58f3fd34abeccfa82d7396492847c99e266143f43a3164402033979e2a1825a49c1e93f83ce497da3e48547525b8b4ea765569a2da7234a66107feebb3692be0356f28743549ab21151d235664f2e2455b16f27e5b854abea97b") setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00004d1000)=0x1, 0x4) openat$dir(0xffffffffffffff9c, &(0x7f000000c000)='./file0\x00', 0x8040, 0x2) ppoll(&(0x7f00006a1000)=[{r0, 0x4000, 0x0}, {r1, 0x0, 0x0}, {r1, 0x8, 0x0}], 0x3, &(0x7f0000bbb000)={0x0, 0x989680}, &(0x7f00003a3000)={0x27}, 0x8) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:33 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}) [ 461.754849] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000017 [ 461.762097] RBP: 00000000000003db R08: 0000000000000000 R09: 0000000000000000 [ 461.769336] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3d28 [ 461.776576] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:33 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:33 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:33 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}) 2018/01/17 19:07:33 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:33 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x0) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:33 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000704000)="", 0x0, 0x4000841, &(0x7f000086d000)={0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:33 executing program 6: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000f25000-0x9)='/dev/dsp\x00', 0x80000, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f000086d000)=@assoc_value={0x0, 0x6}, &(0x7f0000001000-0x4)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000147000-0x10)={0x6, 0x1, 0x3, 0x800, r1}, &(0x7f0000f58000)=0x10) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r2, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:33 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000b2b000-0x8)=0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) socketpair$inet(0x2, 0x80000, 0xfffffffffffffffa, &(0x7f00008dd000)={0x0, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:33 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:33 executing program 7: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:34 executing program 7: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:34 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000703000-0x4)=0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000caf000)=@pic={0x0, 0x31, 0x400, 0x6, 0x5, 0x9f62, 0x4, 0x30000000000, 0x3f0, 0x40, 0x9, 0x80000000, 0x1ff, 0x40, 0x400, 0x7fff}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f0000d98000-0xa)='./control\x00', &(0x7f00004f8000)='./file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') r3 = syz_open_dev$vcsa(&(0x7f000056f000-0xb)='/dev/vcsa#\x00', 0x5, 0x101001) ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000159000/0x1000)=nil, 0x1000}) 2018/01/17 19:07:34 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:34 executing program 7: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:34 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:34 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 462.062666] FAULT_FLAG_ALLOW_RETRY missing 30 [ 462.069635] CPU: 0 PID: 22491 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 462.069641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.069644] Call Trace: [ 462.069663] dump_stack+0x194/0x257 [ 462.069681] ? arch_local_irq_restore+0x53/0x53 [ 462.069701] ? handle_userfault+0x12b7/0x24c0 [ 462.069719] handle_userfault+0x12fa/0x24c0 [ 462.069726] ? handle_userfault+0x150b/0x24c0 [ 462.069753] ? userfaultfd_ioctl+0x4520/0x4520 [ 462.069762] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 462.069771] ? __lock_is_held+0xb6/0x140 [ 462.069798] ? print_irqtrace_events+0x270/0x270 [ 462.069810] ? print_irqtrace_events+0x270/0x270 [ 462.069820] ? get_user_pages_fast+0x277/0x340 [ 462.069831] ? switched_to_fair+0xb0/0xb0 [ 462.069850] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 462.069862] ? trace_hardirqs_on+0xd/0x10 [ 462.069872] ? get_user_pages_fast+0x14e/0x340 [ 462.069890] ? pick_next_entity+0x197/0x400 [ 462.069903] ? __lock_acquire+0x664/0x3e00 [ 462.069913] ? check_noncircular+0x20/0x20 [ 462.069920] ? __lock_acquire+0x664/0x3e00 [ 462.069954] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 462.069967] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 462.069984] ? find_held_lock+0x35/0x1d0 [ 462.070010] ? __handle_mm_fault+0x3296/0x3ce0 [ 462.070022] ? lock_downgrade+0x980/0x980 [ 462.070037] ? lock_release+0xa40/0xa40 [ 462.070049] ? copy_overflow+0x20/0x20 [ 462.070061] ? do_raw_spin_trylock+0x190/0x190 [ 462.070072] ? userfaultfd_ctx_put+0x740/0x740 [ 462.070098] __handle_mm_fault+0x32a3/0x3ce0 [ 462.070117] ? __pmd_alloc+0x4e0/0x4e0 [ 462.070126] ? print_irqtrace_events+0x270/0x270 [ 462.070146] ? find_held_lock+0x35/0x1d0 [ 462.070168] ? handle_mm_fault+0x248/0x8d0 [ 462.070180] ? lock_downgrade+0x980/0x980 [ 462.070232] handle_mm_fault+0x334/0x8d0 [ 462.070241] ? down_read+0x96/0x150 [ 462.070253] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 462.070262] ? vmacache_find+0x5f/0x280 [ 462.070279] ? find_vma+0x30/0x150 [ 462.070296] __do_page_fault+0x5c9/0xc90 [ 462.070320] ? mm_fault_error+0x2c0/0x2c0 [ 462.070331] ? find_held_lock+0x35/0x1d0 [ 462.070354] do_page_fault+0xee/0x720 [ 462.070367] ? __do_page_fault+0xc90/0xc90 [ 462.070381] ? lock_release+0xa40/0xa40 [ 462.070401] ? do_raw_spin_trylock+0x190/0x190 [ 462.070428] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 462.070450] page_fault+0x2c/0x60 [ 462.070461] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 462.070465] RSP: 0018:ffff8801d5f87928 EFLAGS: 00010246 [ 462.070474] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 462.070479] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d5f87d28 [ 462.070484] RBP: ffff8801d5f87a08 R08: 0000000000000000 R09: 1ffff1003abf0ee7 [ 462.070489] R10: ffff8801d5f87858 R11: 0000000000000003 R12: 1ffff1003abf0f28 [ 462.070495] R13: ffff8801d5f879e0 R14: 0000000000000000 R15: ffff8801d5f87d20 [ 462.070518] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 462.070538] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 462.070553] ? iov_iter_revert+0x9d0/0x9d0 [ 462.070571] ? mark_held_locks+0xaf/0x100 [ 462.070578] ? simple_xattr_get+0xeb/0x160 [ 462.070590] ? current_kernel_time64+0x122/0x2f0 [ 462.070604] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 462.070621] generic_perform_write+0x200/0x600 [ 462.070656] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 462.070665] ? generic_update_time+0x1b2/0x270 [ 462.070678] ? __mnt_drop_write_file+0xd/0x70 [ 462.070689] ? file_update_time+0xbf/0x470 [ 462.070703] ? current_time+0xc0/0xc0 [ 462.070721] ? down_write+0x87/0x120 [ 462.070740] __generic_file_write_iter+0x366/0x5b0 [ 462.070749] ? check_noncircular+0x20/0x20 [ 462.070768] generic_file_write_iter+0x399/0x790 [ 462.070788] ? __generic_file_write_iter+0x5b0/0x5b0 [ 462.070804] ? iov_iter_init+0xaf/0x1d0 [ 462.070822] __vfs_write+0x684/0x970 [ 462.070829] ? lock_acquire+0x1d5/0x580 [ 462.070849] ? kernel_read+0x120/0x120 [ 462.070897] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 462.070906] ? __sb_start_write+0x209/0x2a0 [ 462.070923] vfs_write+0x189/0x510 [ 462.070941] SyS_write+0xef/0x220 [ 462.070957] ? SyS_read+0x220/0x220 [ 462.070965] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 462.070977] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 462.071000] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 462.071006] RIP: 0033:0x452e39 2018/01/17 19:07:34 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:34 executing program 6: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000001000-0x8)='./file0\x00', 0x7) mq_timedsend(r0, &(0x7f0000a03000)="4dd4d87046bdaf4ab92cfe537af6fb3c080005feac189baad47fb92b534ee3e242d93b133e258b2fb186bcd6d3858e92d33bad1996871f2e1b744cdd8308f0a760b908cf5a06740918ae5aa926e0fd2975e897869185b97678af9c2b6def891ecb315218f6a4712139e84354edbcce30ddeda96f3800dee1877a11343000bb90077e1254402d100bc60efae05235d6477b29ed905f147c35ed93f0b1dff7eb404c1451fbd649dead95ca82d714b76d7fe0890062e53d0edba5132638633ee8be5d6c23579a9a7b", 0xc7, 0x2, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = open(&(0x7f0000a22000-0x8)='./file0\x00', 0x900, 0x40) getsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000374000)=0x0, &(0x7f00006ba000-0x4)=0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r1, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:34 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x0) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:34 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x0, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:34 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000c8c000)={0x5, {0x2, 0x1, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x3, @rand_addr=0xa6d5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xa1, 0x5, 0x20, 0x5, 0x0, 0x0, 0x1, 0x1, 0x7ff}) 2018/01/17 19:07:34 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:34 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 462.071010] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 462.071019] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 462.071024] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 462.071028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 462.071033] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 462.071038] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 2018/01/17 19:07:34 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:34 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:34 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:34 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 462.646838] FAULT_FLAG_ALLOW_RETRY missing 30 [ 462.653271] CPU: 1 PID: 22535 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 462.660651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.669999] Call Trace: [ 462.672576] dump_stack+0x194/0x257 [ 462.676184] ? arch_local_irq_restore+0x53/0x53 [ 462.680845] ? handle_userfault+0x12b7/0x24c0 [ 462.685344] handle_userfault+0x12fa/0x24c0 [ 462.689658] ? handle_userfault+0x150b/0x24c0 [ 462.694145] ? userfaultfd_ioctl+0x4520/0x4520 [ 462.698701] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 462.703870] ? __lock_is_held+0xb6/0x140 [ 462.707913] ? print_irqtrace_events+0x270/0x270 [ 462.712644] ? print_irqtrace_events+0x270/0x270 [ 462.717379] ? get_user_pages_fast+0x277/0x340 [ 462.721942] ? switched_to_fair+0xb0/0xb0 [ 462.726065] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 462.731056] ? trace_hardirqs_on+0xd/0x10 [ 462.735175] ? get_user_pages_fast+0x14e/0x340 [ 462.739735] ? pick_next_entity+0x197/0x400 [ 462.744041] ? __lock_acquire+0x664/0x3e00 [ 462.748250] ? check_noncircular+0x20/0x20 [ 462.752454] ? __lock_acquire+0x664/0x3e00 [ 462.756674] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 462.761839] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 462.767016] ? find_held_lock+0x35/0x1d0 [ 462.771063] ? __handle_mm_fault+0x3296/0x3ce0 [ 462.775628] ? lock_downgrade+0x980/0x980 [ 462.779765] ? lock_release+0xa40/0xa40 [ 462.783718] ? copy_overflow+0x20/0x20 [ 462.787579] ? do_raw_spin_trylock+0x190/0x190 [ 462.792142] ? userfaultfd_ctx_put+0x740/0x740 [ 462.796711] __handle_mm_fault+0x32a3/0x3ce0 [ 462.801097] ? __pmd_alloc+0x4e0/0x4e0 [ 462.804956] ? print_irqtrace_events+0x270/0x270 [ 462.809686] ? plist_check_head+0xe2/0x130 [ 462.813897] ? find_held_lock+0x35/0x1d0 [ 462.817950] ? handle_mm_fault+0x248/0x8d0 [ 462.822158] ? lock_downgrade+0x980/0x980 [ 462.826305] handle_mm_fault+0x334/0x8d0 [ 462.830339] ? down_read+0x96/0x150 [ 462.833950] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 462.838508] ? vmacache_find+0x5f/0x280 [ 462.842458] ? find_vma+0x30/0x150 [ 462.845975] __do_page_fault+0x5c9/0xc90 [ 462.850035] ? mm_fault_error+0x2c0/0x2c0 [ 462.854159] ? get_futex_value_locked+0xc3/0xf0 [ 462.858810] do_page_fault+0xee/0x720 [ 462.862584] ? __do_page_fault+0xc90/0xc90 [ 462.866798] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 462.871966] ? check_noncircular+0x20/0x20 [ 462.876175] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 462.881258] ? futex_wait+0x6a9/0x9a0 [ 462.885047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 462.889869] page_fault+0x2c/0x60 [ 462.893295] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 462.899062] RSP: 0018:ffff8801cf1d7928 EFLAGS: 00010246 [ 462.904400] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 462.911643] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801cf1d7d28 [ 462.918886] RBP: ffff8801cf1d7a08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 462.926130] R10: ffff8801cf1d7858 R11: 0000000000000000 R12: 1ffff10039e3af28 [ 462.933371] R13: ffff8801cf1d79e0 R14: 0000000000000000 R15: ffff8801cf1d7d20 [ 462.940630] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 462.945801] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 462.950969] ? iov_iter_revert+0x9d0/0x9d0 [ 462.955184] ? mark_held_locks+0xaf/0x100 [ 462.959305] ? simple_xattr_get+0xeb/0x160 [ 462.963513] ? current_kernel_time64+0x122/0x2f0 [ 462.968242] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 462.973238] generic_perform_write+0x200/0x600 [ 462.977810] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 462.983074] ? current_time+0x88/0xc0 [ 462.986849] ? file_update_time+0xbf/0x470 [ 462.991061] ? current_time+0xc0/0xc0 [ 462.994840] ? down_write+0x87/0x120 [ 462.998535] __generic_file_write_iter+0x366/0x5b0 [ 463.003443] ? check_noncircular+0x20/0x20 [ 463.007660] generic_file_write_iter+0x399/0x790 [ 463.012410] ? __generic_file_write_iter+0x5b0/0x5b0 [ 463.017500] ? iov_iter_init+0xaf/0x1d0 [ 463.021465] __vfs_write+0x684/0x970 [ 463.025157] ? lock_acquire+0x1d5/0x580 [ 463.029111] ? kernel_read+0x120/0x120 [ 463.032993] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 463.037723] ? __sb_start_write+0x209/0x2a0 [ 463.042032] vfs_write+0x189/0x510 [ 463.045555] SyS_write+0xef/0x220 [ 463.048998] ? SyS_read+0x220/0x220 [ 463.052602] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 463.057591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 463.062326] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 463.067056] RIP: 0033:0x452e39 [ 463.070218] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 463.077896] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 463.085140] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 463.092383] RBP: 00000000000003b3 R08: 0000000000000000 R09: 0000000000000000 [ 463.099624] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3968 [ 463.106864] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 463.151930] FAULT_FLAG_ALLOW_RETRY missing 30 [ 463.156712] CPU: 1 PID: 22535 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 463.164073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 463.173399] Call Trace: [ 463.175962] dump_stack+0x194/0x257 [ 463.179565] ? arch_local_irq_restore+0x53/0x53 [ 463.184211] ? handle_userfault+0x12b7/0x24c0 [ 463.188683] handle_userfault+0x12fa/0x24c0 [ 463.192989] ? handle_userfault+0x150b/0x24c0 [ 463.197469] ? userfaultfd_ioctl+0x4520/0x4520 [ 463.202029] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 463.207192] ? __lock_is_held+0xb6/0x140 [ 463.211231] ? print_irqtrace_events+0x270/0x270 [ 463.215980] ? print_irqtrace_events+0x270/0x270 [ 463.220707] ? print_irqtrace_events+0x270/0x270 [ 463.225434] ? get_user_pages_fast+0x277/0x340 [ 463.229996] ? switched_to_fair+0xb0/0xb0 [ 463.234119] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 463.239107] ? trace_hardirqs_on+0xd/0x10 [ 463.243250] ? get_user_pages_fast+0x14e/0x340 [ 463.247807] ? pick_next_entity+0x197/0x400 [ 463.252103] ? __lock_acquire+0x664/0x3e00 [ 463.256309] ? check_noncircular+0x20/0x20 [ 463.260512] ? __lock_acquire+0x664/0x3e00 [ 463.264738] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 463.269901] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 463.275067] ? find_held_lock+0x35/0x1d0 [ 463.279105] ? __handle_mm_fault+0x3296/0x3ce0 [ 463.283658] ? lock_downgrade+0x980/0x980 [ 463.287779] ? lock_release+0xa40/0xa40 [ 463.291725] ? copy_overflow+0x20/0x20 [ 463.295591] ? do_raw_spin_trylock+0x190/0x190 [ 463.300147] ? userfaultfd_ctx_put+0x740/0x740 [ 463.304709] __handle_mm_fault+0x32a3/0x3ce0 [ 463.309096] ? __pmd_alloc+0x4e0/0x4e0 [ 463.312955] ? print_irqtrace_events+0x270/0x270 [ 463.317685] ? find_held_lock+0x35/0x1d0 [ 463.321724] ? handle_mm_fault+0x248/0x8d0 [ 463.325930] ? lock_downgrade+0x980/0x980 [ 463.330070] handle_mm_fault+0x334/0x8d0 [ 463.334106] ? down_read+0x96/0x150 [ 463.337704] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 463.342257] ? vmacache_find+0x5f/0x280 [ 463.346205] ? find_vma+0x30/0x150 [ 463.349720] __do_page_fault+0x5c9/0xc90 [ 463.353760] ? mm_fault_error+0x2c0/0x2c0 [ 463.357879] ? find_held_lock+0x35/0x1d0 [ 463.361922] do_page_fault+0xee/0x720 [ 463.365701] ? __do_page_fault+0xc90/0xc90 [ 463.369909] ? lock_release+0xa40/0xa40 [ 463.373861] ? do_raw_spin_trylock+0x190/0x190 [ 463.378427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 463.383253] page_fault+0x2c/0x60 [ 463.386679] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 463.392443] RSP: 0018:ffff8801cf1d7928 EFLAGS: 00010246 [ 463.397778] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 463.405023] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801cf1d7d28 [ 463.412267] RBP: ffff8801cf1d7a08 R08: 0000000000000000 R09: 1ffff10039e3aee7 [ 463.419509] R10: ffff8801cf1d7858 R11: 0000000000000003 R12: 1ffff10039e3af28 [ 463.426749] R13: ffff8801cf1d79e0 R14: 0000000000000000 R15: ffff8801cf1d7d20 [ 463.434004] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 463.439176] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 463.444338] ? iov_iter_revert+0x9d0/0x9d0 [ 463.448547] ? mark_held_locks+0xaf/0x100 [ 463.452663] ? simple_xattr_get+0xeb/0x160 [ 463.456869] ? current_kernel_time64+0x122/0x2f0 [ 463.461596] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 463.466586] generic_perform_write+0x200/0x600 [ 463.471154] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 463.476401] ? generic_update_time+0x1b2/0x270 [ 463.480967] ? __mnt_drop_write_file+0xd/0x70 [ 463.485433] ? file_update_time+0xbf/0x470 [ 463.489643] ? current_time+0xc0/0xc0 [ 463.493421] ? down_write+0x87/0x120 [ 463.497110] __generic_file_write_iter+0x366/0x5b0 [ 463.502015] ? check_noncircular+0x20/0x20 [ 463.506234] generic_file_write_iter+0x399/0x790 [ 463.510972] ? __generic_file_write_iter+0x5b0/0x5b0 [ 463.516050] ? iov_iter_init+0xaf/0x1d0 [ 463.519999] __vfs_write+0x684/0x970 [ 463.523687] ? lock_acquire+0x1d5/0x580 [ 463.527638] ? kernel_read+0x120/0x120 [ 463.531524] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 463.536251] ? __sb_start_write+0x209/0x2a0 [ 463.540546] vfs_write+0x189/0x510 [ 463.544065] SyS_write+0xef/0x220 [ 463.547492] ? SyS_read+0x220/0x220 [ 463.551091] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 463.556080] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 463.560819] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 463.565544] RIP: 0033:0x452e39 [ 463.568706] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 463.576385] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 463.583626] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 463.590865] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 2018/01/17 19:07:35 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:35 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x0, 0x0) 2018/01/17 19:07:35 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:35 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:35 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x0) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:35 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f000061f000)={0x33fdeac4, 0x5, 0x6, 'queue0\x00', 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') lremovexattr(&(0x7f0000c1b000)='./control\x00', &(0x7f0000379000-0x6)=@random={'osx.\x00', '\x00'}) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:35 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:35 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:35 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:35 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) [ 463.598107] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 463.605346] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:35 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:35 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:35 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:35 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:35 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:35 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:35 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x0) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) [ 463.741704] FAULT_FLAG_ALLOW_RETRY missing 30 [ 463.747238] CPU: 0 PID: 22587 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 463.754608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 463.763944] Call Trace: [ 463.766512] dump_stack+0x194/0x257 [ 463.770117] ? arch_local_irq_restore+0x53/0x53 [ 463.774766] ? handle_userfault+0x12b7/0x24c0 [ 463.779237] handle_userfault+0x12fa/0x24c0 [ 463.783538] ? handle_userfault+0x150b/0x24c0 [ 463.788037] ? userfaultfd_ioctl+0x4520/0x4520 [ 463.792612] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 463.797773] ? __lock_is_held+0xb6/0x140 [ 463.801816] ? print_irqtrace_events+0x270/0x270 [ 463.806544] ? print_irqtrace_events+0x270/0x270 [ 463.811269] ? get_user_pages_fast+0x277/0x340 [ 463.815824] ? switched_to_fair+0xb0/0xb0 [ 463.819943] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 463.824931] ? trace_hardirqs_on+0xd/0x10 [ 463.829050] ? get_user_pages_fast+0x14e/0x340 [ 463.833607] ? pick_next_entity+0x197/0x400 [ 463.837906] ? __lock_acquire+0x664/0x3e00 [ 463.842122] ? check_noncircular+0x20/0x20 [ 463.846334] ? __lock_acquire+0x664/0x3e00 [ 463.850553] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 463.855718] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 463.860884] ? find_held_lock+0x35/0x1d0 [ 463.864927] ? __handle_mm_fault+0x3296/0x3ce0 [ 463.869485] ? lock_downgrade+0x980/0x980 [ 463.873618] ? lock_release+0xa40/0xa40 [ 463.877566] ? copy_overflow+0x20/0x20 [ 463.881429] ? do_raw_spin_trylock+0x190/0x190 [ 463.885987] ? userfaultfd_ctx_put+0x740/0x740 [ 463.890554] __handle_mm_fault+0x32a3/0x3ce0 [ 463.894939] ? __pmd_alloc+0x4e0/0x4e0 [ 463.898798] ? print_irqtrace_events+0x270/0x270 [ 463.903525] ? plist_check_head+0xe2/0x130 [ 463.907738] ? find_held_lock+0x35/0x1d0 [ 463.911779] ? handle_mm_fault+0x248/0x8d0 [ 463.915985] ? lock_downgrade+0x980/0x980 [ 463.920145] handle_mm_fault+0x334/0x8d0 [ 463.924182] ? down_read+0x96/0x150 [ 463.927784] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 463.932340] ? vmacache_find+0x5f/0x280 [ 463.936290] ? find_vma+0x30/0x150 [ 463.939805] __do_page_fault+0x5c9/0xc90 [ 463.943847] ? mm_fault_error+0x2c0/0x2c0 [ 463.947969] ? get_futex_value_locked+0xc3/0xf0 [ 463.952631] do_page_fault+0xee/0x720 [ 463.956412] ? __do_page_fault+0xc90/0xc90 [ 463.960623] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 463.965788] ? check_noncircular+0x20/0x20 [ 463.970006] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 463.975090] ? futex_wait+0x6a9/0x9a0 [ 463.978868] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 463.983697] page_fault+0x2c/0x60 [ 463.987134] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 463.992899] RSP: 0018:ffff8801c342f928 EFLAGS: 00010246 [ 463.998237] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 464.005480] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801c342fd28 [ 464.012724] RBP: ffff8801c342fa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 464.019965] R10: ffff8801c342f858 R11: 0000000000000000 R12: 1ffff10038685f28 [ 464.027205] R13: ffff8801c342f9e0 R14: 0000000000000000 R15: ffff8801c342fd20 [ 464.034460] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 464.039629] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 464.044792] ? iov_iter_revert+0x9d0/0x9d0 [ 464.049017] ? mark_held_locks+0xaf/0x100 [ 464.053146] ? simple_xattr_get+0xeb/0x160 [ 464.057354] ? current_kernel_time64+0x122/0x2f0 [ 464.062086] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 464.067084] generic_perform_write+0x200/0x600 [ 464.071654] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 464.076907] ? current_time+0x88/0xc0 [ 464.080684] ? file_update_time+0xbf/0x470 [ 464.084901] ? current_time+0xc0/0xc0 [ 464.088690] ? down_write+0x87/0x120 [ 464.092383] __generic_file_write_iter+0x366/0x5b0 [ 464.097286] ? check_noncircular+0x20/0x20 [ 464.101498] generic_file_write_iter+0x399/0x790 [ 464.106229] ? __generic_file_write_iter+0x5b0/0x5b0 [ 464.111309] ? iov_iter_init+0xaf/0x1d0 [ 464.115258] __vfs_write+0x684/0x970 [ 464.118943] ? lock_acquire+0x1d5/0x580 [ 464.122901] ? kernel_read+0x120/0x120 [ 464.126782] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 464.131509] ? __sb_start_write+0x209/0x2a0 [ 464.135805] vfs_write+0x189/0x510 [ 464.139325] SyS_write+0xef/0x220 [ 464.142755] ? SyS_read+0x220/0x220 [ 464.146353] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 464.151343] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 464.156079] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 464.160802] RIP: 0033:0x452e39 [ 464.163963] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 464.171643] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 464.178936] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 464.186177] RBP: 00000000000003b3 R08: 0000000000000000 R09: 0000000000000000 [ 464.193418] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3968 [ 464.200667] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:36 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x0) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:36 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) openat$selinux_access(0xffffffffffffff9c, &(0x7f000088f000)='/selinux/access\x00', 0x2, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') socketpair$inet6_icmp(0xa, 0x2, 0x3a, &(0x7f0000cfb000-0x8)={0x0, 0x0}) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:36 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:36 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x0, 0x0) 2018/01/17 19:07:36 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:36 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:36 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:36 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:36 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:36 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:36 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:36 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:36 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 464.372549] FAULT_FLAG_ALLOW_RETRY missing 30 [ 464.377219] CPU: 1 PID: 22633 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 464.384567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 464.393921] Call Trace: [ 464.396514] dump_stack+0x194/0x257 [ 464.400139] ? arch_local_irq_restore+0x53/0x53 [ 464.404810] ? handle_userfault+0x12b7/0x24c0 [ 464.409319] handle_userfault+0x12fa/0x24c0 [ 464.413627] ? handle_userfault+0x150b/0x24c0 [ 464.418117] ? userfaultfd_ioctl+0x4520/0x4520 [ 464.422686] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 464.427849] ? __lock_is_held+0xb6/0x140 [ 464.431892] ? print_irqtrace_events+0x270/0x270 [ 464.436619] ? print_irqtrace_events+0x270/0x270 [ 464.441354] ? get_user_pages_fast+0x277/0x340 [ 464.445916] ? switched_to_fair+0xb0/0xb0 [ 464.450038] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 464.455034] ? trace_hardirqs_on+0xd/0x10 [ 464.459156] ? get_user_pages_fast+0x14e/0x340 [ 464.463722] ? pick_next_entity+0x197/0x400 [ 464.468032] ? __lock_acquire+0x664/0x3e00 [ 464.472254] ? check_noncircular+0x20/0x20 [ 464.476465] ? __lock_acquire+0x664/0x3e00 [ 464.480684] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 464.485849] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 464.491026] ? find_held_lock+0x35/0x1d0 [ 464.495076] ? __handle_mm_fault+0x3296/0x3ce0 [ 464.499636] ? lock_downgrade+0x980/0x980 [ 464.503760] ? lock_release+0xa40/0xa40 [ 464.507711] ? copy_overflow+0x20/0x20 [ 464.511576] ? do_raw_spin_trylock+0x190/0x190 [ 464.516158] ? userfaultfd_ctx_put+0x740/0x740 [ 464.520730] __handle_mm_fault+0x32a3/0x3ce0 [ 464.525123] ? __pmd_alloc+0x4e0/0x4e0 [ 464.528985] ? print_irqtrace_events+0x270/0x270 [ 464.533718] ? find_held_lock+0x35/0x1d0 [ 464.537759] ? handle_mm_fault+0x248/0x8d0 [ 464.541968] ? lock_downgrade+0x980/0x980 [ 464.546108] handle_mm_fault+0x334/0x8d0 [ 464.550144] ? down_read+0x96/0x150 [ 464.553748] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 464.558304] ? vmacache_find+0x5f/0x280 [ 464.562255] ? find_vma+0x30/0x150 [ 464.565786] __do_page_fault+0x5c9/0xc90 [ 464.569835] ? mm_fault_error+0x2c0/0x2c0 [ 464.573955] ? find_held_lock+0x35/0x1d0 [ 464.578008] do_page_fault+0xee/0x720 [ 464.581789] ? __do_page_fault+0xc90/0xc90 [ 464.585997] ? lock_release+0xa40/0xa40 [ 464.589969] ? do_raw_spin_trylock+0x190/0x190 [ 464.594539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 464.599360] page_fault+0x2c/0x60 [ 464.602785] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 464.608556] RSP: 0018:ffff8801d07ff928 EFLAGS: 00010246 [ 464.613903] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 464.621146] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d07ffd28 [ 464.628388] RBP: ffff8801d07ffa08 R08: 0000000000000000 R09: 1ffff1003a0ffee7 [ 464.635629] R10: ffff8801d07ff858 R11: 0000000000000003 R12: 1ffff1003a0fff28 [ 464.642871] R13: ffff8801d07ff9e0 R14: 0000000000000000 R15: ffff8801d07ffd20 [ 464.650151] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 464.655331] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 464.660498] ? iov_iter_revert+0x9d0/0x9d0 [ 464.664714] ? mark_held_locks+0xaf/0x100 [ 464.668834] ? simple_xattr_get+0xeb/0x160 [ 464.673052] ? current_kernel_time64+0x122/0x2f0 [ 464.677793] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 464.682789] generic_perform_write+0x200/0x600 [ 464.687358] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 464.692607] ? generic_update_time+0x1b2/0x270 [ 464.697166] ? __mnt_drop_write_file+0xd/0x70 [ 464.701638] ? file_update_time+0xbf/0x470 [ 464.705852] ? current_time+0xc0/0xc0 [ 464.709634] ? down_write+0x87/0x120 [ 464.713328] __generic_file_write_iter+0x366/0x5b0 [ 464.718231] ? check_noncircular+0x20/0x20 [ 464.722449] generic_file_write_iter+0x399/0x790 [ 464.727198] ? __generic_file_write_iter+0x5b0/0x5b0 [ 464.732286] ? iov_iter_init+0xaf/0x1d0 [ 464.736240] __vfs_write+0x684/0x970 [ 464.739935] ? lock_acquire+0x1d5/0x580 [ 464.743891] ? kernel_read+0x120/0x120 [ 464.747772] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 464.752515] ? __sb_start_write+0x209/0x2a0 [ 464.756821] vfs_write+0x189/0x510 [ 464.760352] SyS_write+0xef/0x220 [ 464.763793] ? SyS_read+0x220/0x220 [ 464.767406] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 464.772408] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 464.777160] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 464.781889] RIP: 0033:0x452e39 [ 464.785050] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 464.792728] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 464.799970] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 464.807214] RBP: 00000000000003db R08: 0000000000000000 R09: 0000000000000000 [ 464.814465] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3d28 2018/01/17 19:07:36 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:36 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x0, 0x0) [ 464.821707] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:36 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:36 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:37 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000ba9000-0xec)={0x0, 0xe4, "f99446835b71c062aecb7fd08de78e35bd1668fe184962a6caabc4a0ea7303bd00648a56566b0b3d0d128b75ee117ff9e56c8e309770ece48faeba45f2f29f45868e1da49f237ac9ab20e7422a9609d7ae0aa1be16d5ee93970c9dead8b54d72d394af81ead52483b907f1cf4419dcf1cdb13e469b1db0f0668d41029ff734664ee406401f94cc89ff5b5f54ecf23300d50a8e0459419229d3131fded539dd2baf9e526d23d14d847fc08271a6c9936de71ccd259b43a5107107a0d4cc5891d701ebb819e920074389be576e889fd12ad574037a73466ba143bd61a6ee4a6b61bc498e9c"}, &(0x7f000076a000)=0xec) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f000071f000)={r1, 0x100000000}, &(0x7f0000944000)=0x8) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) recvmsg(r0, &(0x7f000049e000)={&(0x7f0000efe000)=@pppol2tp={0x0, 0x0, {0x0, 0x0, {0x0, 0xffffffffffffffff, @local={0x0, 0x0, 0xffffffffffffffff, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x0, 0x0, 0x0}}, 0x26, &(0x7f0000c1f000)=[{&(0x7f0000d3d000-0x8f)=""/143, 0x8f}, {&(0x7f000056d000-0xec)=""/236, 0xec}, {&(0x7f00007e8000)=""/103, 0x67}], 0x3, &(0x7f00002e4000)=""/54, 0x36, 0x5}, 0x10100) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) ioctl$sock_netrom_TIOCOUTQ(r3, 0x5411, &(0x7f00005ba000-0x4)=0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r2, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000cc3000-0x4)=0x0, &(0x7f000086d000)=0x4) 2018/01/17 19:07:37 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:37 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$audion(&(0x7f0000777000-0xc)='/dev/audio#\x00', 0x1, 0x200000) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x0}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f00002ac000-0x2)="2e7f", 0x2, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x2, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:37 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:37 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:37 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000881, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000d82000-0x10)={0x4, &(0x7f00003ce000)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:37 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:37 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:37 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) [ 465.120930] FAULT_FLAG_ALLOW_RETRY missing 30 [ 465.135538] CPU: 0 PID: 22701 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 465.142939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.152289] Call Trace: [ 465.154886] dump_stack+0x194/0x257 [ 465.158519] ? arch_local_irq_restore+0x53/0x53 [ 465.163280] ? handle_userfault+0x12b7/0x24c0 2018/01/17 19:07:37 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:37 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) [ 465.167793] handle_userfault+0x12fa/0x24c0 [ 465.172118] ? handle_userfault+0x150b/0x24c0 [ 465.176636] ? userfaultfd_ioctl+0x4520/0x4520 [ 465.181212] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 465.186387] ? __lock_is_held+0xb6/0x140 [ 465.190424] ? print_irqtrace_events+0x270/0x270 [ 465.195178] ? print_irqtrace_events+0x270/0x270 [ 465.199937] ? print_irqtrace_events+0x270/0x270 [ 465.204687] ? get_user_pages_fast+0x277/0x340 [ 465.209245] ? switched_to_fair+0xb0/0xb0 [ 465.213370] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 465.218363] ? trace_hardirqs_on+0xd/0x10 [ 465.222484] ? get_user_pages_fast+0x14e/0x340 [ 465.227048] ? pick_next_entity+0x197/0x400 [ 465.231352] ? __lock_acquire+0x664/0x3e00 [ 465.235562] ? check_noncircular+0x20/0x20 [ 465.239771] ? __lock_acquire+0x664/0x3e00 [ 465.243991] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 465.249156] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 465.254325] ? find_held_lock+0x35/0x1d0 [ 465.258367] ? __handle_mm_fault+0x3296/0x3ce0 [ 465.262927] ? lock_downgrade+0x980/0x980 [ 465.267059] ? lock_release+0xa40/0xa40 [ 465.271012] ? copy_overflow+0x20/0x20 [ 465.274886] ? do_raw_spin_trylock+0x190/0x190 [ 465.279443] ? userfaultfd_ctx_put+0x740/0x740 [ 465.284010] __handle_mm_fault+0x32a3/0x3ce0 [ 465.288409] ? __pmd_alloc+0x4e0/0x4e0 [ 465.292270] ? print_irqtrace_events+0x270/0x270 [ 465.297005] ? find_held_lock+0x35/0x1d0 [ 465.301056] ? handle_mm_fault+0x248/0x8d0 [ 465.305265] ? lock_downgrade+0x980/0x980 [ 465.309407] handle_mm_fault+0x334/0x8d0 [ 465.313442] ? down_read+0x96/0x150 [ 465.317044] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 465.321601] ? vmacache_find+0x5f/0x280 [ 465.325552] ? find_vma+0x30/0x150 [ 465.329077] __do_page_fault+0x5c9/0xc90 [ 465.333121] ? mm_fault_error+0x2c0/0x2c0 [ 465.337241] ? find_held_lock+0x35/0x1d0 [ 465.341281] do_page_fault+0xee/0x720 [ 465.345056] ? __do_page_fault+0xc90/0xc90 [ 465.349278] ? lock_release+0xa40/0xa40 [ 465.353232] ? do_raw_spin_trylock+0x190/0x190 [ 465.357797] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 465.362639] page_fault+0x2c/0x60 [ 465.366070] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 465.371836] RSP: 0018:ffff8801b0ea7928 EFLAGS: 00010246 [ 465.377171] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 465.384412] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b0ea7d28 [ 465.391652] RBP: ffff8801b0ea7a08 R08: 0000000000000000 R09: 1ffff100361d4ee7 [ 465.398896] R10: ffff8801b0ea7858 R11: 0000000000000003 R12: 1ffff100361d4f28 [ 465.406137] R13: ffff8801b0ea79e0 R14: 0000000000000000 R15: ffff8801b0ea7d20 [ 465.413394] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 465.418580] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 465.423746] ? iov_iter_revert+0x9d0/0x9d0 [ 465.427956] ? mark_held_locks+0xaf/0x100 [ 465.432073] ? simple_xattr_get+0xeb/0x160 [ 465.436291] ? current_kernel_time64+0x122/0x2f0 [ 465.441030] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 465.446041] generic_perform_write+0x200/0x600 [ 465.450616] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 465.455864] ? generic_update_time+0x1b2/0x270 [ 465.460423] ? __mnt_drop_write_file+0xd/0x70 [ 465.464902] ? file_update_time+0xbf/0x470 [ 465.469115] ? current_time+0xc0/0xc0 [ 465.472892] ? down_write+0x87/0x120 [ 465.476586] __generic_file_write_iter+0x366/0x5b0 [ 465.481487] ? check_noncircular+0x20/0x20 [ 465.485701] generic_file_write_iter+0x399/0x790 [ 465.490444] ? __generic_file_write_iter+0x5b0/0x5b0 [ 465.495530] ? iov_iter_init+0xaf/0x1d0 [ 465.499481] __vfs_write+0x684/0x970 [ 465.503169] ? lock_acquire+0x1d5/0x580 [ 465.507126] ? kernel_read+0x120/0x120 [ 465.511021] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 465.515756] ? __sb_start_write+0x209/0x2a0 [ 465.520060] vfs_write+0x189/0x510 [ 465.523578] SyS_write+0xef/0x220 [ 465.527008] ? SyS_read+0x220/0x220 [ 465.530616] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 465.535607] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 465.540342] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 465.545068] RIP: 0033:0x452e39 [ 465.548229] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 465.555910] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 465.563152] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 2018/01/17 19:07:37 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 465.570394] RBP: 0000000000000315 R08: 0000000000000000 R09: 0000000000000000 [ 465.577634] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2a98 [ 465.584876] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:37 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:37 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f00003f7000-0x78)={0x3ff, {0x2, 0x1, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x1, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x1, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2, 0x1, 0x5a54, 0x9, 0x0, &(0x7f00005b8000-0x10)=@generic="3b4f68cdaffe1401a3fade8fe3cc78c3", 0x1, 0x9, 0x8}) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000ce1000-0x18)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f000017d000+0xa04)={0x5, 0x0, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}]}) fcntl$setflags(r1, 0x2, 0x1) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000c36000)=0x0) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) getsockname$unix(r0, &(0x7f0000210000-0x8)=@abs={0x0, 0x0, 0xffffffffffffffff}, &(0x7f0000d6c000)=0x8) 2018/01/17 19:07:37 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:37 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:37 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) 2018/01/17 19:07:37 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) sendto$ax25(r0, &(0x7f00002eb000-0xc8)="af315602d29e7393767789ed851eaa75383d84132925ed6e2d49680a1601d118df01d4825635b6112d179d58011587f4c7386c36454d4a3143a53e57acbe4fb20f4150cac7a72c5746ce9446ff52302d0118ecbf123b06302afce6aed1e8b319c0efbf5f67e082d48eec44576c1442ad44ad0f8d54c91b0542709148bdd290ad24dbe982f10f3d8dac3de5400b3ce9f1fee926393bce4914eed3fe0d006ccf095acbe9de88fa12e1491eee8300f95e0e118ac55f0b9497b81c1f7fca513444ce9f9a903098393959", 0xc8, 0x4000000, &(0x7f000043b000-0x10)={0x3, {"a78899974ab009"}, 0x7}, 0x10) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') r3 = shmget(0x0, 0x1000, 0x54000000, &(0x7f0000602000/0x1000)=nil) shmctl$IPC_INFO(r3, 0x3, &(0x7f0000fe4000)=""/244) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:37 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:37 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:37 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:37 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) 2018/01/17 19:07:37 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:37 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:37 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 465.836503] FAULT_FLAG_ALLOW_RETRY missing 30 [ 465.841195] CPU: 1 PID: 22768 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 465.848554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.857900] Call Trace: [ 465.860489] dump_stack+0x194/0x257 [ 465.864124] ? arch_local_irq_restore+0x53/0x53 [ 465.868803] ? handle_userfault+0x12b7/0x24c0 [ 465.873303] handle_userfault+0x12fa/0x24c0 [ 465.877624] ? handle_userfault+0x150b/0x24c0 [ 465.882128] ? userfaultfd_ioctl+0x4520/0x4520 [ 465.886706] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 465.891891] ? __lock_is_held+0xb6/0x140 [ 465.895957] ? print_irqtrace_events+0x270/0x270 [ 465.900706] ? print_irqtrace_events+0x270/0x270 [ 465.905454] ? get_user_pages_fast+0x277/0x340 [ 465.910038] ? switched_to_fair+0xb0/0xb0 [ 465.914178] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 465.919192] ? trace_hardirqs_on+0xd/0x10 [ 465.923332] ? get_user_pages_fast+0x14e/0x340 [ 465.927912] ? pick_next_entity+0x197/0x400 [ 465.932231] ? __lock_acquire+0x664/0x3e00 [ 465.936461] ? check_noncircular+0x20/0x20 [ 465.940702] ? __lock_acquire+0x664/0x3e00 [ 465.944933] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 465.950099] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 465.955272] ? find_held_lock+0x35/0x1d0 [ 465.959317] ? __handle_mm_fault+0x3296/0x3ce0 [ 465.963871] ? lock_downgrade+0x980/0x980 [ 465.967994] ? lock_release+0xa40/0xa40 [ 465.971948] ? copy_overflow+0x20/0x20 [ 465.975808] ? do_raw_spin_trylock+0x190/0x190 [ 465.980363] ? userfaultfd_ctx_put+0x740/0x740 [ 465.984928] __handle_mm_fault+0x32a3/0x3ce0 [ 465.989313] ? __pmd_alloc+0x4e0/0x4e0 [ 465.993172] ? print_irqtrace_events+0x270/0x270 [ 465.997905] ? find_held_lock+0x35/0x1d0 [ 466.001944] ? handle_mm_fault+0x248/0x8d0 [ 466.006152] ? lock_downgrade+0x980/0x980 [ 466.010292] handle_mm_fault+0x334/0x8d0 [ 466.014327] ? down_read+0x96/0x150 [ 466.017926] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 466.022478] ? vmacache_find+0x5f/0x280 [ 466.026428] ? find_vma+0x30/0x150 [ 466.029946] __do_page_fault+0x5c9/0xc90 [ 466.033988] ? mm_fault_error+0x2c0/0x2c0 [ 466.038113] ? find_held_lock+0x35/0x1d0 [ 466.042152] do_page_fault+0xee/0x720 [ 466.045930] ? __do_page_fault+0xc90/0xc90 [ 466.050139] ? lock_release+0xa40/0xa40 [ 466.054100] ? do_raw_spin_trylock+0x190/0x190 [ 466.058670] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.063492] page_fault+0x2c/0x60 [ 466.066922] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 466.072694] RSP: 0018:ffff8801c12a7928 EFLAGS: 00010246 [ 466.078036] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 466.085285] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801c12a7d28 [ 466.092530] RBP: ffff8801c12a7a08 R08: 0000000000000000 R09: 1ffff10038254ee7 [ 466.099771] R10: ffff8801c12a7858 R11: 0000000000000003 R12: 1ffff10038254f28 [ 466.107022] R13: ffff8801c12a79e0 R14: 0000000000000000 R15: ffff8801c12a7d20 [ 466.114288] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 466.119455] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 466.124619] ? iov_iter_revert+0x9d0/0x9d0 [ 466.128833] ? mark_held_locks+0xaf/0x100 [ 466.132952] ? simple_xattr_get+0xeb/0x160 [ 466.137169] ? current_kernel_time64+0x122/0x2f0 [ 466.141901] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 466.146893] generic_perform_write+0x200/0x600 [ 466.151462] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 466.156713] ? generic_update_time+0x1b2/0x270 [ 466.161271] ? __mnt_drop_write_file+0xd/0x70 [ 466.165738] ? file_update_time+0xbf/0x470 [ 466.169958] ? current_time+0xc0/0xc0 [ 466.173736] ? down_write+0x87/0x120 [ 466.177427] __generic_file_write_iter+0x366/0x5b0 [ 466.182331] ? check_noncircular+0x20/0x20 [ 466.186545] generic_file_write_iter+0x399/0x790 [ 466.191276] ? __generic_file_write_iter+0x5b0/0x5b0 [ 466.196718] ? iov_iter_init+0xaf/0x1d0 [ 466.200670] __vfs_write+0x684/0x970 [ 466.204356] ? lock_acquire+0x1d5/0x580 [ 466.208307] ? kernel_read+0x120/0x120 [ 466.212189] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 466.216914] ? __sb_start_write+0x209/0x2a0 [ 466.221214] vfs_write+0x189/0x510 [ 466.224730] SyS_write+0xef/0x220 [ 466.228158] ? SyS_read+0x220/0x220 [ 466.231755] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 466.236747] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 466.241484] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 466.246218] RIP: 0033:0x452e39 [ 466.249377] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 466.257057] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 466.264299] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 466.271549] RBP: 00000000000003db R08: 0000000000000000 R09: 0000000000000000 [ 466.278790] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3d28 [ 466.286035] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:38 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:38 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0xfffffffffffffd8e, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:38 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) 2018/01/17 19:07:38 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:38 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:38 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:38 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:38 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:38 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) 2018/01/17 19:07:38 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:38 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:38 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:38 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) 2018/01/17 19:07:38 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:38 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:38 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:38 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 466.443358] FAULT_FLAG_ALLOW_RETRY missing 30 [ 466.448303] CPU: 1 PID: 22809 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 466.455676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.465033] Call Trace: [ 466.467627] dump_stack+0x194/0x257 [ 466.471264] ? arch_local_irq_restore+0x53/0x53 [ 466.475939] ? handle_userfault+0x12b7/0x24c0 [ 466.480443] handle_userfault+0x12fa/0x24c0 [ 466.484763] ? handle_userfault+0x150b/0x24c0 [ 466.489274] ? userfaultfd_ioctl+0x4520/0x4520 [ 466.493843] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 466.499015] ? update_load_avg+0x249/0x2d80 [ 466.503330] ? print_irqtrace_events+0x270/0x270 [ 466.508070] ? print_irqtrace_events+0x270/0x270 [ 466.512816] ? update_load_avg+0x249/0x2d80 [ 466.517120] ? get_user_pages_fast+0x14e/0x340 [ 466.521699] ? __lock_acquire+0x664/0x3e00 [ 466.525912] ? check_noncircular+0x20/0x20 [ 466.530119] ? __lock_acquire+0x664/0x3e00 [ 466.534341] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 466.539519] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 466.544695] ? find_held_lock+0x35/0x1d0 [ 466.548740] ? __handle_mm_fault+0x3296/0x3ce0 [ 466.553300] ? lock_downgrade+0x980/0x980 [ 466.557433] ? lock_release+0xa40/0xa40 [ 466.561383] ? check_noncircular+0x20/0x20 [ 466.565597] ? copy_overflow+0x20/0x20 [ 466.569471] ? do_raw_spin_trylock+0x190/0x190 [ 466.574036] ? userfaultfd_ctx_put+0x740/0x740 [ 466.578607] __handle_mm_fault+0x32a3/0x3ce0 [ 466.583003] ? __pmd_alloc+0x4e0/0x4e0 [ 466.586875] ? print_irqtrace_events+0x270/0x270 [ 466.591611] ? find_held_lock+0x35/0x1d0 [ 466.595652] ? handle_mm_fault+0x248/0x8d0 [ 466.599872] ? lock_downgrade+0x980/0x980 [ 466.604039] handle_mm_fault+0x334/0x8d0 [ 466.608085] ? down_read+0x96/0x150 [ 466.611688] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 466.616246] ? vmacache_find+0x5f/0x280 [ 466.620200] ? find_vma+0x30/0x150 [ 466.623728] __do_page_fault+0x5c9/0xc90 [ 466.627780] ? mm_fault_error+0x2c0/0x2c0 [ 466.631904] ? find_held_lock+0x35/0x1d0 [ 466.635949] do_page_fault+0xee/0x720 [ 466.639731] ? __do_page_fault+0xc90/0xc90 [ 466.643943] ? lock_release+0xa40/0xa40 [ 466.647899] ? do_raw_spin_trylock+0x190/0x190 [ 466.652465] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.657288] page_fault+0x2c/0x60 [ 466.660715] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 466.666481] RSP: 0018:ffff8801b3587928 EFLAGS: 00010246 [ 466.671818] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 466.679070] RDX: 000000000000010d RSI: ffffc900020bb000 RDI: ffff8801b3587d28 [ 466.686318] RBP: ffff8801b3587a08 R08: 0000000000000000 R09: 1ffff100366b0ee7 [ 466.693558] R10: ffff8801b3587858 R11: 0000000000000003 R12: 1ffff100366b0f28 [ 466.700800] R13: ffff8801b35879e0 R14: 0000000000000000 R15: ffff8801b3587d20 [ 466.708069] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 466.713256] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 466.718427] ? iov_iter_revert+0x9d0/0x9d0 [ 466.722648] ? mark_held_locks+0xaf/0x100 [ 466.726769] ? simple_xattr_get+0xeb/0x160 [ 466.730977] ? current_kernel_time64+0x122/0x2f0 [ 466.735709] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 466.740710] generic_perform_write+0x200/0x600 [ 466.745280] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 466.750534] ? generic_update_time+0x1b2/0x270 [ 466.755109] ? __mnt_drop_write_file+0xd/0x70 [ 466.759586] ? file_update_time+0xbf/0x470 [ 466.763803] ? current_time+0xc0/0xc0 [ 466.767584] ? down_write+0x87/0x120 [ 466.771284] __generic_file_write_iter+0x366/0x5b0 [ 466.776189] ? check_noncircular+0x20/0x20 [ 466.780416] generic_file_write_iter+0x399/0x790 [ 466.785159] ? __generic_file_write_iter+0x5b0/0x5b0 [ 466.790251] ? iov_iter_init+0xaf/0x1d0 [ 466.794210] __vfs_write+0x684/0x970 [ 466.797898] ? lock_acquire+0x1d5/0x580 [ 466.801850] ? kernel_read+0x120/0x120 [ 466.805742] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 466.810474] ? __sb_start_write+0x209/0x2a0 [ 466.814774] vfs_write+0x189/0x510 [ 466.818309] SyS_write+0xef/0x220 [ 466.821742] ? SyS_read+0x220/0x220 [ 466.825343] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 466.830336] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 466.835074] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 466.839807] RIP: 0033:0x452e39 [ 466.842978] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 466.850657] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 466.857902] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 466.865151] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 466.872409] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 466.879672] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 466.902090] FAULT_FLAG_ALLOW_RETRY missing 30 [ 466.907436] CPU: 1 PID: 22809 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 466.914793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.924120] Call Trace: [ 466.926685] dump_stack+0x194/0x257 [ 466.930287] ? arch_local_irq_restore+0x53/0x53 [ 466.934934] ? handle_userfault+0x12b7/0x24c0 [ 466.939406] handle_userfault+0x12fa/0x24c0 [ 466.943698] ? handle_userfault+0x150b/0x24c0 [ 466.948178] ? userfaultfd_ioctl+0x4520/0x4520 [ 466.952732] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 466.957895] ? find_held_lock+0x35/0x1d0 [ 466.961933] ? check_noncircular+0x20/0x20 [ 466.966147] ? print_irqtrace_events+0x270/0x270 [ 466.970874] ? print_irqtrace_events+0x270/0x270 [ 466.975603] ? find_held_lock+0x35/0x1d0 [ 466.979645] ? __update_idle_core+0x305/0x600 [ 466.984116] ? __lock_acquire+0x664/0x3e00 [ 466.988323] ? check_noncircular+0x20/0x20 [ 466.992537] ? __lock_acquire+0x664/0x3e00 [ 466.996756] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 467.001920] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 467.007103] ? find_held_lock+0x35/0x1d0 [ 467.011153] ? __handle_mm_fault+0x3296/0x3ce0 [ 467.015708] ? lock_downgrade+0x980/0x980 [ 467.019832] ? lock_release+0xa40/0xa40 [ 467.023778] ? copy_overflow+0x20/0x20 [ 467.027639] ? do_raw_spin_trylock+0x190/0x190 [ 467.032205] ? userfaultfd_ctx_put+0x740/0x740 [ 467.036767] __handle_mm_fault+0x32a3/0x3ce0 [ 467.041154] ? __pmd_alloc+0x4e0/0x4e0 [ 467.045021] ? print_irqtrace_events+0x270/0x270 [ 467.049768] ? find_held_lock+0x35/0x1d0 [ 467.053808] ? handle_mm_fault+0x248/0x8d0 [ 467.058026] ? lock_downgrade+0x980/0x980 [ 467.062171] handle_mm_fault+0x334/0x8d0 [ 467.066204] ? down_read+0x96/0x150 [ 467.069804] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 467.074357] ? vmacache_find+0x5f/0x280 [ 467.078307] ? find_vma+0x30/0x150 [ 467.081826] __do_page_fault+0x5c9/0xc90 [ 467.085867] ? mm_fault_error+0x2c0/0x2c0 [ 467.089993] ? find_held_lock+0x35/0x1d0 [ 467.094044] do_page_fault+0xee/0x720 [ 467.097819] ? __do_page_fault+0xc90/0xc90 [ 467.102037] ? lock_release+0xa40/0xa40 [ 467.105991] ? do_raw_spin_trylock+0x190/0x190 [ 467.110559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 467.115380] page_fault+0x2c/0x60 [ 467.118805] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 467.124569] RSP: 0018:ffff8801b3587928 EFLAGS: 00010246 [ 467.129902] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 467.137145] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b3587d28 [ 467.144386] RBP: ffff8801b3587a08 R08: 0000000000000000 R09: 1ffff100366b0ee7 [ 467.151629] R10: ffff8801b3587858 R11: 0000000000000003 R12: 1ffff100366b0f28 [ 467.158870] R13: ffff8801b35879e0 R14: 0000000000000000 R15: ffff8801b3587d20 [ 467.166128] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 467.171299] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 467.176464] ? iov_iter_revert+0x9d0/0x9d0 [ 467.180675] ? mark_held_locks+0xaf/0x100 [ 467.184793] ? simple_xattr_get+0xeb/0x160 [ 467.189006] ? current_kernel_time64+0x122/0x2f0 [ 467.193744] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 467.198745] generic_perform_write+0x200/0x600 [ 467.203312] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 467.208559] ? generic_update_time+0x1b2/0x270 [ 467.213114] ? __mnt_drop_write_file+0xd/0x70 [ 467.217581] ? file_update_time+0xbf/0x470 [ 467.221790] ? current_time+0xc0/0xc0 [ 467.225568] ? down_write+0x87/0x120 [ 467.229257] __generic_file_write_iter+0x366/0x5b0 [ 467.234156] ? check_noncircular+0x20/0x20 [ 467.238375] generic_file_write_iter+0x399/0x790 [ 467.243110] ? __generic_file_write_iter+0x5b0/0x5b0 [ 467.248189] ? iov_iter_init+0xaf/0x1d0 [ 467.252138] __vfs_write+0x684/0x970 [ 467.255821] ? lock_acquire+0x1d5/0x580 [ 467.259769] ? kernel_read+0x120/0x120 [ 467.263678] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 467.268412] ? __sb_start_write+0x209/0x2a0 [ 467.272709] vfs_write+0x189/0x510 [ 467.276225] SyS_write+0xef/0x220 [ 467.279656] ? SyS_read+0x220/0x220 [ 467.283255] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 467.288246] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 467.292982] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 467.297708] RIP: 0033:0x452e39 [ 467.300867] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 467.308556] RAX: ffffffffffffffda RBX: 000000000071bec8 RCX: 0000000000452e39 [ 467.315796] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 467.323040] RBP: 000000000071bec8 R08: 0000000000000000 R09: 0000000000000000 [ 467.330280] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 467.337523] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 2018/01/17 19:07:39 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:39 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) 2018/01/17 19:07:39 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe(&(0x7f00005c8000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) flock(r4, 0x2) flock(r3, 0x1) r5 = gettid() readv(r3, &(0x7f0000617000-0x60)=[{&(0x7f0000544000-0x39)=""/57, 0x39}], 0x1) r6 = creat(&(0x7f0000786000-0x8)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000a44000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r7, 0x5452, &(0x7f0000009000-0x8)=0x7) fcntl$setsig(r7, 0xa, 0x12) fcntl$setownex(r7, 0xf, &(0x7f00002cb000)={0x0, r5}) recvmsg(r8, &(0x7f000095d000-0x38)={&(0x7f0000894000-0x8)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x8, &(0x7f0000425000-0x10)=[], 0x0, &(0x7f0000b30000)=""/0, 0x0, 0x0}, 0x0) r9 = dup2(r6, r8) tkill(r5, 0x16) close(r4) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) io_setup(0x1, &(0x7f0000af2000-0x8)=0x0) io_submit(r10, 0x2, &(0x7f0000a09000)=[&(0x7f0000b9f000)={0x0, 0x0, 0x0, 0x2, 0x9, r1, &(0x7f0000596000)="4b5cf98461327dc10ecfcd40f0a88ee608c544a4b0b7443aeef7cd2502a2a02371fed48c99f60b1f56a46c792f0b7fb4721aabb703b80cc53e6b8f19926757113722c460cdb293cadc9d9746b5c9c5f75d3208e6ddf7caf4d14d4563fd5d6fc341fa20b8db8dfc227fbfbe9622306edd246141fb5ebdc92e677f769e11b3f17d2d7a57c65a82d3b8e2a00da5065375c9299afefbd17da4d31517c7ba9818922f5db57b160926ed594449a1fefb9f4872ff97", 0xb2, 0x9, 0x0, 0x1, r9}, &(0x7f0000894000-0x40)={0x0, 0x0, 0x0, 0x2, 0x6, r1, &(0x7f0000daa000)="c43be9752819ead09ba467706936cfc84757d952f9d7f600723d59b51f9a08c4ae2186f5de2feafc720c35", 0x2b, 0x4, 0x0, 0x0, r0}]) 2018/01/17 19:07:39 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:39 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000df3000)='./file0\x00', 0x20) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') ioctl$KDGKBMETA(r2, 0x4b62, &(0x7f0000656000)=0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000b85000)={0x0, 0x1c9c380}, &(0x7f0000443000)={0x0, 0x0}) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000044000)=0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)={{0x0, 0x0}, {0x0, 0x0}}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) clock_nanosleep(0x45484ade46a1b830, 0x0, &(0x7f0000928000-0x10)={0x77359400, 0x0}, &(0x7f000058e000-0x10)={0x0, 0x0}) tkill(r3, 0x1000000000016) openat$selinux_context(0xffffffffffffff9c, &(0x7f0000791000-0x11)='/selinux/context\x00', 0x2, 0x0) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:39 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:39 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:39 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:39 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:39 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:39 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) 2018/01/17 19:07:39 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:39 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:39 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:39 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:39 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:39 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:39 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f000011e000-0x4)=0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) sendto(r0, &(0x7f0000def000-0x1d)="3e769074d3671d3260e306836f1624219c416b17196ad5c491adcf016b", 0x1d, 0x48080, &(0x7f0000c37000)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:40 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:40 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:40 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r2) 2018/01/17 19:07:40 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:40 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) 2018/01/17 19:07:40 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:40 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:40 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:40 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:40 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:40 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:40 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:40 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:40 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:40 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 468.240340] FAULT_FLAG_ALLOW_RETRY missing 30 [ 468.245617] CPU: 1 PID: 22910 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 468.252981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.262317] Call Trace: [ 468.264885] dump_stack+0x194/0x257 [ 468.268491] ? arch_local_irq_restore+0x53/0x53 [ 468.273159] ? handle_userfault+0x12b7/0x24c0 [ 468.277651] handle_userfault+0x12fa/0x24c0 [ 468.281947] ? handle_userfault+0x150b/0x24c0 [ 468.286449] ? userfaultfd_ioctl+0x4520/0x4520 [ 468.291031] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 468.296202] ? __lock_is_held+0xb6/0x140 [ 468.300252] ? print_irqtrace_events+0x270/0x270 [ 468.304984] ? print_irqtrace_events+0x270/0x270 [ 468.309726] ? get_user_pages_fast+0x277/0x340 [ 468.314307] ? perf_event_sync_stat+0x5b0/0x5b0 [ 468.318952] ? __perf_event_task_sched_in+0x200/0xc20 [ 468.324129] ? __lock_acquire+0x664/0x3e00 [ 468.328340] ? check_noncircular+0x20/0x20 [ 468.332546] ? __lock_acquire+0x664/0x3e00 [ 468.336783] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 468.341955] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 468.347121] ? find_held_lock+0x35/0x1d0 [ 468.351163] ? __handle_mm_fault+0x3296/0x3ce0 [ 468.355729] ? lock_downgrade+0x980/0x980 [ 468.359874] ? lock_release+0xa40/0xa40 [ 468.363846] ? copy_overflow+0x20/0x20 [ 468.367719] ? do_raw_spin_trylock+0x190/0x190 [ 468.372277] ? userfaultfd_ctx_put+0x740/0x740 [ 468.376865] __handle_mm_fault+0x32a3/0x3ce0 [ 468.381264] ? __pmd_alloc+0x4e0/0x4e0 [ 468.385125] ? print_irqtrace_events+0x270/0x270 [ 468.389860] ? find_held_lock+0x35/0x1d0 [ 468.393901] ? handle_mm_fault+0x248/0x8d0 [ 468.398109] ? lock_downgrade+0x980/0x980 [ 468.402249] handle_mm_fault+0x334/0x8d0 [ 468.406289] ? down_read+0x96/0x150 [ 468.409896] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 468.414451] ? vmacache_find+0x5f/0x280 [ 468.418402] ? find_vma+0x30/0x150 [ 468.421917] __do_page_fault+0x5c9/0xc90 [ 468.425960] ? mm_fault_error+0x2c0/0x2c0 [ 468.430082] ? find_held_lock+0x35/0x1d0 [ 468.434121] do_page_fault+0xee/0x720 [ 468.437897] ? __do_page_fault+0xc90/0xc90 [ 468.442108] ? lock_release+0xa40/0xa40 [ 468.446070] ? do_raw_spin_trylock+0x190/0x190 [ 468.450633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 468.455457] page_fault+0x2c/0x60 [ 468.458883] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 468.464648] RSP: 0018:ffff8801d6767928 EFLAGS: 00010246 [ 468.469981] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 468.477231] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d6767d28 [ 468.484483] RBP: ffff8801d6767a08 R08: 0000000000000000 R09: 1ffff1003acecee7 [ 468.491731] R10: ffff8801d6767858 R11: 0000000000000003 R12: 1ffff1003acecf28 [ 468.498971] R13: ffff8801d67679e0 R14: 0000000000000000 R15: ffff8801d6767d20 [ 468.506235] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 468.511406] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 468.516570] ? iov_iter_revert+0x9d0/0x9d0 [ 468.520782] ? mark_held_locks+0xaf/0x100 [ 468.524900] ? simple_xattr_get+0xeb/0x160 [ 468.529107] ? current_kernel_time64+0x122/0x2f0 [ 468.533836] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 468.538832] generic_perform_write+0x200/0x600 [ 468.543399] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 468.548646] ? generic_update_time+0x1b2/0x270 [ 468.553203] ? __mnt_drop_write_file+0xd/0x70 [ 468.557672] ? file_update_time+0xbf/0x470 [ 468.561885] ? current_time+0xc0/0xc0 [ 468.565663] ? down_write+0x87/0x120 [ 468.569357] __generic_file_write_iter+0x366/0x5b0 [ 468.574259] ? check_noncircular+0x20/0x20 [ 468.578479] generic_file_write_iter+0x399/0x790 [ 468.583225] ? __generic_file_write_iter+0x5b0/0x5b0 [ 468.588304] ? iov_iter_init+0xaf/0x1d0 [ 468.592257] __vfs_write+0x684/0x970 [ 468.595940] ? lock_acquire+0x1d5/0x580 [ 468.599889] ? kernel_read+0x120/0x120 [ 468.603787] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 468.608519] ? __sb_start_write+0x209/0x2a0 [ 468.612819] vfs_write+0x189/0x510 [ 468.616342] SyS_write+0xef/0x220 [ 468.619779] ? SyS_read+0x220/0x220 [ 468.623378] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 468.628371] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 468.633106] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 468.637833] RIP: 0033:0x452e39 [ 468.640993] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 468.648677] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 468.655917] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 468.663162] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 468.670403] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 468.677646] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 [ 468.715960] FAULT_FLAG_ALLOW_RETRY missing 30 [ 468.720924] CPU: 1 PID: 22910 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 468.728287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.737633] Call Trace: [ 468.740220] dump_stack+0x194/0x257 [ 468.743853] ? arch_local_irq_restore+0x53/0x53 [ 468.748529] ? handle_userfault+0x12b7/0x24c0 [ 468.753028] handle_userfault+0x12fa/0x24c0 [ 468.757345] ? handle_userfault+0x150b/0x24c0 [ 468.761847] ? userfaultfd_ioctl+0x4520/0x4520 [ 468.766421] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 468.771606] ? find_held_lock+0x35/0x1d0 [ 468.775669] ? check_noncircular+0x20/0x20 [ 468.779896] ? print_irqtrace_events+0x270/0x270 [ 468.784628] ? print_irqtrace_events+0x270/0x270 [ 468.789366] ? perf_event_sync_stat+0x5b0/0x5b0 [ 468.794007] ? __perf_event_task_sched_in+0x200/0xc20 [ 468.799176] ? __update_idle_core+0x305/0x600 [ 468.803685] ? __lock_acquire+0x664/0x3e00 [ 468.807889] ? check_noncircular+0x20/0x20 [ 468.812095] ? __lock_acquire+0x664/0x3e00 [ 468.816314] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 468.821475] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 468.826639] ? find_held_lock+0x35/0x1d0 [ 468.830678] ? __handle_mm_fault+0x3296/0x3ce0 [ 468.835232] ? lock_downgrade+0x980/0x980 [ 468.839354] ? lock_release+0xa40/0xa40 [ 468.843304] ? copy_overflow+0x20/0x20 [ 468.847164] ? do_raw_spin_trylock+0x190/0x190 [ 468.851719] ? userfaultfd_ctx_put+0x740/0x740 [ 468.856283] __handle_mm_fault+0x32a3/0x3ce0 [ 468.860667] ? __pmd_alloc+0x4e0/0x4e0 [ 468.864524] ? print_irqtrace_events+0x270/0x270 [ 468.869256] ? find_held_lock+0x35/0x1d0 [ 468.873297] ? handle_mm_fault+0x248/0x8d0 [ 468.877502] ? lock_downgrade+0x980/0x980 [ 468.881641] handle_mm_fault+0x334/0x8d0 [ 468.885674] ? down_read+0x96/0x150 [ 468.889273] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 468.893827] ? vmacache_find+0x5f/0x280 [ 468.897776] ? find_vma+0x30/0x150 [ 468.901295] __do_page_fault+0x5c9/0xc90 [ 468.905335] ? mm_fault_error+0x2c0/0x2c0 [ 468.909454] ? find_held_lock+0x35/0x1d0 [ 468.913493] do_page_fault+0xee/0x720 [ 468.917266] ? __do_page_fault+0xc90/0xc90 [ 468.921473] ? lock_release+0xa40/0xa40 [ 468.925423] ? do_raw_spin_trylock+0x190/0x190 [ 468.929988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 468.934811] page_fault+0x2c/0x60 [ 468.938236] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 468.944000] RSP: 0018:ffff8801d6767928 EFLAGS: 00010246 [ 468.949343] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 468.956586] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d6767d28 [ 468.963828] RBP: ffff8801d6767a08 R08: 0000000000000000 R09: 1ffff1003acecee7 [ 468.971069] R10: ffff8801d6767858 R11: 0000000000000003 R12: 1ffff1003acecf28 [ 468.978316] R13: ffff8801d67679e0 R14: 0000000000000000 R15: ffff8801d6767d20 [ 468.985575] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 468.990743] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 468.995907] ? iov_iter_revert+0x9d0/0x9d0 [ 469.000118] ? mark_held_locks+0xaf/0x100 [ 469.004236] ? simple_xattr_get+0xeb/0x160 [ 469.008444] ? current_kernel_time64+0x122/0x2f0 [ 469.013173] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 469.018167] generic_perform_write+0x200/0x600 [ 469.022740] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 469.027987] ? generic_update_time+0x1b2/0x270 [ 469.032544] ? __mnt_drop_write_file+0xd/0x70 [ 469.037019] ? file_update_time+0xbf/0x470 [ 469.041235] ? current_time+0xc0/0xc0 [ 469.045022] ? down_write+0x87/0x120 [ 469.048720] __generic_file_write_iter+0x366/0x5b0 [ 469.053637] ? check_noncircular+0x20/0x20 [ 469.057859] generic_file_write_iter+0x399/0x790 [ 469.062592] ? __generic_file_write_iter+0x5b0/0x5b0 [ 469.067672] ? iov_iter_init+0xaf/0x1d0 [ 469.071622] __vfs_write+0x684/0x970 [ 469.075309] ? lock_acquire+0x1d5/0x580 [ 469.079257] ? kernel_read+0x120/0x120 [ 469.083138] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 469.087864] ? __sb_start_write+0x209/0x2a0 [ 469.092160] vfs_write+0x189/0x510 [ 469.095679] SyS_write+0xef/0x220 [ 469.099111] ? SyS_read+0x220/0x220 [ 469.102708] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 469.107700] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.112435] entry_SYSCALL_64_fastpath+0x29/0xa0 2018/01/17 19:07:41 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f000011e000-0x4)=0x0) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:41 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 0: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000001000-0x10)={&(0x7f0000bb6000)='./file0\x00', 0x0, 0x8}, 0x10) ioctl$fiemap(r0, 0xc020660b, &(0x7f0000760000)={0x1ff, 0xe49, 0x0, 0x4cd7, 0x6, [{0x5cf, 0x6a9e2851, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0}, {0x4, 0xffffffff00000001, 0x7ff, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0}, {0x2, 0x5, 0x401, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0}, {0xa2, 0x538, 0x7, 0x0, 0x0, 0x1007, 0x0, 0x0, 0x0}, {0x7, 0x6, 0x8000, 0x0, 0x0, 0x1080, 0x0, 0x0, 0x0}, {0x5, 0x8, 0x80000001, 0x0, 0x0, 0x88, 0x0, 0x0, 0x0}]}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x20) r1 = syz_open_dev$sg(&(0x7f00003d0000)='/dev/sg#\x00', 0x1, 0x101000) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000dfd000-0x4)=0x0, &(0x7f0000e4a000)=0x4) r2 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) set_tid_address(&(0x7f0000cc4000)=0x0) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r2, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:41 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 469.117162] RIP: 0033:0x452e39 [ 469.120322] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 469.127999] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 469.135248] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000017 [ 469.142490] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 469.149735] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 469.156978] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:41 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 469.286856] FAULT_FLAG_ALLOW_RETRY missing 30 [ 469.291574] CPU: 0 PID: 22965 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 469.298923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 469.308269] Call Trace: [ 469.310835] dump_stack+0x194/0x257 [ 469.314444] ? arch_local_irq_restore+0x53/0x53 [ 469.319092] ? handle_userfault+0x12b7/0x24c0 [ 469.323564] handle_userfault+0x12fa/0x24c0 [ 469.327859] ? handle_userfault+0x150b/0x24c0 [ 469.332336] ? userfaultfd_ioctl+0x4520/0x4520 [ 469.336893] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 469.342059] ? __lock_is_held+0xb6/0x140 [ 469.346105] ? print_irqtrace_events+0x270/0x270 [ 469.350835] ? print_irqtrace_events+0x270/0x270 [ 469.355564] ? get_user_pages_fast+0x277/0x340 [ 469.360121] ? switched_to_fair+0xb0/0xb0 [ 469.364243] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 469.369246] ? trace_hardirqs_on+0xd/0x10 [ 469.373368] ? get_user_pages_fast+0x14e/0x340 [ 469.377923] ? pick_next_entity+0x197/0x400 [ 469.382217] ? __lock_acquire+0x664/0x3e00 [ 469.386423] ? check_noncircular+0x20/0x20 [ 469.390627] ? __lock_acquire+0x664/0x3e00 [ 469.394851] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 469.400022] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 469.405200] ? find_held_lock+0x35/0x1d0 [ 469.409250] ? __handle_mm_fault+0x3296/0x3ce0 [ 469.413803] ? lock_downgrade+0x980/0x980 [ 469.417928] ? lock_release+0xa40/0xa40 [ 469.421877] ? copy_overflow+0x20/0x20 [ 469.425739] ? do_raw_spin_trylock+0x190/0x190 [ 469.430305] ? userfaultfd_ctx_put+0x740/0x740 [ 469.434867] __handle_mm_fault+0x32a3/0x3ce0 [ 469.439257] ? __pmd_alloc+0x4e0/0x4e0 [ 469.443121] ? print_irqtrace_events+0x270/0x270 [ 469.447858] ? find_held_lock+0x35/0x1d0 [ 469.451911] ? handle_mm_fault+0x248/0x8d0 [ 469.456126] ? lock_downgrade+0x980/0x980 [ 469.460278] handle_mm_fault+0x334/0x8d0 [ 469.464311] ? down_read+0x96/0x150 [ 469.467911] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 469.472466] ? vmacache_find+0x5f/0x280 [ 469.476416] ? find_vma+0x30/0x150 [ 469.479943] __do_page_fault+0x5c9/0xc90 [ 469.483985] ? mm_fault_error+0x2c0/0x2c0 [ 469.488108] ? find_held_lock+0x35/0x1d0 [ 469.492147] do_page_fault+0xee/0x720 [ 469.495921] ? __do_page_fault+0xc90/0xc90 [ 469.500133] ? lock_release+0xa40/0xa40 [ 469.504082] ? do_raw_spin_trylock+0x190/0x190 [ 469.508646] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 469.513468] page_fault+0x2c/0x60 [ 469.516896] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 469.522659] RSP: 0018:ffff8801b4e57928 EFLAGS: 00010246 [ 469.527996] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 469.535245] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b4e57d28 [ 469.542486] RBP: ffff8801b4e57a08 R08: 0000000000000000 R09: 1ffff100369caee7 [ 469.549725] R10: ffff8801b4e57858 R11: 0000000000000003 R12: 1ffff100369caf28 [ 469.556976] R13: ffff8801b4e579e0 R14: 0000000000000000 R15: ffff8801b4e57d20 [ 469.564230] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 469.569402] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 469.574566] ? iov_iter_revert+0x9d0/0x9d0 [ 469.578777] ? mark_held_locks+0xaf/0x100 [ 469.582895] ? simple_xattr_get+0xeb/0x160 [ 469.587103] ? current_kernel_time64+0x122/0x2f0 [ 469.591831] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 469.596825] generic_perform_write+0x200/0x600 [ 469.601392] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 469.606640] ? generic_update_time+0x1b2/0x270 [ 469.611202] ? __mnt_drop_write_file+0xd/0x70 [ 469.615670] ? file_update_time+0xbf/0x470 [ 469.619880] ? current_time+0xc0/0xc0 [ 469.623657] ? down_write+0x87/0x120 [ 469.627349] __generic_file_write_iter+0x366/0x5b0 [ 469.632250] ? check_noncircular+0x20/0x20 [ 469.636463] generic_file_write_iter+0x399/0x790 [ 469.641195] ? __generic_file_write_iter+0x5b0/0x5b0 [ 469.646274] ? iov_iter_init+0xaf/0x1d0 [ 469.650231] __vfs_write+0x684/0x970 [ 469.653917] ? lock_acquire+0x1d5/0x580 [ 469.657866] ? kernel_read+0x120/0x120 [ 469.661745] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 469.666472] ? __sb_start_write+0x209/0x2a0 [ 469.670772] vfs_write+0x189/0x510 [ 469.674292] SyS_write+0xef/0x220 [ 469.677723] ? SyS_read+0x220/0x220 [ 469.681320] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 469.686310] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.691048] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 469.695774] RIP: 0033:0x452e39 [ 469.698933] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 469.706618] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 469.713865] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 [ 469.721104] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 469.728344] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 469.735592] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:41 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000d90000)=@random={'user.\x00', 'vmnet1vmnet1.cpusetselinux$\x00'}) ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:41 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:41 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f000011e000-0x4)=0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) sendto(r0, &(0x7f0000def000-0x1d)="3e769074d3671d3260e306836f1624219c416b17196ad5c491adcf016b", 0x1d, 0x48080, &(0x7f0000c37000)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:41 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:41 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:41 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:41 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:41 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:41 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 469.909139] FAULT_FLAG_ALLOW_RETRY missing 30 [ 469.915878] CPU: 1 PID: 22994 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 469.923257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 469.932603] Call Trace: [ 469.935191] dump_stack+0x194/0x257 [ 469.938812] ? arch_local_irq_restore+0x53/0x53 [ 469.943475] ? handle_userfault+0x12b7/0x24c0 [ 469.947970] handle_userfault+0x12fa/0x24c0 [ 469.952284] ? handle_userfault+0x150b/0x24c0 [ 469.956793] ? userfaultfd_ioctl+0x4520/0x4520 [ 469.961366] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 469.966541] ? __lock_is_held+0xb6/0x140 [ 469.970590] ? print_irqtrace_events+0x270/0x270 [ 469.975328] ? print_irqtrace_events+0x270/0x270 [ 469.980077] ? get_user_pages_fast+0x277/0x340 [ 469.984650] ? switched_to_fair+0xb0/0xb0 [ 469.988781] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 469.993773] ? trace_hardirqs_on+0xd/0x10 [ 469.997894] ? get_user_pages_fast+0x14e/0x340 [ 470.002452] ? pick_next_entity+0x197/0x400 [ 470.006753] ? __lock_acquire+0x664/0x3e00 [ 470.010959] ? check_noncircular+0x20/0x20 [ 470.015165] ? __lock_acquire+0x664/0x3e00 [ 470.019391] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 470.024563] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 470.029732] ? find_held_lock+0x35/0x1d0 [ 470.033784] ? __handle_mm_fault+0x3296/0x3ce0 [ 470.038338] ? lock_downgrade+0x980/0x980 [ 470.042473] ? lock_release+0xa40/0xa40 [ 470.046428] ? copy_overflow+0x20/0x20 [ 470.050290] ? do_raw_spin_trylock+0x190/0x190 [ 470.054847] ? userfaultfd_ctx_put+0x740/0x740 [ 470.059412] __handle_mm_fault+0x32a3/0x3ce0 [ 470.063799] ? __pmd_alloc+0x4e0/0x4e0 [ 470.067660] ? print_irqtrace_events+0x270/0x270 [ 470.072393] ? find_held_lock+0x35/0x1d0 [ 470.076434] ? handle_mm_fault+0x248/0x8d0 [ 470.080645] ? lock_downgrade+0x980/0x980 [ 470.084786] handle_mm_fault+0x334/0x8d0 [ 470.088826] ? down_read+0x96/0x150 [ 470.092425] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 470.096983] ? vmacache_find+0x5f/0x280 [ 470.100933] ? find_vma+0x30/0x150 [ 470.104455] __do_page_fault+0x5c9/0xc90 [ 470.108506] ? mm_fault_error+0x2c0/0x2c0 [ 470.112627] ? find_held_lock+0x35/0x1d0 [ 470.116666] do_page_fault+0xee/0x720 [ 470.120442] ? __do_page_fault+0xc90/0xc90 [ 470.124652] ? lock_release+0xa40/0xa40 [ 470.128605] ? do_raw_spin_trylock+0x190/0x190 [ 470.133169] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 470.137991] page_fault+0x2c/0x60 [ 470.141422] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 470.147190] RSP: 0018:ffff8801ab9f7928 EFLAGS: 00010246 [ 470.152525] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 470.159767] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801ab9f7d28 [ 470.167013] RBP: ffff8801ab9f7a08 R08: 0000000000000000 R09: 1ffff1003573eee7 [ 470.174266] R10: ffff8801ab9f7858 R11: 0000000000000003 R12: 1ffff1003573ef28 [ 470.181509] R13: ffff8801ab9f79e0 R14: 0000000000000000 R15: ffff8801ab9f7d20 [ 470.189039] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 470.194215] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 470.199380] ? iov_iter_revert+0x9d0/0x9d0 [ 470.203592] ? mark_held_locks+0xaf/0x100 [ 470.207716] ? simple_xattr_get+0xeb/0x160 [ 470.211931] ? current_kernel_time64+0x122/0x2f0 [ 470.216661] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 470.221655] generic_perform_write+0x200/0x600 [ 470.226222] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 470.231471] ? generic_update_time+0x1b2/0x270 [ 470.236036] ? __mnt_drop_write_file+0xd/0x70 [ 470.240508] ? file_update_time+0xbf/0x470 [ 470.244721] ? current_time+0xc0/0xc0 [ 470.248501] ? down_write+0x87/0x120 [ 470.252191] __generic_file_write_iter+0x366/0x5b0 [ 470.257093] ? check_noncircular+0x20/0x20 [ 470.261305] generic_file_write_iter+0x399/0x790 [ 470.266040] ? __generic_file_write_iter+0x5b0/0x5b0 [ 470.271123] ? iov_iter_init+0xaf/0x1d0 [ 470.275074] __vfs_write+0x684/0x970 [ 470.278761] ? lock_acquire+0x1d5/0x580 [ 470.282724] ? kernel_read+0x120/0x120 [ 470.286610] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 470.291338] ? __sb_start_write+0x209/0x2a0 [ 470.295643] vfs_write+0x189/0x510 [ 470.299161] SyS_write+0xef/0x220 [ 470.302591] ? SyS_read+0x220/0x220 [ 470.306192] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 470.311183] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.315920] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 470.320646] RIP: 0033:0x452e39 [ 470.323810] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 470.331496] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 470.338744] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 470.346037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 470.353286] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 470.360531] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 [ 470.389473] FAULT_FLAG_ALLOW_RETRY missing 30 [ 470.396163] CPU: 0 PID: 22994 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 470.403547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.412888] Call Trace: [ 470.415459] dump_stack+0x194/0x257 [ 470.419064] ? arch_local_irq_restore+0x53/0x53 [ 470.423709] ? handle_userfault+0x12b7/0x24c0 [ 470.428183] handle_userfault+0x12fa/0x24c0 [ 470.432475] ? handle_userfault+0x150b/0x24c0 [ 470.436956] ? userfaultfd_ioctl+0x4520/0x4520 [ 470.441509] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 470.446675] ? find_held_lock+0x35/0x1d0 [ 470.450721] ? check_noncircular+0x20/0x20 [ 470.454941] ? print_irqtrace_events+0x270/0x270 [ 470.459669] ? print_irqtrace_events+0x270/0x270 [ 470.464401] ? find_held_lock+0x35/0x1d0 [ 470.468443] ? __update_idle_core+0x305/0x600 [ 470.472914] ? __lock_acquire+0x664/0x3e00 [ 470.477121] ? check_noncircular+0x20/0x20 [ 470.481326] ? __lock_acquire+0x664/0x3e00 [ 470.485544] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 470.490704] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 470.495870] ? find_held_lock+0x35/0x1d0 [ 470.499913] ? __handle_mm_fault+0x3296/0x3ce0 [ 470.504466] ? lock_downgrade+0x980/0x980 [ 470.508588] ? lock_release+0xa40/0xa40 [ 470.512537] ? copy_overflow+0x20/0x20 [ 470.516397] ? do_raw_spin_trylock+0x190/0x190 [ 470.520952] ? userfaultfd_ctx_put+0x740/0x740 [ 470.525515] __handle_mm_fault+0x32a3/0x3ce0 [ 470.529903] ? __pmd_alloc+0x4e0/0x4e0 [ 470.533764] ? print_irqtrace_events+0x270/0x270 [ 470.538497] ? find_held_lock+0x35/0x1d0 [ 470.542536] ? handle_mm_fault+0x248/0x8d0 [ 470.546748] ? lock_downgrade+0x980/0x980 [ 470.550887] handle_mm_fault+0x334/0x8d0 [ 470.554920] ? down_read+0x96/0x150 [ 470.558521] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 470.563072] ? vmacache_find+0x5f/0x280 [ 470.567031] ? find_vma+0x30/0x150 [ 470.570547] __do_page_fault+0x5c9/0xc90 [ 470.574588] ? mm_fault_error+0x2c0/0x2c0 [ 470.578707] ? find_held_lock+0x35/0x1d0 [ 470.582746] do_page_fault+0xee/0x720 [ 470.586519] ? __do_page_fault+0xc90/0xc90 [ 470.590727] ? lock_release+0xa40/0xa40 [ 470.594689] ? do_raw_spin_trylock+0x190/0x190 [ 470.599255] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 470.604078] page_fault+0x2c/0x60 [ 470.607503] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 470.613266] RSP: 0018:ffff8801ab9f7928 EFLAGS: 00010246 [ 470.618599] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 470.625841] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801ab9f7d28 [ 470.633082] RBP: ffff8801ab9f7a08 R08: 0000000000000000 R09: 1ffff1003573eee7 [ 470.640323] R10: ffff8801ab9f7858 R11: 0000000000000003 R12: 1ffff1003573ef28 [ 470.647563] R13: ffff8801ab9f79e0 R14: 0000000000000000 R15: ffff8801ab9f7d20 [ 470.654814] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 470.659979] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 470.665147] ? iov_iter_revert+0x9d0/0x9d0 [ 470.669357] ? mark_held_locks+0xaf/0x100 [ 470.673474] ? simple_xattr_get+0xeb/0x160 [ 470.677681] ? current_kernel_time64+0x122/0x2f0 [ 470.682411] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 470.687403] generic_perform_write+0x200/0x600 [ 470.691967] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 470.697215] ? generic_update_time+0x1b2/0x270 [ 470.701771] ? __mnt_drop_write_file+0xd/0x70 [ 470.706247] ? file_update_time+0xbf/0x470 [ 470.710454] ? current_time+0xc0/0xc0 [ 470.714231] ? down_write+0x87/0x120 [ 470.717919] __generic_file_write_iter+0x366/0x5b0 [ 470.722817] ? check_noncircular+0x20/0x20 [ 470.727035] generic_file_write_iter+0x399/0x790 [ 470.731768] ? __generic_file_write_iter+0x5b0/0x5b0 [ 470.736846] ? iov_iter_init+0xaf/0x1d0 [ 470.740795] __vfs_write+0x684/0x970 [ 470.744479] ? lock_acquire+0x1d5/0x580 [ 470.748430] ? kernel_read+0x120/0x120 [ 470.752306] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 470.757037] ? __sb_start_write+0x209/0x2a0 [ 470.761333] vfs_write+0x189/0x510 [ 470.764849] SyS_write+0xef/0x220 [ 470.768278] ? SyS_read+0x220/0x220 [ 470.771876] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 470.776865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.781596] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 470.786321] RIP: 0033:0x452e39 [ 470.789481] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 470.797160] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 470.804400] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 2018/01/17 19:07:42 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:42 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:42 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:42 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:42 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:42 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:42 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) socket$inet6(0xa, 0x0, 0x0) 2018/01/17 19:07:42 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00005fb000)=0x100000000) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:42 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 470.811639] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 470.818878] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 470.826118] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:42 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:42 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:42 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:42 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:42 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00005fb000)=0x100000000) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:42 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 470.939663] FAULT_FLAG_ALLOW_RETRY missing 30 [ 470.944483] CPU: 1 PID: 23041 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 470.951842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.961188] Call Trace: [ 470.963774] dump_stack+0x194/0x257 [ 470.967400] ? arch_local_irq_restore+0x53/0x53 [ 470.972075] ? handle_userfault+0x12b7/0x24c0 [ 470.976579] handle_userfault+0x12fa/0x24c0 [ 470.980896] ? handle_userfault+0x150b/0x24c0 [ 470.985404] ? userfaultfd_ioctl+0x4520/0x4520 [ 470.989978] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 470.995164] ? find_held_lock+0x35/0x1d0 [ 470.999208] ? print_irqtrace_events+0x270/0x270 [ 471.003937] ? print_irqtrace_events+0x270/0x270 [ 471.008663] ? cpuacct_charge+0x2e6/0x5c0 [ 471.012788] ? find_held_lock+0x35/0x1d0 [ 471.016834] ? __lock_acquire+0x664/0x3e00 [ 471.021047] ? check_noncircular+0x20/0x20 [ 471.025265] ? __lock_acquire+0x664/0x3e00 [ 471.029472] ? lock_release+0xa40/0xa40 [ 471.033423] ? __lock_is_held+0xb6/0x140 [ 471.037462] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 471.042626] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 471.047791] ? find_held_lock+0x35/0x1d0 [ 471.051833] ? __handle_mm_fault+0x3296/0x3ce0 [ 471.056388] ? lock_downgrade+0x980/0x980 [ 471.060513] ? lock_release+0xa40/0xa40 [ 471.064460] ? update_cfs_rq_load_avg.part.69+0x2d0/0x2d0 [ 471.069971] ? do_raw_spin_trylock+0x190/0x190 [ 471.074530] ? userfaultfd_ctx_put+0x740/0x740 [ 471.079096] __handle_mm_fault+0x32a3/0x3ce0 [ 471.083484] ? __pmd_alloc+0x4e0/0x4e0 [ 471.087343] ? print_irqtrace_events+0x270/0x270 [ 471.092078] ? find_held_lock+0x35/0x1d0 [ 471.096118] ? handle_mm_fault+0x248/0x8d0 [ 471.100340] ? lock_downgrade+0x980/0x980 [ 471.104513] handle_mm_fault+0x334/0x8d0 [ 471.108550] ? down_read+0x96/0x150 [ 471.112158] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 471.116716] ? vmacache_find+0x5f/0x280 [ 471.120669] ? find_vma+0x30/0x150 [ 471.124191] __do_page_fault+0x5c9/0xc90 [ 471.128234] ? mm_fault_error+0x2c0/0x2c0 [ 471.132355] ? find_held_lock+0x35/0x1d0 [ 471.136397] do_page_fault+0xee/0x720 [ 471.140174] ? __do_page_fault+0xc90/0xc90 [ 471.144383] ? lock_release+0xa40/0xa40 [ 471.148333] ? do_raw_spin_trylock+0x190/0x190 [ 471.152895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 471.157726] page_fault+0x2c/0x60 [ 471.161155] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 471.166928] RSP: 0018:ffff8801bb5af928 EFLAGS: 00010246 [ 471.172261] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 471.179509] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801bb5afd28 [ 471.186749] RBP: ffff8801bb5afa08 R08: 0000000000000000 R09: 1ffff100376b5ee7 [ 471.193990] R10: ffff8801bb5af858 R11: 0000000000000003 R12: 1ffff100376b5f28 [ 471.201237] R13: ffff8801bb5af9e0 R14: 0000000000000000 R15: ffff8801bb5afd20 [ 471.208495] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 471.213667] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 471.218831] ? iov_iter_revert+0x9d0/0x9d0 [ 471.223055] ? mark_held_locks+0xaf/0x100 [ 471.227190] ? simple_xattr_get+0xeb/0x160 [ 471.231407] ? current_kernel_time64+0x122/0x2f0 [ 471.236142] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 471.241147] generic_perform_write+0x200/0x600 [ 471.245720] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 471.250970] ? generic_update_time+0x1b2/0x270 [ 471.255529] ? __mnt_drop_write_file+0xd/0x70 [ 471.259996] ? file_update_time+0xbf/0x470 [ 471.264210] ? current_time+0xc0/0xc0 [ 471.267991] ? down_write+0x87/0x120 [ 471.271685] __generic_file_write_iter+0x366/0x5b0 [ 471.276593] ? check_noncircular+0x20/0x20 [ 471.280819] generic_file_write_iter+0x399/0x790 [ 471.285565] ? __generic_file_write_iter+0x5b0/0x5b0 [ 471.290655] ? iov_iter_init+0xaf/0x1d0 [ 471.294608] __vfs_write+0x684/0x970 [ 471.298291] ? lock_acquire+0x1d5/0x580 [ 471.302241] ? kernel_read+0x120/0x120 [ 471.306123] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 471.310853] ? __sb_start_write+0x209/0x2a0 [ 471.315150] vfs_write+0x189/0x510 [ 471.318667] SyS_write+0xef/0x220 [ 471.322095] ? SyS_read+0x220/0x220 [ 471.325694] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 471.330684] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 471.335420] entry_SYSCALL_64_fastpath+0x29/0xa0 2018/01/17 19:07:43 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00005fb000)=0x100000000) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:43 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 471.340149] RIP: 0033:0x452e39 [ 471.343309] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 471.350988] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 471.358258] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 471.365499] RBP: 0000000000000062 R08: 0000000000000000 R09: 0000000000000000 [ 471.372743] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee9d0 [ 471.379984] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 471.434010] FAULT_FLAG_ALLOW_RETRY missing 30 [ 471.438793] CPU: 1 PID: 23041 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 471.446155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 471.455499] Call Trace: [ 471.458088] dump_stack+0x194/0x257 [ 471.461720] ? arch_local_irq_restore+0x53/0x53 [ 471.466393] ? handle_userfault+0x12b7/0x24c0 [ 471.470896] handle_userfault+0x12fa/0x24c0 [ 471.475217] ? handle_userfault+0x150b/0x24c0 [ 471.479723] ? userfaultfd_ioctl+0x4520/0x4520 [ 471.484299] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 471.489474] ? __lock_is_held+0xb6/0x140 [ 471.493505] ? print_irqtrace_events+0x270/0x270 [ 471.498240] ? print_irqtrace_events+0x270/0x270 [ 471.502967] ? print_irqtrace_events+0x270/0x270 [ 471.507696] ? get_user_pages_fast+0x277/0x340 [ 471.512250] ? switched_to_fair+0xb0/0xb0 [ 471.516367] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 471.521356] ? trace_hardirqs_on+0xd/0x10 [ 471.525474] ? get_user_pages_fast+0x14e/0x340 [ 471.530039] ? pick_next_entity+0x197/0x400 [ 471.534361] ? __lock_acquire+0x664/0x3e00 [ 471.538568] ? check_noncircular+0x20/0x20 [ 471.542775] ? __lock_acquire+0x664/0x3e00 [ 471.546993] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 471.552160] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 471.557325] ? find_held_lock+0x35/0x1d0 [ 471.561363] ? __handle_mm_fault+0x3296/0x3ce0 [ 471.565923] ? lock_downgrade+0x980/0x980 [ 471.570050] ? lock_release+0xa40/0xa40 [ 471.574008] ? copy_overflow+0x20/0x20 [ 471.577875] ? do_raw_spin_trylock+0x190/0x190 [ 471.582433] ? userfaultfd_ctx_put+0x740/0x740 [ 471.586997] __handle_mm_fault+0x32a3/0x3ce0 [ 471.591397] ? __pmd_alloc+0x4e0/0x4e0 [ 471.595255] ? print_irqtrace_events+0x270/0x270 [ 471.599987] ? find_held_lock+0x35/0x1d0 [ 471.604039] ? handle_mm_fault+0x248/0x8d0 [ 471.608249] ? lock_downgrade+0x980/0x980 [ 471.612391] handle_mm_fault+0x334/0x8d0 [ 471.616423] ? down_read+0x96/0x150 [ 471.620034] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 471.624592] ? vmacache_find+0x5f/0x280 [ 471.628541] ? find_vma+0x30/0x150 [ 471.632059] __do_page_fault+0x5c9/0xc90 [ 471.636099] ? mm_fault_error+0x2c0/0x2c0 [ 471.640219] ? find_held_lock+0x35/0x1d0 [ 471.644262] do_page_fault+0xee/0x720 [ 471.648040] ? __do_page_fault+0xc90/0xc90 [ 471.652248] ? lock_release+0xa40/0xa40 [ 471.656202] ? do_raw_spin_trylock+0x190/0x190 [ 471.660764] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 471.665586] page_fault+0x2c/0x60 [ 471.669019] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 471.674790] RSP: 0018:ffff8801bb5af928 EFLAGS: 00010246 [ 471.680125] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 471.687364] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801bb5afd28 [ 471.694604] RBP: ffff8801bb5afa08 R08: 0000000000000000 R09: 1ffff100376b5ee7 [ 471.701844] R10: ffff8801bb5af858 R11: 0000000000000003 R12: 1ffff100376b5f28 [ 471.709089] R13: ffff8801bb5af9e0 R14: 0000000000000000 R15: ffff8801bb5afd20 [ 471.716358] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 471.721528] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 471.726698] ? iov_iter_revert+0x9d0/0x9d0 [ 471.730909] ? mark_held_locks+0xaf/0x100 [ 471.735033] ? simple_xattr_get+0xeb/0x160 [ 471.739249] ? current_kernel_time64+0x122/0x2f0 [ 471.743979] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 471.748972] generic_perform_write+0x200/0x600 [ 471.753540] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 471.758795] ? generic_update_time+0x1b2/0x270 [ 471.763352] ? __mnt_drop_write_file+0xd/0x70 [ 471.767829] ? file_update_time+0xbf/0x470 [ 471.772041] ? current_time+0xc0/0xc0 [ 471.775823] ? down_write+0x87/0x120 [ 471.779512] __generic_file_write_iter+0x366/0x5b0 [ 471.784414] ? check_noncircular+0x20/0x20 [ 471.788628] generic_file_write_iter+0x399/0x790 [ 471.793361] ? __generic_file_write_iter+0x5b0/0x5b0 [ 471.798440] ? iov_iter_init+0xaf/0x1d0 [ 471.802392] __vfs_write+0x684/0x970 [ 471.806078] ? lock_acquire+0x1d5/0x580 [ 471.810037] ? kernel_read+0x120/0x120 [ 471.813919] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 471.818648] ? __sb_start_write+0x209/0x2a0 [ 471.822952] vfs_write+0x189/0x510 [ 471.826468] SyS_write+0xef/0x220 [ 471.829898] ? SyS_read+0x220/0x220 [ 471.833497] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 471.838484] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 471.843220] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 471.847947] RIP: 0033:0x452e39 [ 471.851111] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 471.858790] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 471.866034] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 471.873276] RBP: 00000000000003db R08: 0000000000000000 R09: 0000000000000000 2018/01/17 19:07:43 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:43 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:43 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:43 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:43 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:43 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:43 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000cac000-0xa)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:43 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:43 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) [ 471.880518] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3d28 [ 471.887760] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:43 executing program 4: socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:43 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:43 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:43 executing program 4: socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:43 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:43 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:44 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:44 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 472.030354] FAULT_FLAG_ALLOW_RETRY missing 30 [ 472.035961] CPU: 1 PID: 23098 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 472.043349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.052694] Call Trace: [ 472.055263] dump_stack+0x194/0x257 [ 472.058868] ? arch_local_irq_restore+0x53/0x53 [ 472.063520] ? handle_userfault+0x12b7/0x24c0 [ 472.067999] handle_userfault+0x12fa/0x24c0 [ 472.072301] ? handle_userfault+0x150b/0x24c0 [ 472.076788] ? userfaultfd_ioctl+0x4520/0x4520 [ 472.081361] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 472.086544] ? __lock_is_held+0xb6/0x140 [ 472.090616] ? print_irqtrace_events+0x270/0x270 [ 472.095364] ? print_irqtrace_events+0x270/0x270 [ 472.100098] ? get_user_pages_fast+0x277/0x340 [ 472.104654] ? switched_to_fair+0xb0/0xb0 [ 472.108771] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 472.113759] ? trace_hardirqs_on+0xd/0x10 [ 472.117887] ? get_user_pages_fast+0x14e/0x340 [ 472.122446] ? pick_next_entity+0x197/0x400 [ 472.126743] ? __lock_acquire+0x664/0x3e00 [ 472.130949] ? check_noncircular+0x20/0x20 [ 472.135153] ? __lock_acquire+0x664/0x3e00 [ 472.139372] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 472.144541] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 472.149716] ? find_held_lock+0x35/0x1d0 [ 472.153759] ? __handle_mm_fault+0x3296/0x3ce0 [ 472.158314] ? lock_downgrade+0x980/0x980 [ 472.162436] ? lock_release+0xa40/0xa40 [ 472.166383] ? copy_overflow+0x20/0x20 [ 472.170245] ? do_raw_spin_trylock+0x190/0x190 [ 472.174801] ? userfaultfd_ctx_put+0x740/0x740 [ 472.179367] __handle_mm_fault+0x32a3/0x3ce0 [ 472.183755] ? __pmd_alloc+0x4e0/0x4e0 [ 472.187964] ? print_irqtrace_events+0x270/0x270 [ 472.192699] ? find_held_lock+0x35/0x1d0 [ 472.196742] ? handle_mm_fault+0x248/0x8d0 [ 472.200949] ? lock_downgrade+0x980/0x980 [ 472.205093] handle_mm_fault+0x334/0x8d0 [ 472.209127] ? down_read+0x96/0x150 [ 472.212726] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 472.217282] ? vmacache_find+0x5f/0x280 [ 472.221234] ? find_vma+0x30/0x150 [ 472.224755] __do_page_fault+0x5c9/0xc90 [ 472.228796] ? mm_fault_error+0x2c0/0x2c0 [ 472.232915] ? find_held_lock+0x35/0x1d0 [ 472.236954] do_page_fault+0xee/0x720 [ 472.240727] ? __do_page_fault+0xc90/0xc90 [ 472.244939] ? lock_release+0xa40/0xa40 [ 472.248889] ? do_raw_spin_trylock+0x190/0x190 [ 472.253452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 472.258272] page_fault+0x2c/0x60 [ 472.261696] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 472.267463] RSP: 0018:ffff8801a814f928 EFLAGS: 00010246 [ 472.272798] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 472.280042] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801a814fd28 [ 472.287282] RBP: ffff8801a814fa08 R08: 0000000000000000 R09: 1ffff10035029ee7 [ 472.294524] R10: ffff8801a814f858 R11: 0000000000000003 R12: 1ffff10035029f28 [ 472.301767] R13: ffff8801a814f9e0 R14: 0000000000000000 R15: ffff8801a814fd20 [ 472.309109] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 472.314275] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 472.319438] ? iov_iter_revert+0x9d0/0x9d0 [ 472.323648] ? mark_held_locks+0xaf/0x100 [ 472.327766] ? simple_xattr_get+0xeb/0x160 [ 472.331973] ? current_kernel_time64+0x122/0x2f0 [ 472.336702] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 472.341696] generic_perform_write+0x200/0x600 [ 472.346265] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 472.351514] ? generic_update_time+0x1b2/0x270 [ 472.356079] ? __mnt_drop_write_file+0xd/0x70 [ 472.360546] ? file_update_time+0xbf/0x470 [ 472.364754] ? current_time+0xc0/0xc0 [ 472.368533] ? down_write+0x87/0x120 [ 472.372235] __generic_file_write_iter+0x366/0x5b0 [ 472.377139] ? check_noncircular+0x20/0x20 [ 472.381350] generic_file_write_iter+0x399/0x790 [ 472.386084] ? __generic_file_write_iter+0x5b0/0x5b0 [ 472.391163] ? iov_iter_init+0xaf/0x1d0 [ 472.395113] __vfs_write+0x684/0x970 [ 472.398795] ? lock_acquire+0x1d5/0x580 [ 472.402743] ? kernel_read+0x120/0x120 [ 472.406622] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 472.411348] ? __sb_start_write+0x209/0x2a0 [ 472.415645] vfs_write+0x189/0x510 [ 472.419161] SyS_write+0xef/0x220 [ 472.422589] ? SyS_read+0x220/0x220 [ 472.426186] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 472.431178] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 472.435913] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 472.440638] RIP: 0033:0x452e39 [ 472.443797] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 472.451474] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 472.458713] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 472.465953] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 472.473199] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 472.480439] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 [ 472.526839] FAULT_FLAG_ALLOW_RETRY missing 30 [ 472.531409] CPU: 1 PID: 23098 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 472.538750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.548075] Call Trace: [ 472.550640] dump_stack+0x194/0x257 [ 472.554245] ? arch_local_irq_restore+0x53/0x53 [ 472.558896] ? handle_userfault+0x12b7/0x24c0 [ 472.563379] handle_userfault+0x12fa/0x24c0 [ 472.567673] ? handle_userfault+0x150b/0x24c0 [ 472.572152] ? userfaultfd_ioctl+0x4520/0x4520 [ 472.576706] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 472.581868] ? __lock_is_held+0xb6/0x140 [ 472.585921] ? print_irqtrace_events+0x270/0x270 [ 472.590657] ? print_irqtrace_events+0x270/0x270 [ 472.595385] ? get_user_pages_fast+0x277/0x340 [ 472.599940] ? switched_to_fair+0xb0/0xb0 [ 472.604059] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 472.609050] ? trace_hardirqs_on+0xd/0x10 [ 472.613195] ? get_user_pages_fast+0x14e/0x340 [ 472.617752] ? pick_next_entity+0x197/0x400 [ 472.622050] ? __lock_acquire+0x664/0x3e00 [ 472.626257] ? check_noncircular+0x20/0x20 [ 472.630460] ? __lock_acquire+0x664/0x3e00 [ 472.634679] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 472.639850] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 472.645032] ? find_held_lock+0x35/0x1d0 [ 472.649075] ? __handle_mm_fault+0x3296/0x3ce0 [ 472.653629] ? lock_downgrade+0x980/0x980 [ 472.657752] ? lock_release+0xa40/0xa40 [ 472.661704] ? copy_overflow+0x20/0x20 [ 472.665566] ? do_raw_spin_trylock+0x190/0x190 [ 472.670124] ? userfaultfd_ctx_put+0x740/0x740 [ 472.674688] __handle_mm_fault+0x32a3/0x3ce0 [ 472.679078] ? __pmd_alloc+0x4e0/0x4e0 [ 472.682940] ? print_irqtrace_events+0x270/0x270 [ 472.687681] ? find_held_lock+0x35/0x1d0 [ 472.691726] ? handle_mm_fault+0x248/0x8d0 [ 472.695934] ? lock_downgrade+0x980/0x980 [ 472.700077] handle_mm_fault+0x334/0x8d0 [ 472.704112] ? down_read+0x96/0x150 [ 472.707714] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 472.712266] ? vmacache_find+0x5f/0x280 [ 472.716225] ? find_vma+0x30/0x150 [ 472.719740] __do_page_fault+0x5c9/0xc90 [ 472.723778] ? mm_fault_error+0x2c0/0x2c0 [ 472.727899] ? find_held_lock+0x35/0x1d0 [ 472.731954] do_page_fault+0xee/0x720 [ 472.735732] ? __do_page_fault+0xc90/0xc90 [ 472.739942] ? lock_release+0xa40/0xa40 [ 472.743898] ? do_raw_spin_trylock+0x190/0x190 [ 472.748460] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 472.753286] page_fault+0x2c/0x60 [ 472.756711] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 472.762482] RSP: 0018:ffff8801a814f928 EFLAGS: 00010246 [ 472.767817] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 472.775057] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801a814fd28 [ 472.782312] RBP: ffff8801a814fa08 R08: 0000000000000000 R09: 1ffff10035029ee7 [ 472.789554] R10: ffff8801a814f858 R11: 0000000000000003 R12: 1ffff10035029f28 [ 472.796794] R13: ffff8801a814f9e0 R14: 0000000000000000 R15: ffff8801a814fd20 [ 472.804053] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 472.809221] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 472.814393] ? iov_iter_revert+0x9d0/0x9d0 [ 472.818619] ? mark_held_locks+0xaf/0x100 [ 472.822742] ? simple_xattr_get+0xeb/0x160 [ 472.826948] ? current_kernel_time64+0x122/0x2f0 [ 472.831679] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 472.836671] generic_perform_write+0x200/0x600 [ 472.841238] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 472.846494] ? generic_update_time+0x1b2/0x270 [ 472.851051] ? __mnt_drop_write_file+0xd/0x70 [ 472.855520] ? file_update_time+0xbf/0x470 [ 472.859731] ? current_time+0xc0/0xc0 [ 472.863523] ? down_write+0x87/0x120 [ 472.867214] __generic_file_write_iter+0x366/0x5b0 [ 472.872115] ? check_noncircular+0x20/0x20 [ 472.876327] generic_file_write_iter+0x399/0x790 [ 472.881063] ? __generic_file_write_iter+0x5b0/0x5b0 [ 472.886143] ? iov_iter_init+0xaf/0x1d0 [ 472.890107] __vfs_write+0x684/0x970 [ 472.893808] ? lock_acquire+0x1d5/0x580 [ 472.897758] ? kernel_read+0x120/0x120 [ 472.901636] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 472.906369] ? __sb_start_write+0x209/0x2a0 [ 472.910680] vfs_write+0x189/0x510 [ 472.914204] SyS_write+0xef/0x220 [ 472.917632] ? SyS_read+0x220/0x220 [ 472.921237] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 472.926229] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 472.930968] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 472.935696] RIP: 0033:0x452e39 [ 472.938865] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 472.946554] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 472.953796] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 472.961045] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 472.968294] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 2018/01/17 19:07:44 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:44 executing program 4: socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:44 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:44 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:44 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:44 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:44 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000143000-0xd)='/dev/usbmon#\x00', 0x59d5, 0x0) r1 = syz_open_dev$admmidi(&(0x7f00003f6000)='/dev/admmidi#\x00', 0x10000, 0x440400) linkat(r0, &(0x7f0000a66000-0xa)='./control\x00', r1, &(0x7f0000ab9000)='./control\x00', 0x1400) r2 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) name_to_handle_at(r1, &(0x7f0000f23000-0x8)='./file0\x00', &(0x7f00000f1000-0xb1)={0xb1, 0x9, "f9148b5d4fad8e862f0e8e998a7c99582859739fbbc0ca2a4f4f29ad8910ce08163f2b1fbf81c48eba321fdd3a4b63da4945b777e9d9b92f27705065493fffcf66d5bd603b2bfbbf0e69cc2a5ac54f60eda7f3dcaf4d3f571db15eca829b069311c1ccfc4ee0377226ae9128a499929442eb34f5ebbcc6b7cff0b84e9897e694ac2a33bbbc18e613f5ca1f3432176725785feb7a9be190868e22b0bc4a524daea73fa10b13c88ac2fc"}, &(0x7f00004be000)=0x0, 0x400) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f00005b3000-0x10)={0x9, 0x7fffffff}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f000035e000-0x18)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000108000)={@loopback=0x7f000001, @remote={0xac, 0x14, 0x0, 0xbb}, 0x0, 0x5, [@multicast1=0xe0000001, @local={0xac, 0x14, 0x0, 0xaa}, @dev={0xac, 0x14, 0x0, 0x12}, @multicast1=0xe0000001, @dev={0xac, 0x14, 0x0, 0xb}]}, 0x24) socket$inet6_dccp(0xa, 0x6, 0x0) rename(&(0x7f0000a45000-0x8)='./file0\x00', &(0x7f0000bf1000-0x10)='./control/file0\x00') fremovexattr(r2, &(0x7f0000939000)=@known='security.capability\x00') getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000536000-0x8)={0x0, 0x67}, &(0x7f00000b0000)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00002be000-0x98)={r5, @in6={{0xa, 0x0, 0x3, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x7, 0x5}, &(0x7f000036c000)=0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00005ec000)=@generic="3530da37620a61ad0cee92a4c5f911d7", 0x10) ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:44 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:45 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:45 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 472.975534] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:45 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:45 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f000011e000-0x4)=0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) sendto(r0, &(0x7f0000def000-0x1d)="3e769074d3671d3260e306836f1624219c416b17196ad5c491adcf016b", 0x1d, 0x48080, &(0x7f0000c37000)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:45 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:45 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) [ 473.118500] FAULT_FLAG_ALLOW_RETRY missing 30 [ 473.129120] CPU: 1 PID: 23134 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 473.136501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.145847] Call Trace: [ 473.148425] dump_stack+0x194/0x257 [ 473.152039] ? arch_local_irq_restore+0x53/0x53 [ 473.156688] ? handle_userfault+0x12b7/0x24c0 [ 473.161160] handle_userfault+0x12fa/0x24c0 [ 473.165460] ? handle_userfault+0x150b/0x24c0 [ 473.169937] ? userfaultfd_ioctl+0x4520/0x4520 [ 473.174492] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 473.179658] ? __lock_is_held+0xb6/0x140 [ 473.183703] ? print_irqtrace_events+0x270/0x270 [ 473.188432] ? print_irqtrace_events+0x270/0x270 [ 473.193164] ? get_user_pages_fast+0x277/0x340 [ 473.197718] ? switched_to_fair+0xb0/0xb0 [ 473.201836] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 473.206823] ? trace_hardirqs_on+0xd/0x10 [ 473.210942] ? get_user_pages_fast+0x14e/0x340 [ 473.215498] ? pick_next_entity+0x197/0x400 [ 473.219796] ? __lock_acquire+0x664/0x3e00 [ 473.224004] ? check_noncircular+0x20/0x20 [ 473.228218] ? __lock_acquire+0x664/0x3e00 [ 473.232441] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 473.237621] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 473.242789] ? find_held_lock+0x35/0x1d0 [ 473.246829] ? __handle_mm_fault+0x3296/0x3ce0 [ 473.251387] ? lock_downgrade+0x980/0x980 [ 473.255508] ? lock_release+0xa40/0xa40 [ 473.259458] ? copy_overflow+0x20/0x20 [ 473.263321] ? do_raw_spin_trylock+0x190/0x190 [ 473.267885] ? userfaultfd_ctx_put+0x740/0x740 [ 473.272455] __handle_mm_fault+0x32a3/0x3ce0 [ 473.276843] ? __pmd_alloc+0x4e0/0x4e0 [ 473.280706] ? print_irqtrace_events+0x270/0x270 [ 473.285443] ? find_held_lock+0x35/0x1d0 [ 473.289485] ? handle_mm_fault+0x248/0x8d0 [ 473.293693] ? lock_downgrade+0x980/0x980 [ 473.297834] handle_mm_fault+0x334/0x8d0 [ 473.301869] ? down_read+0x96/0x150 [ 473.305469] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 473.310031] ? vmacache_find+0x5f/0x280 [ 473.313985] ? find_vma+0x30/0x150 [ 473.317504] __do_page_fault+0x5c9/0xc90 [ 473.321544] ? mm_fault_error+0x2c0/0x2c0 [ 473.325667] ? find_held_lock+0x35/0x1d0 [ 473.329706] do_page_fault+0xee/0x720 [ 473.333487] ? __do_page_fault+0xc90/0xc90 [ 473.337696] ? lock_release+0xa40/0xa40 [ 473.341658] ? do_raw_spin_trylock+0x190/0x190 [ 473.346223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 473.351050] page_fault+0x2c/0x60 [ 473.354477] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 473.360243] RSP: 0018:ffff8801d48df928 EFLAGS: 00010246 [ 473.365586] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 473.372835] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d48dfd28 [ 473.380079] RBP: ffff8801d48dfa08 R08: 0000000000000000 R09: 1ffff1003a91bee7 [ 473.387323] R10: ffff8801d48df858 R11: 0000000000000003 R12: 1ffff1003a91bf28 [ 473.394566] R13: ffff8801d48df9e0 R14: 0000000000000000 R15: ffff8801d48dfd20 [ 473.401835] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 473.407010] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 473.412207] ? iov_iter_revert+0x9d0/0x9d0 [ 473.416431] ? mark_held_locks+0xaf/0x100 [ 473.420552] ? simple_xattr_get+0xeb/0x160 [ 473.424761] ? current_kernel_time64+0x122/0x2f0 [ 473.429494] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 473.434491] generic_perform_write+0x200/0x600 [ 473.439061] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 473.444321] ? generic_update_time+0x1b2/0x270 [ 473.448879] ? __mnt_drop_write_file+0xd/0x70 [ 473.453359] ? file_update_time+0xbf/0x470 [ 473.457568] ? current_time+0xc0/0xc0 [ 473.461346] ? down_write+0x87/0x120 [ 473.465039] __generic_file_write_iter+0x366/0x5b0 [ 473.469943] ? check_noncircular+0x20/0x20 [ 473.474155] generic_file_write_iter+0x399/0x790 [ 473.478886] ? __generic_file_write_iter+0x5b0/0x5b0 [ 473.483968] ? iov_iter_init+0xaf/0x1d0 [ 473.487919] __vfs_write+0x684/0x970 [ 473.491605] ? lock_acquire+0x1d5/0x580 [ 473.495553] ? kernel_read+0x120/0x120 [ 473.499437] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 473.504164] ? __sb_start_write+0x209/0x2a0 [ 473.508462] vfs_write+0x189/0x510 [ 473.511978] SyS_write+0xef/0x220 [ 473.515410] ? filp_open+0x70/0x70 [ 473.518931] ? SyS_read+0x220/0x220 [ 473.522529] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 473.527520] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 473.532256] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 473.536981] RIP: 0033:0x452e39 [ 473.540142] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 473.547822] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 473.555063] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 473.562303] RBP: 00000000000005e1 R08: 0000000000000000 R09: 0000000000000000 2018/01/17 19:07:45 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:45 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r2, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:45 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:45 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) recvmmsg(r0, &(0x7f000022d000-0x168)=[{{&(0x7f0000f7c000-0x10)=@nfc={0x0, 0x0, 0x0, 0x0}, 0x10, &(0x7f0000d29000-0x40)=[{&(0x7f0000cf7000-0x54)=""/84, 0x54}, {&(0x7f0000978000)=""/207, 0xcf}, {&(0x7f0000c70000)=""/170, 0xaa}, {&(0x7f0000a8c000)=""/0, 0x0}], 0x4, &(0x7f00006b9000-0x87)=""/135, 0x87, 0x4}, 0x1f}, {{0x0, 0x0, &(0x7f0000df7000-0x50)=[{&(0x7f00005dd000)=""/15, 0xf}, {&(0x7f0000d29000-0xea)=""/234, 0xea}, {&(0x7f0000bc3000-0x3)=""/3, 0x3}, {&(0x7f0000adc000)=""/195, 0xc3}, {&(0x7f0000706000-0x1000)=""/4096, 0x1000}], 0x5, &(0x7f0000ffc000)=""/157, 0x9d, 0x800}, 0x6734785f}, {{&(0x7f0000112000-0x8)=@un=@abs={0x0, 0x0, 0xffffffffffffffff}, 0x8, &(0x7f0000524000)=[{&(0x7f0000798000-0xad)=""/173, 0xad}, {&(0x7f00004f5000)=""/138, 0x8a}, {&(0x7f0000725000)=""/104, 0x68}, {&(0x7f0000d82000)=""/82, 0x52}], 0x4, &(0x7f0000cba000-0xbb)=""/187, 0xbb, 0x8000}, 0x5}, {{0x0, 0x0, &(0x7f000074b000)=[{&(0x7f0000105000-0xee)=""/238, 0xee}, {&(0x7f0000933000-0xf1)=""/241, 0xf1}], 0x2, &(0x7f000040a000)=""/61, 0x3d, 0x6}, 0x9}, {{&(0x7f00007d0000-0x1c)=@in6={0x0, 0xffffffffffffffff, 0x0, @local={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0x0}, 0x1c, &(0x7f000075c000)=[{&(0x7f0000d26000-0xb)=""/11, 0xb}, {&(0x7f0000078000)=""/103, 0x67}, {&(0x7f0000b87000-0xa0)=""/160, 0xa0}], 0x3, 0x0, 0x0, 0x4}, 0x4}, {{&(0x7f0000b40000-0x60)=@nfc_llcp={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/63, 0x0}, 0x60, &(0x7f0000837000-0x60)=[{&(0x7f0000731000)=""/84, 0x54}, {&(0x7f00003fd000)=""/31, 0x1f}, {&(0x7f0000273000)=""/214, 0xd6}, {&(0x7f0000814000-0x52)=""/82, 0x52}, {&(0x7f000047e000-0xe7)=""/231, 0xe7}, {&(0x7f0000229000)=""/52, 0x34}], 0x6, &(0x7f0000f80000)=""/157, 0x9d, 0x3}, 0x4}], 0x6, 0x2002, &(0x7f000071f000)={0x0, 0x1c9c380}) ioctl$sock_bt_cmtp_CMTPCONNADD(r0, 0x400443c8, &(0x7f0000313000-0x8)={r0, 0x6}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:45 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) [ 473.569552] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6db8 [ 473.576797] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:45 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:45 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:45 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:45 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:45 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 473.751493] FAULT_FLAG_ALLOW_RETRY missing 30 [ 473.757647] CPU: 0 PID: 23188 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 473.765022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.774362] Call Trace: [ 473.776941] dump_stack+0x194/0x257 [ 473.780549] ? arch_local_irq_restore+0x53/0x53 [ 473.785195] ? handle_userfault+0x12b7/0x24c0 [ 473.789684] handle_userfault+0x12fa/0x24c0 [ 473.793987] ? handle_userfault+0x150b/0x24c0 [ 473.798470] ? userfaultfd_ioctl+0x4520/0x4520 [ 473.803030] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 473.808196] ? __lock_is_held+0xb6/0x140 [ 473.812239] ? print_irqtrace_events+0x270/0x270 [ 473.816968] ? print_irqtrace_events+0x270/0x270 [ 473.821696] ? get_user_pages_fast+0x277/0x340 [ 473.826250] ? switched_to_fair+0xb0/0xb0 [ 473.830368] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 473.835355] ? trace_hardirqs_on+0xd/0x10 [ 473.839474] ? get_user_pages_fast+0x14e/0x340 [ 473.844038] ? pick_next_entity+0x197/0x400 [ 473.848335] ? __lock_acquire+0x664/0x3e00 [ 473.852542] ? check_noncircular+0x20/0x20 [ 473.856762] ? __lock_acquire+0x664/0x3e00 [ 473.860981] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 473.866147] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 473.871323] ? find_held_lock+0x35/0x1d0 [ 473.875363] ? __handle_mm_fault+0x3296/0x3ce0 [ 473.879920] ? lock_downgrade+0x980/0x980 [ 473.884058] ? lock_release+0xa40/0xa40 [ 473.888023] ? copy_overflow+0x20/0x20 [ 473.891892] ? do_raw_spin_trylock+0x190/0x190 [ 473.896450] ? userfaultfd_ctx_put+0x740/0x740 [ 473.901028] __handle_mm_fault+0x32a3/0x3ce0 [ 473.905418] ? __pmd_alloc+0x4e0/0x4e0 [ 473.909277] ? print_irqtrace_events+0x270/0x270 [ 473.914010] ? plist_check_head+0xe2/0x130 [ 473.918229] ? find_held_lock+0x35/0x1d0 [ 473.922270] ? handle_mm_fault+0x248/0x8d0 [ 473.926476] ? lock_downgrade+0x980/0x980 [ 473.930616] handle_mm_fault+0x334/0x8d0 [ 473.934651] ? down_read+0x96/0x150 [ 473.938252] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 473.942804] ? vmacache_find+0x5f/0x280 [ 473.946753] ? find_vma+0x30/0x150 [ 473.950271] __do_page_fault+0x5c9/0xc90 [ 473.954313] ? mm_fault_error+0x2c0/0x2c0 [ 473.958439] ? get_futex_value_locked+0xc3/0xf0 [ 473.963085] do_page_fault+0xee/0x720 [ 473.966862] ? __do_page_fault+0xc90/0xc90 [ 473.971085] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 473.976249] ? check_noncircular+0x20/0x20 [ 473.980459] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 473.985534] ? futex_wait+0x6a9/0x9a0 [ 473.989311] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 473.994133] page_fault+0x2c/0x60 [ 473.997557] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 474.003325] RSP: 0018:ffff8801bb56f928 EFLAGS: 00010246 [ 474.008672] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 474.015916] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801bb56fd28 [ 474.023163] RBP: ffff8801bb56fa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 474.030409] R10: ffff8801bb56f858 R11: 0000000000000000 R12: 1ffff100376adf28 [ 474.037650] R13: ffff8801bb56f9e0 R14: 0000000000000000 R15: ffff8801bb56fd20 [ 474.044903] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 474.050072] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 474.055236] ? iov_iter_revert+0x9d0/0x9d0 [ 474.059450] ? mark_held_locks+0xaf/0x100 [ 474.063568] ? simple_xattr_get+0xeb/0x160 [ 474.067777] ? current_kernel_time64+0x122/0x2f0 [ 474.072505] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 474.077499] generic_perform_write+0x200/0x600 [ 474.082075] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 474.087327] ? current_time+0x88/0xc0 [ 474.091105] ? file_update_time+0xbf/0x470 [ 474.095313] ? current_time+0xc0/0xc0 [ 474.099093] ? down_write+0x87/0x120 [ 474.102784] __generic_file_write_iter+0x366/0x5b0 [ 474.107683] ? check_noncircular+0x20/0x20 [ 474.111903] generic_file_write_iter+0x399/0x790 [ 474.116635] ? __generic_file_write_iter+0x5b0/0x5b0 [ 474.121713] ? iov_iter_init+0xaf/0x1d0 [ 474.125665] __vfs_write+0x684/0x970 [ 474.129349] ? lock_acquire+0x1d5/0x580 [ 474.133300] ? kernel_read+0x120/0x120 [ 474.137179] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 474.141906] ? __sb_start_write+0x209/0x2a0 [ 474.146204] vfs_write+0x189/0x510 [ 474.149720] SyS_write+0xef/0x220 [ 474.153150] ? SyS_read+0x220/0x220 [ 474.156747] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 474.161736] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 474.166473] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 474.171200] RIP: 0033:0x452e39 [ 474.174361] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 474.182044] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 474.189295] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 474.196534] RBP: 0000000000000317 R08: 0000000000000000 R09: 0000000000000000 [ 474.203773] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2ac8 [ 474.211020] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 474.255206] FAULT_FLAG_ALLOW_RETRY missing 30 [ 474.259771] CPU: 0 PID: 23188 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 474.267114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.276439] Call Trace: [ 474.279006] dump_stack+0x194/0x257 [ 474.282615] ? arch_local_irq_restore+0x53/0x53 [ 474.287276] ? handle_userfault+0x12b7/0x24c0 [ 474.291748] handle_userfault+0x12fa/0x24c0 [ 474.296040] ? handle_userfault+0x150b/0x24c0 [ 474.300514] ? userfaultfd_ioctl+0x4520/0x4520 [ 474.305069] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 474.310234] ? check_noncircular+0x20/0x20 [ 474.314437] ? lock_acquire+0xe0/0x580 [ 474.318292] ? lock_acquire+0x1d5/0x580 [ 474.322234] ? pick_next_task_fair+0xdc0/0x16b0 [ 474.326876] ? print_irqtrace_events+0x270/0x270 [ 474.331602] ? print_irqtrace_events+0x270/0x270 [ 474.336338] ? find_held_lock+0x35/0x1d0 [ 474.340379] ? __update_idle_core+0x305/0x600 [ 474.344866] ? __lock_acquire+0x664/0x3e00 [ 474.349072] ? check_noncircular+0x20/0x20 [ 474.353275] ? __lock_acquire+0x664/0x3e00 [ 474.357798] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 474.362960] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 474.368126] ? find_held_lock+0x35/0x1d0 [ 474.372169] ? __handle_mm_fault+0x3296/0x3ce0 [ 474.376722] ? lock_downgrade+0x980/0x980 [ 474.380849] ? lock_release+0xa40/0xa40 [ 474.384797] ? copy_overflow+0x20/0x20 [ 474.388656] ? do_raw_spin_trylock+0x190/0x190 [ 474.393210] ? userfaultfd_ctx_put+0x740/0x740 [ 474.397774] __handle_mm_fault+0x32a3/0x3ce0 [ 474.402158] ? __pmd_alloc+0x4e0/0x4e0 [ 474.406021] ? print_irqtrace_events+0x270/0x270 [ 474.410755] ? find_held_lock+0x35/0x1d0 [ 474.414794] ? handle_mm_fault+0x248/0x8d0 [ 474.419000] ? lock_downgrade+0x980/0x980 [ 474.423146] handle_mm_fault+0x334/0x8d0 [ 474.427179] ? down_read+0x96/0x150 [ 474.430777] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 474.435333] ? vmacache_find+0x5f/0x280 [ 474.439282] ? find_vma+0x30/0x150 [ 474.442796] __do_page_fault+0x5c9/0xc90 [ 474.446836] ? mm_fault_error+0x2c0/0x2c0 [ 474.450958] ? find_held_lock+0x35/0x1d0 [ 474.454999] do_page_fault+0xee/0x720 [ 474.458777] ? __do_page_fault+0xc90/0xc90 [ 474.462987] ? lock_release+0xa40/0xa40 [ 474.466939] ? do_raw_spin_trylock+0x190/0x190 [ 474.471503] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 474.476321] page_fault+0x2c/0x60 [ 474.479748] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 474.485513] RSP: 0018:ffff8801bb56f928 EFLAGS: 00010246 [ 474.490849] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 474.498087] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801bb56fd28 [ 474.505329] RBP: ffff8801bb56fa08 R08: 0000000000000000 R09: 1ffff100376adee7 [ 474.512568] R10: ffff8801bb56f858 R11: 0000000000000003 R12: 1ffff100376adf28 [ 474.519806] R13: ffff8801bb56f9e0 R14: 0000000000000000 R15: ffff8801bb56fd20 [ 474.527057] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 474.532222] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 474.537384] ? iov_iter_revert+0x9d0/0x9d0 [ 474.541594] ? mark_held_locks+0xaf/0x100 [ 474.545712] ? simple_xattr_get+0xeb/0x160 [ 474.549919] ? current_kernel_time64+0x122/0x2f0 [ 474.554645] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 474.559639] generic_perform_write+0x200/0x600 [ 474.564204] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 474.569452] ? generic_update_time+0x1b2/0x270 [ 474.574013] ? __mnt_drop_write_file+0xd/0x70 [ 474.578483] ? file_update_time+0xbf/0x470 [ 474.582691] ? current_time+0xc0/0xc0 [ 474.586471] ? down_write+0x87/0x120 [ 474.590161] __generic_file_write_iter+0x366/0x5b0 [ 474.595069] ? check_noncircular+0x20/0x20 [ 474.599282] generic_file_write_iter+0x399/0x790 [ 474.604022] ? __generic_file_write_iter+0x5b0/0x5b0 [ 474.609102] ? iov_iter_init+0xaf/0x1d0 [ 474.613055] __vfs_write+0x684/0x970 [ 474.616737] ? lock_acquire+0x1d5/0x580 [ 474.620684] ? kernel_read+0x120/0x120 [ 474.624563] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 474.629286] ? __sb_start_write+0x209/0x2a0 [ 474.633582] vfs_write+0x189/0x510 [ 474.637100] SyS_write+0xef/0x220 [ 474.640526] ? SyS_read+0x220/0x220 [ 474.644126] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 474.649116] ? trace_hardirqs_on_thunk+0x1a/0x1c 2018/01/17 19:07:46 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:46 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:46 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:46 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:46 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:46 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:46 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) ioctl$TCGETA(r0, 0x5405, &(0x7f0000dd9000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:46 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:46 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 474.653856] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 474.658580] RIP: 0033:0x452e39 [ 474.661742] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 474.669419] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 474.676659] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 474.683901] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 474.691140] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 474.698380] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:46 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:46 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:46 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:46 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:46 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:46 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:46 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:46 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:46 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:46 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) [ 474.831068] FAULT_FLAG_ALLOW_RETRY missing 30 [ 474.836260] CPU: 0 PID: 23225 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 474.843645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.852987] Call Trace: [ 474.855572] dump_stack+0x194/0x257 [ 474.859205] ? arch_local_irq_restore+0x53/0x53 [ 474.863881] ? handle_userfault+0x12b7/0x24c0 [ 474.868383] handle_userfault+0x12fa/0x24c0 [ 474.872705] ? handle_userfault+0x150b/0x24c0 2018/01/17 19:07:46 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) [ 474.877213] ? userfaultfd_ioctl+0x4520/0x4520 [ 474.881790] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 474.886981] ? __lock_is_held+0xb6/0x140 [ 474.891054] ? print_irqtrace_events+0x270/0x270 [ 474.895813] ? print_irqtrace_events+0x270/0x270 [ 474.900563] ? get_user_pages_fast+0x277/0x340 [ 474.905140] ? switched_to_fair+0xb0/0xb0 [ 474.909273] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 474.914273] ? trace_hardirqs_on+0xd/0x10 [ 474.918398] ? get_user_pages_fast+0x14e/0x340 [ 474.922959] ? pick_next_entity+0x197/0x400 [ 474.927256] ? __lock_acquire+0x664/0x3e00 [ 474.931465] ? check_noncircular+0x20/0x20 [ 474.935683] ? __lock_acquire+0x664/0x3e00 [ 474.939904] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 474.945070] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 474.950237] ? find_held_lock+0x35/0x1d0 [ 474.954280] ? __handle_mm_fault+0x3296/0x3ce0 [ 474.958841] ? lock_downgrade+0x980/0x980 [ 474.962963] ? lock_release+0xa40/0xa40 [ 474.966912] ? copy_overflow+0x20/0x20 [ 474.970772] ? do_raw_spin_trylock+0x190/0x190 [ 474.975336] ? userfaultfd_ctx_put+0x740/0x740 [ 474.979906] __handle_mm_fault+0x32a3/0x3ce0 [ 474.984293] ? __pmd_alloc+0x4e0/0x4e0 [ 474.988153] ? print_irqtrace_events+0x270/0x270 [ 474.992885] ? find_held_lock+0x35/0x1d0 [ 474.996924] ? handle_mm_fault+0x248/0x8d0 [ 475.001133] ? lock_downgrade+0x980/0x980 [ 475.005275] handle_mm_fault+0x334/0x8d0 [ 475.009309] ? down_read+0x96/0x150 [ 475.012909] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 475.017466] ? vmacache_find+0x5f/0x280 [ 475.021418] ? find_vma+0x30/0x150 [ 475.024936] __do_page_fault+0x5c9/0xc90 [ 475.028978] ? mm_fault_error+0x2c0/0x2c0 [ 475.033101] ? find_held_lock+0x35/0x1d0 [ 475.037145] do_page_fault+0xee/0x720 [ 475.040919] ? __do_page_fault+0xc90/0xc90 [ 475.045126] ? lock_release+0xa40/0xa40 [ 475.049079] ? do_raw_spin_trylock+0x190/0x190 [ 475.053649] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 475.058470] page_fault+0x2c/0x60 [ 475.061894] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 475.067661] RSP: 0018:ffff8801b366f928 EFLAGS: 00010246 [ 475.073002] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 475.080253] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b366fd28 [ 475.087495] RBP: ffff8801b366fa08 R08: 0000000000000000 R09: 1ffff100366cdee7 [ 475.094734] R10: ffff8801b366f858 R11: 0000000000000003 R12: 1ffff100366cdf28 [ 475.101974] R13: ffff8801b366f9e0 R14: 0000000000000000 R15: ffff8801b366fd20 [ 475.109229] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 475.114398] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 475.119566] ? iov_iter_revert+0x9d0/0x9d0 [ 475.123777] ? mark_held_locks+0xaf/0x100 [ 475.127909] ? simple_xattr_get+0xeb/0x160 [ 475.132119] ? current_kernel_time64+0x122/0x2f0 [ 475.136852] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 475.141850] generic_perform_write+0x200/0x600 [ 475.146419] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 475.151675] ? generic_update_time+0x1b2/0x270 [ 475.156237] ? __mnt_drop_write_file+0xd/0x70 [ 475.160706] ? file_update_time+0xbf/0x470 [ 475.164917] ? current_time+0xc0/0xc0 [ 475.168698] ? down_write+0x87/0x120 [ 475.172389] __generic_file_write_iter+0x366/0x5b0 [ 475.177303] ? check_noncircular+0x20/0x20 [ 475.181525] generic_file_write_iter+0x399/0x790 [ 475.186256] ? __generic_file_write_iter+0x5b0/0x5b0 [ 475.191338] ? iov_iter_init+0xaf/0x1d0 [ 475.195290] __vfs_write+0x684/0x970 [ 475.198973] ? lock_acquire+0x1d5/0x580 [ 475.202923] ? kernel_read+0x120/0x120 [ 475.206810] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 475.211538] ? __sb_start_write+0x209/0x2a0 [ 475.215839] vfs_write+0x189/0x510 [ 475.219356] SyS_write+0xef/0x220 [ 475.222790] ? SyS_read+0x220/0x220 [ 475.226388] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 475.231379] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 475.236116] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 475.240845] RIP: 0033:0x452e39 [ 475.244009] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 475.251698] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 475.258939] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 475.266181] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 475.273423] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 475.280665] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 2018/01/17 19:07:47 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000741000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') getsockname$netrom(r0, &(0x7f0000643000-0x10)=@ax25={0x0, {""/7}, 0x0}, &(0x7f000070a000)=0x10) ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) getpeername(r0, &(0x7f0000778000)=@can={0x0, 0x0, 0x0, 0x0}, &(0x7f0000c0c000-0x4)=0x10) 2018/01/17 19:07:47 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:47 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:47 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:47 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:47 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:47 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:47 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:47 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:47 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:47 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:47 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:47 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:47 executing program 3: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:47 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:47 executing program 3: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 475.404376] FAULT_FLAG_ALLOW_RETRY missing 30 [ 475.409670] CPU: 1 PID: 23285 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 475.417042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.426414] Call Trace: [ 475.429002] dump_stack+0x194/0x257 [ 475.432631] ? arch_local_irq_restore+0x53/0x53 [ 475.437306] ? handle_userfault+0x12b7/0x24c0 [ 475.441805] handle_userfault+0x12fa/0x24c0 [ 475.446122] ? handle_userfault+0x150b/0x24c0 [ 475.450617] ? userfaultfd_ioctl+0x4520/0x4520 [ 475.455196] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 475.460386] ? __lock_is_held+0xb6/0x140 [ 475.464462] ? print_irqtrace_events+0x270/0x270 [ 475.469211] ? print_irqtrace_events+0x270/0x270 [ 475.473957] ? get_user_pages_fast+0x277/0x340 [ 475.478529] ? switched_to_fair+0xb0/0xb0 [ 475.482666] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 475.487677] ? trace_hardirqs_on+0xd/0x10 [ 475.491818] ? get_user_pages_fast+0x14e/0x340 [ 475.496388] ? pick_next_entity+0x197/0x400 [ 475.500686] ? __lock_acquire+0x664/0x3e00 [ 475.504895] ? check_noncircular+0x20/0x20 [ 475.509101] ? __lock_acquire+0x664/0x3e00 [ 475.513321] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 475.518482] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 475.523645] ? find_held_lock+0x35/0x1d0 [ 475.527695] ? __handle_mm_fault+0x3296/0x3ce0 [ 475.532250] ? lock_downgrade+0x980/0x980 [ 475.536375] ? lock_release+0xa40/0xa40 [ 475.540323] ? copy_overflow+0x20/0x20 [ 475.544184] ? do_raw_spin_trylock+0x190/0x190 [ 475.548738] ? userfaultfd_ctx_put+0x740/0x740 [ 475.553301] __handle_mm_fault+0x32a3/0x3ce0 [ 475.557686] ? __pmd_alloc+0x4e0/0x4e0 [ 475.561546] ? print_irqtrace_events+0x270/0x270 [ 475.566278] ? find_held_lock+0x35/0x1d0 [ 475.570317] ? handle_mm_fault+0x248/0x8d0 [ 475.574523] ? lock_downgrade+0x980/0x980 [ 475.578664] handle_mm_fault+0x334/0x8d0 [ 475.582696] ? down_read+0x96/0x150 [ 475.586300] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 475.590853] ? vmacache_find+0x5f/0x280 [ 475.594803] ? find_vma+0x30/0x150 [ 475.598321] __do_page_fault+0x5c9/0xc90 [ 475.602363] ? mm_fault_error+0x2c0/0x2c0 [ 475.606483] ? find_held_lock+0x35/0x1d0 [ 475.610521] do_page_fault+0xee/0x720 [ 475.614297] ? __do_page_fault+0xc90/0xc90 [ 475.618504] ? lock_release+0xa40/0xa40 [ 475.622455] ? do_raw_spin_trylock+0x190/0x190 [ 475.627029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 475.631862] page_fault+0x2c/0x60 [ 475.635290] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 475.641054] RSP: 0018:ffff8801a6997928 EFLAGS: 00010246 [ 475.646390] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 475.653630] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801a6997d28 [ 475.660870] RBP: ffff8801a6997a08 R08: 0000000000000000 R09: 1ffff10034d32ee7 [ 475.668116] R10: ffff8801a6997858 R11: 0000000000000003 R12: 1ffff10034d32f28 [ 475.675356] R13: ffff8801a69979e0 R14: 0000000000000000 R15: ffff8801a6997d20 [ 475.682638] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 475.687806] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 475.692972] ? iov_iter_revert+0x9d0/0x9d0 [ 475.697182] ? mark_held_locks+0xaf/0x100 [ 475.701301] ? simple_xattr_get+0xeb/0x160 [ 475.705510] ? current_kernel_time64+0x122/0x2f0 [ 475.710242] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 475.715234] generic_perform_write+0x200/0x600 [ 475.719807] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 475.725056] ? generic_update_time+0x1b2/0x270 [ 475.729612] ? __mnt_drop_write_file+0xd/0x70 [ 475.734079] ? file_update_time+0xbf/0x470 [ 475.738297] ? current_time+0xc0/0xc0 [ 475.742076] ? down_write+0x87/0x120 [ 475.745802] __generic_file_write_iter+0x366/0x5b0 [ 475.750705] ? check_noncircular+0x20/0x20 [ 475.754916] generic_file_write_iter+0x399/0x790 [ 475.759649] ? __generic_file_write_iter+0x5b0/0x5b0 [ 475.764727] ? iov_iter_init+0xaf/0x1d0 [ 475.768688] __vfs_write+0x684/0x970 [ 475.772371] ? lock_acquire+0x1d5/0x580 [ 475.776320] ? kernel_read+0x120/0x120 [ 475.780199] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 475.784927] ? __sb_start_write+0x209/0x2a0 [ 475.789225] vfs_write+0x189/0x510 [ 475.792744] SyS_write+0xef/0x220 [ 475.796172] ? SyS_read+0x220/0x220 [ 475.799769] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 475.804759] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 475.809494] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 475.814219] RIP: 0033:0x452e39 [ 475.817382] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 475.825063] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 475.832302] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 [ 475.839542] RBP: 0000000000000315 R08: 0000000000000000 R09: 0000000000000000 [ 475.846791] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2a98 [ 475.854036] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 475.924459] FAULT_FLAG_ALLOW_RETRY missing 30 [ 475.929043] CPU: 1 PID: 23285 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 475.936394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.945732] Call Trace: [ 475.948307] dump_stack+0x194/0x257 [ 475.951922] ? arch_local_irq_restore+0x53/0x53 [ 475.956569] ? handle_userfault+0x12b7/0x24c0 [ 475.961045] handle_userfault+0x12fa/0x24c0 [ 475.965338] ? handle_userfault+0x150b/0x24c0 [ 475.969818] ? userfaultfd_ioctl+0x4520/0x4520 [ 475.974378] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 475.979547] ? check_noncircular+0x20/0x20 [ 475.983751] ? lock_acquire+0xe0/0x580 [ 475.987609] ? lock_acquire+0x1d5/0x580 [ 475.991557] ? pick_next_task_fair+0xdc0/0x16b0 [ 475.996203] ? print_irqtrace_events+0x270/0x270 [ 476.000936] ? print_irqtrace_events+0x270/0x270 [ 476.005667] ? find_held_lock+0x35/0x1d0 [ 476.009706] ? __update_idle_core+0x305/0x600 [ 476.014178] ? __lock_acquire+0x664/0x3e00 [ 476.018383] ? check_noncircular+0x20/0x20 [ 476.022589] ? __lock_acquire+0x664/0x3e00 [ 476.026818] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 476.031980] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 476.037145] ? find_held_lock+0x35/0x1d0 [ 476.041191] ? __handle_mm_fault+0x3296/0x3ce0 [ 476.045747] ? lock_downgrade+0x980/0x980 [ 476.049869] ? lock_release+0xa40/0xa40 [ 476.053819] ? copy_overflow+0x20/0x20 [ 476.057681] ? do_raw_spin_trylock+0x190/0x190 [ 476.062238] ? userfaultfd_ctx_put+0x740/0x740 [ 476.066803] __handle_mm_fault+0x32a3/0x3ce0 [ 476.071188] ? __pmd_alloc+0x4e0/0x4e0 [ 476.075048] ? plist_check_head+0xe2/0x130 [ 476.079260] ? find_held_lock+0x35/0x1d0 [ 476.083303] ? handle_mm_fault+0x248/0x8d0 [ 476.087510] ? lock_downgrade+0x980/0x980 [ 476.091651] handle_mm_fault+0x334/0x8d0 [ 476.095695] ? down_read+0x96/0x150 [ 476.099298] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 476.103851] ? vmacache_find+0x5f/0x280 [ 476.107802] ? find_vma+0x30/0x150 [ 476.111323] __do_page_fault+0x5c9/0xc90 [ 476.115377] ? mm_fault_error+0x2c0/0x2c0 [ 476.119527] ? get_futex_value_locked+0xc3/0xf0 [ 476.124181] do_page_fault+0xee/0x720 [ 476.127959] ? __do_page_fault+0xc90/0xc90 [ 476.132171] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 476.137364] ? check_noncircular+0x20/0x20 [ 476.141577] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 476.146655] ? futex_wait+0x6a9/0x9a0 [ 476.150435] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 476.155276] page_fault+0x2c/0x60 [ 476.158722] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 476.164490] RSP: 0018:ffff8801a6997928 EFLAGS: 00010246 [ 476.169838] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 476.177081] RDX: 0000000000000084 RSI: ffffc900020bb000 RDI: ffff8801a6997d28 [ 476.184354] RBP: ffff8801a6997a08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 476.191599] R10: ffff8801a6997a50 R11: 0000000000000000 R12: 1ffff10034d32f28 [ 476.198842] R13: ffff8801a69979e0 R14: 0000000000000000 R15: ffff8801a6997d20 [ 476.206108] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 476.211278] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 476.216443] ? iov_iter_revert+0x9d0/0x9d0 [ 476.220662] ? mark_held_locks+0xaf/0x100 [ 476.224783] ? current_kernel_time64+0x122/0x2f0 [ 476.229515] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 476.234513] generic_perform_write+0x200/0x600 [ 476.239072] ? lock_acquire+0x1d5/0x580 [ 476.243043] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 476.248307] ? current_time+0x88/0xc0 [ 476.252083] ? file_update_time+0xbf/0x470 [ 476.256295] ? current_time+0xc0/0xc0 [ 476.260077] ? down_write+0x87/0x120 [ 476.263770] __generic_file_write_iter+0x366/0x5b0 [ 476.268674] ? check_noncircular+0x20/0x20 [ 476.272897] generic_file_write_iter+0x399/0x790 [ 476.277631] ? __generic_file_write_iter+0x5b0/0x5b0 [ 476.282709] ? iov_iter_init+0xaf/0x1d0 [ 476.286660] __vfs_write+0x684/0x970 [ 476.290346] ? lock_acquire+0x1d5/0x580 [ 476.294298] ? kernel_read+0x120/0x120 [ 476.298188] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 476.302930] ? __sb_start_write+0x209/0x2a0 [ 476.307228] vfs_write+0x189/0x510 [ 476.310747] SyS_write+0xef/0x220 [ 476.314187] ? SyS_read+0x220/0x220 [ 476.317797] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 476.322787] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 476.327538] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 476.332267] RIP: 0033:0x452e39 [ 476.335428] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 476.343112] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 476.350354] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 [ 476.357604] RBP: 0000000000000317 R08: 0000000000000000 R09: 0000000000000000 [ 476.364847] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2ac8 2018/01/17 19:07:48 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:48 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:48 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000572000-0x8c)={0x0, @in6={{0xa, 0x2, 0x71, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @loopback=0x7f000001}, 0x1}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, &(0x7f0000ffa000-0x4)=0x8c) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000cd1000)={r3, 0x6}, &(0x7f000055a000-0x4)=0x8) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:48 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:48 executing program 3: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:48 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:48 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:48 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:48 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 476.372092] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:48 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000741000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') getsockname$netrom(r0, &(0x7f0000643000-0x10)=@ax25={0x0, {""/7}, 0x0}, &(0x7f000070a000)=0x10) ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) getpeername(r0, &(0x7f0000778000)=@can={0x0, 0x0, 0x0, 0x0}, &(0x7f0000c0c000-0x4)=0x10) 2018/01/17 19:07:48 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:48 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:48 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:48 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:48 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:48 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:48 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:48 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 476.469844] FAULT_FLAG_ALLOW_RETRY missing 30 [ 476.475107] CPU: 0 PID: 23327 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 476.482482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.491828] Call Trace: [ 476.494414] dump_stack+0x194/0x257 [ 476.498047] ? arch_local_irq_restore+0x53/0x53 [ 476.502720] ? handle_userfault+0x12b7/0x24c0 [ 476.507226] handle_userfault+0x12fa/0x24c0 [ 476.511544] ? handle_userfault+0x150b/0x24c0 [ 476.516043] ? userfaultfd_ioctl+0x4520/0x4520 [ 476.520616] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 476.525798] ? __lock_is_held+0xb6/0x140 [ 476.529853] ? print_irqtrace_events+0x270/0x270 [ 476.534590] ? print_irqtrace_events+0x270/0x270 [ 476.539323] ? get_user_pages_fast+0x277/0x340 [ 476.543878] ? switched_to_fair+0xb0/0xb0 [ 476.547999] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 476.553003] ? trace_hardirqs_on+0xd/0x10 [ 476.557135] ? get_user_pages_fast+0x14e/0x340 [ 476.561697] ? pick_next_entity+0x197/0x400 [ 476.566002] ? __lock_acquire+0x664/0x3e00 [ 476.570219] ? check_noncircular+0x20/0x20 [ 476.574426] ? __lock_acquire+0x664/0x3e00 [ 476.578645] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 476.583818] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 476.588992] ? find_held_lock+0x35/0x1d0 [ 476.593053] ? __handle_mm_fault+0x3296/0x3ce0 [ 476.597611] ? lock_downgrade+0x980/0x980 [ 476.601737] ? lock_release+0xa40/0xa40 [ 476.605687] ? copy_overflow+0x20/0x20 [ 476.609548] ? do_raw_spin_trylock+0x190/0x190 [ 476.614103] ? userfaultfd_ctx_put+0x740/0x740 [ 476.618683] __handle_mm_fault+0x32a3/0x3ce0 [ 476.623096] ? __pmd_alloc+0x4e0/0x4e0 [ 476.626958] ? print_irqtrace_events+0x270/0x270 [ 476.631729] ? find_held_lock+0x35/0x1d0 [ 476.635774] ? handle_mm_fault+0x248/0x8d0 [ 476.639981] ? lock_downgrade+0x980/0x980 [ 476.644123] handle_mm_fault+0x334/0x8d0 [ 476.648164] ? down_read+0x96/0x150 [ 476.651774] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 476.656326] ? vmacache_find+0x5f/0x280 [ 476.660276] ? find_vma+0x30/0x150 [ 476.663794] __do_page_fault+0x5c9/0xc90 [ 476.667862] ? mm_fault_error+0x2c0/0x2c0 [ 476.671990] ? find_held_lock+0x35/0x1d0 [ 476.676044] do_page_fault+0xee/0x720 [ 476.679819] ? __do_page_fault+0xc90/0xc90 [ 476.684037] ? lock_release+0xa40/0xa40 [ 476.687990] ? do_raw_spin_trylock+0x190/0x190 [ 476.692556] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 476.697392] page_fault+0x2c/0x60 [ 476.700829] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 476.706594] RSP: 0018:ffff8801b0d8f928 EFLAGS: 00010246 [ 476.711928] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 476.719173] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b0d8fd28 [ 476.726414] RBP: ffff8801b0d8fa08 R08: 0000000000000000 R09: 1ffff100361b1ee7 [ 476.733659] R10: ffff8801b0d8f858 R11: 0000000000000003 R12: 1ffff100361b1f28 [ 476.740907] R13: ffff8801b0d8f9e0 R14: 0000000000000000 R15: ffff8801b0d8fd20 [ 476.748175] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 476.753344] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 476.758509] ? iov_iter_revert+0x9d0/0x9d0 [ 476.762736] ? mark_held_locks+0xaf/0x100 [ 476.766867] ? simple_xattr_get+0xeb/0x160 [ 476.771080] ? current_kernel_time64+0x122/0x2f0 [ 476.775817] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 476.780825] generic_perform_write+0x200/0x600 [ 476.785396] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 476.790649] ? generic_update_time+0x1b2/0x270 [ 476.795210] ? __mnt_drop_write_file+0xd/0x70 [ 476.799683] ? file_update_time+0xbf/0x470 [ 476.803895] ? current_time+0xc0/0xc0 [ 476.807677] ? down_write+0x87/0x120 [ 476.811368] __generic_file_write_iter+0x366/0x5b0 [ 476.816272] ? check_noncircular+0x20/0x20 [ 476.820487] generic_file_write_iter+0x399/0x790 [ 476.825219] ? __generic_file_write_iter+0x5b0/0x5b0 [ 476.830301] ? iov_iter_init+0xaf/0x1d0 [ 476.834251] __vfs_write+0x684/0x970 [ 476.837937] ? lock_acquire+0x1d5/0x580 [ 476.841887] ? kernel_read+0x120/0x120 [ 476.845767] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 476.850495] ? __sb_start_write+0x209/0x2a0 [ 476.854793] vfs_write+0x189/0x510 [ 476.858326] SyS_write+0xef/0x220 [ 476.861762] ? SyS_read+0x220/0x220 [ 476.865362] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 476.870352] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 476.875102] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 476.879830] RIP: 0033:0x452e39 [ 476.882992] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 476.890677] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 476.897920] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 [ 476.905164] RBP: 0000000000000062 R08: 0000000000000000 R09: 0000000000000000 [ 476.912408] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee9d0 [ 476.919653] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 476.929489] FAULT_FLAG_ALLOW_RETRY missing 30 [ 476.934442] CPU: 1 PID: 23334 Comm: syz-executor4 Not tainted 4.15.0-rc8+ #265 [ 476.941798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.946433] FAULT_FLAG_ALLOW_RETRY missing 30 [ 476.955625] Call Trace: [ 476.958200] dump_stack+0x194/0x257 [ 476.961814] ? arch_local_irq_restore+0x53/0x53 [ 476.966473] ? handle_userfault+0x12b7/0x24c0 [ 476.970955] handle_userfault+0x12fa/0x24c0 [ 476.975256] ? handle_userfault+0x150b/0x24c0 [ 476.979749] ? userfaultfd_ioctl+0x4520/0x4520 [ 476.984315] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 476.989498] ? find_held_lock+0x35/0x1d0 [ 476.993545] ? print_irqtrace_events+0x270/0x270 [ 476.998282] ? print_irqtrace_events+0x270/0x270 [ 477.003018] ? cpuacct_charge+0x2e6/0x5c0 [ 477.007157] ? find_held_lock+0x35/0x1d0 [ 477.011222] ? __lock_acquire+0x664/0x3e00 [ 477.015437] ? check_noncircular+0x20/0x20 [ 477.019649] ? __lock_acquire+0x664/0x3e00 [ 477.023866] ? lock_release+0xa40/0xa40 [ 477.027832] ? __lock_is_held+0xb6/0x140 [ 477.031886] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 477.037058] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 477.042235] ? find_held_lock+0x35/0x1d0 [ 477.046290] ? __handle_mm_fault+0x3296/0x3ce0 [ 477.050854] ? lock_downgrade+0x980/0x980 [ 477.054988] ? lock_release+0xa40/0xa40 [ 477.058948] ? update_cfs_rq_load_avg.part.69+0x2d0/0x2d0 [ 477.064469] ? do_raw_spin_trylock+0x190/0x190 [ 477.069038] ? userfaultfd_ctx_put+0x740/0x740 [ 477.073620] __handle_mm_fault+0x32a3/0x3ce0 [ 477.078019] ? __pmd_alloc+0x4e0/0x4e0 [ 477.081889] ? print_irqtrace_events+0x270/0x270 [ 477.086640] ? find_held_lock+0x35/0x1d0 [ 477.090693] ? handle_mm_fault+0x248/0x8d0 [ 477.094911] ? lock_downgrade+0x980/0x980 [ 477.099077] handle_mm_fault+0x334/0x8d0 [ 477.103120] ? down_read+0x96/0x150 [ 477.106733] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 477.111301] ? vmacache_find+0x5f/0x280 [ 477.115264] ? find_vma+0x30/0x150 [ 477.118791] __do_page_fault+0x5c9/0xc90 [ 477.122846] ? mm_fault_error+0x2c0/0x2c0 [ 477.126975] ? find_held_lock+0x35/0x1d0 [ 477.131031] do_page_fault+0xee/0x720 [ 477.134817] ? __do_page_fault+0xc90/0xc90 [ 477.139039] ? lock_release+0xa40/0xa40 [ 477.143005] ? do_raw_spin_trylock+0x190/0x190 [ 477.147594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 477.152430] page_fault+0x2c/0x60 [ 477.155864] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 477.161636] RSP: 0018:ffff8801c525f928 EFLAGS: 00010246 [ 477.166979] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 477.174230] RDX: 000000000000010b RSI: ffffc900038eb000 RDI: ffff8801c525fd28 [ 477.181478] RBP: ffff8801c525fa08 R08: 0000000000000000 R09: 1ffff10038a4bee7 [ 477.188727] R10: ffff8801c525f858 R11: 0000000000000003 R12: 1ffff10038a4bf28 [ 477.195976] R13: ffff8801c525f9e0 R14: 0000000000000000 R15: ffff8801c525fd20 [ 477.203247] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 477.208427] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 477.213604] ? iov_iter_revert+0x9d0/0x9d0 [ 477.217828] ? mark_held_locks+0xaf/0x100 [ 477.221955] ? simple_xattr_get+0xeb/0x160 [ 477.226176] ? current_kernel_time64+0x122/0x2f0 [ 477.230915] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 477.235922] generic_perform_write+0x200/0x600 [ 477.240508] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 477.245769] ? generic_update_time+0x1b2/0x270 [ 477.250334] ? __mnt_drop_write_file+0xd/0x70 [ 477.254811] ? file_update_time+0xbf/0x470 [ 477.259032] ? current_time+0xc0/0xc0 [ 477.262821] ? down_write+0x87/0x120 [ 477.266528] __generic_file_write_iter+0x366/0x5b0 [ 477.271437] ? check_noncircular+0x20/0x20 [ 477.275661] generic_file_write_iter+0x399/0x790 [ 477.280411] ? __generic_file_write_iter+0x5b0/0x5b0 [ 477.285501] ? iov_iter_init+0xaf/0x1d0 [ 477.289463] __vfs_write+0x684/0x970 [ 477.293157] ? lock_acquire+0x1d5/0x580 [ 477.297122] ? kernel_read+0x120/0x120 [ 477.301027] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 477.305767] ? __sb_start_write+0x209/0x2a0 [ 477.310078] vfs_write+0x189/0x510 [ 477.313615] SyS_write+0xef/0x220 [ 477.317056] ? SyS_read+0x220/0x220 [ 477.320664] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 477.325675] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 477.330425] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 477.335162] RIP: 0033:0x452e39 [ 477.338330] RSP: 002b:00007f1a8b1fec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 477.346021] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 477.353272] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 [ 477.360520] RBP: 0000000000000062 R08: 0000000000000000 R09: 0000000000000000 [ 477.367775] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee9d0 [ 477.375026] R13: 00000000ffffffff R14: 00007f1a8b1ff6d4 R15: 0000000000000000 [ 477.382307] CPU: 0 PID: 23327 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 477.389668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.399016] Call Trace: [ 477.401596] dump_stack+0x194/0x257 [ 477.405208] ? arch_local_irq_restore+0x53/0x53 [ 477.409855] ? handle_userfault+0x12b7/0x24c0 [ 477.414328] handle_userfault+0x12fa/0x24c0 [ 477.418636] ? handle_userfault+0x150b/0x24c0 [ 477.423115] ? userfaultfd_ioctl+0x4520/0x4520 [ 477.427670] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 477.432832] ? find_held_lock+0x35/0x1d0 [ 477.436865] ? check_noncircular+0x20/0x20 [ 477.441078] ? print_irqtrace_events+0x270/0x270 [ 477.445805] ? print_irqtrace_events+0x270/0x270 [ 477.450533] ? find_held_lock+0x35/0x1d0 [ 477.454572] ? __update_idle_core+0x305/0x600 [ 477.459056] ? __lock_acquire+0x664/0x3e00 [ 477.463263] ? check_noncircular+0x20/0x20 [ 477.467468] ? __lock_acquire+0x664/0x3e00 [ 477.471688] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 477.476849] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 477.482023] ? find_held_lock+0x35/0x1d0 [ 477.486068] ? __handle_mm_fault+0x3296/0x3ce0 [ 477.490624] ? lock_downgrade+0x980/0x980 [ 477.494745] ? lock_release+0xa40/0xa40 [ 477.498694] ? copy_overflow+0x20/0x20 [ 477.502565] ? do_raw_spin_trylock+0x190/0x190 [ 477.507120] ? userfaultfd_ctx_put+0x740/0x740 [ 477.511687] __handle_mm_fault+0x32a3/0x3ce0 [ 477.516071] ? __pmd_alloc+0x4e0/0x4e0 [ 477.519932] ? plist_check_head+0xe2/0x130 [ 477.524146] ? find_held_lock+0x35/0x1d0 [ 477.528189] ? handle_mm_fault+0x248/0x8d0 [ 477.532397] ? lock_downgrade+0x980/0x980 [ 477.536537] handle_mm_fault+0x334/0x8d0 [ 477.540580] ? down_read+0x96/0x150 [ 477.544191] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 477.548744] ? vmacache_find+0x5f/0x280 [ 477.552697] ? find_vma+0x30/0x150 [ 477.556213] __do_page_fault+0x5c9/0xc90 [ 477.560263] ? mm_fault_error+0x2c0/0x2c0 [ 477.564384] ? get_futex_value_locked+0xc3/0xf0 [ 477.569043] do_page_fault+0xee/0x720 [ 477.572818] ? __do_page_fault+0xc90/0xc90 [ 477.577034] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 477.582204] ? check_noncircular+0x20/0x20 [ 477.586408] ? __lock_acquire+0x664/0x3e00 [ 477.590617] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 477.595694] ? futex_wait+0x6a9/0x9a0 [ 477.599475] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 477.604298] page_fault+0x2c/0x60 [ 477.607745] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 477.613602] RSP: 0018:ffff8801b0d8f928 EFLAGS: 00010246 [ 477.618939] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 477.626181] RDX: 0000000000000084 RSI: ffffc900020bb000 RDI: ffff8801b0d8fd28 [ 477.633433] RBP: ffff8801b0d8fa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 477.640677] R10: ffff8801b0d8fa50 R11: 0000000000000000 R12: 1ffff100361b1f28 [ 477.647919] R13: ffff8801b0d8f9e0 R14: 0000000000000000 R15: ffff8801b0d8fd20 [ 477.655183] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 477.660352] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 477.665517] ? iov_iter_revert+0x9d0/0x9d0 [ 477.669731] ? mark_held_locks+0xaf/0x100 [ 477.673854] ? current_kernel_time64+0x122/0x2f0 [ 477.678590] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 477.683600] generic_perform_write+0x200/0x600 [ 477.688158] ? lock_acquire+0x1d5/0x580 [ 477.692114] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 477.697363] ? current_time+0x88/0xc0 [ 477.701141] ? file_update_time+0xbf/0x470 [ 477.705352] ? current_time+0xc0/0xc0 [ 477.709129] ? down_write+0x87/0x120 [ 477.712819] __generic_file_write_iter+0x366/0x5b0 [ 477.717721] ? check_noncircular+0x20/0x20 [ 477.721932] generic_file_write_iter+0x399/0x790 [ 477.726666] ? __generic_file_write_iter+0x5b0/0x5b0 [ 477.731759] ? iov_iter_init+0xaf/0x1d0 [ 477.735711] __vfs_write+0x684/0x970 [ 477.739397] ? lock_acquire+0x1d5/0x580 [ 477.743347] ? kernel_read+0x120/0x120 [ 477.747228] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 477.751956] ? __sb_start_write+0x209/0x2a0 [ 477.756253] vfs_write+0x189/0x510 [ 477.759771] SyS_write+0xef/0x220 [ 477.763199] ? SyS_read+0x220/0x220 [ 477.766796] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 477.771786] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 477.776524] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 477.781250] RIP: 0033:0x452e39 [ 477.784412] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 477.792091] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 477.799335] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 [ 477.806577] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 477.813824] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 2018/01/17 19:07:49 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:49 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000afc000)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x946}) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') recvmsg(r0, &(0x7f0000b9d000)={&(0x7f00007a4000-0x10)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random=""/6, [0x0, 0x0]}, 0x10, &(0x7f0000306000-0x60)=[{&(0x7f000098f000)=""/165, 0xa5}, {&(0x7f0000eae000)=""/193, 0xc1}, {&(0x7f00007a2000)=""/223, 0xdf}, {&(0x7f0000be9000-0x81)=""/129, 0x81}, {&(0x7f0000755000-0x80)=""/128, 0x80}, {&(0x7f0000845000)=""/115, 0x73}], 0x6, &(0x7f0000fe7000)=""/178, 0xb2, 0x80}, 0x10000) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:49 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:49 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:49 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:49 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:49 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r2, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:49 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 477.821066] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 477.947379] FAULT_FLAG_ALLOW_RETRY missing 30 [ 477.951983] CPU: 0 PID: 23366 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 477.959342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.968689] Call Trace: [ 477.971271] dump_stack+0x194/0x257 [ 477.974884] ? arch_local_irq_restore+0x53/0x53 [ 477.979535] ? handle_userfault+0x12b7/0x24c0 [ 477.984014] handle_userfault+0x12fa/0x24c0 [ 477.988315] ? handle_userfault+0x150b/0x24c0 [ 477.992803] ? userfaultfd_ioctl+0x4520/0x4520 [ 477.997373] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 478.002543] ? find_held_lock+0x35/0x1d0 [ 478.006598] ? print_irqtrace_events+0x270/0x270 [ 478.011342] ? print_irqtrace_events+0x270/0x270 [ 478.016083] ? cpuacct_charge+0x2e6/0x5c0 [ 478.020216] ? find_held_lock+0x35/0x1d0 [ 478.024261] ? __lock_acquire+0x664/0x3e00 [ 478.028468] ? check_noncircular+0x20/0x20 [ 478.032689] ? __lock_acquire+0x664/0x3e00 [ 478.036894] ? lock_release+0xa40/0xa40 [ 478.040842] ? __lock_is_held+0xb6/0x140 [ 478.044883] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 478.050047] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 478.055212] ? find_held_lock+0x35/0x1d0 [ 478.059256] ? __handle_mm_fault+0x3296/0x3ce0 [ 478.063822] ? lock_downgrade+0x980/0x980 [ 478.067951] ? lock_release+0xa40/0xa40 [ 478.071902] ? update_cfs_rq_load_avg.part.69+0x2d0/0x2d0 [ 478.077414] ? do_raw_spin_trylock+0x190/0x190 [ 478.081970] ? userfaultfd_ctx_put+0x740/0x740 [ 478.086555] __handle_mm_fault+0x32a3/0x3ce0 [ 478.090944] ? __pmd_alloc+0x4e0/0x4e0 [ 478.094805] ? print_irqtrace_events+0x270/0x270 [ 478.099543] ? find_held_lock+0x35/0x1d0 [ 478.103598] ? handle_mm_fault+0x248/0x8d0 [ 478.107810] ? lock_downgrade+0x980/0x980 [ 478.111953] handle_mm_fault+0x334/0x8d0 [ 478.115988] ? down_read+0x96/0x150 [ 478.119590] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 478.124144] ? vmacache_find+0x5f/0x280 [ 478.128097] ? find_vma+0x30/0x150 [ 478.131618] __do_page_fault+0x5c9/0xc90 [ 478.135660] ? mm_fault_error+0x2c0/0x2c0 [ 478.139782] ? find_held_lock+0x35/0x1d0 [ 478.143825] do_page_fault+0xee/0x720 [ 478.147599] ? __do_page_fault+0xc90/0xc90 [ 478.151809] ? lock_release+0xa40/0xa40 [ 478.155762] ? do_raw_spin_trylock+0x190/0x190 [ 478.160327] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 478.165148] page_fault+0x2c/0x60 [ 478.168575] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 478.174340] RSP: 0018:ffff8801cfc0f928 EFLAGS: 00010246 [ 478.179676] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 478.186927] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801cfc0fd28 [ 478.194175] RBP: ffff8801cfc0fa08 R08: 0000000000000000 R09: 1ffff10039f81ee7 [ 478.201418] R10: ffff8801cfc0f858 R11: 0000000000000003 R12: 1ffff10039f81f28 [ 478.208672] R13: ffff8801cfc0f9e0 R14: 0000000000000000 R15: ffff8801cfc0fd20 [ 478.215932] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 478.221109] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 478.226283] ? iov_iter_revert+0x9d0/0x9d0 [ 478.230507] ? mark_held_locks+0xaf/0x100 [ 478.234634] ? simple_xattr_get+0xeb/0x160 [ 478.238853] ? current_kernel_time64+0x122/0x2f0 [ 478.243582] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 478.248585] generic_perform_write+0x200/0x600 [ 478.253155] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 478.258405] ? generic_update_time+0x1b2/0x270 [ 478.262962] ? __mnt_drop_write_file+0xd/0x70 [ 478.267434] ? file_update_time+0xbf/0x470 [ 478.271652] ? current_time+0xc0/0xc0 [ 478.275432] ? down_write+0x87/0x120 [ 478.279123] __generic_file_write_iter+0x366/0x5b0 [ 478.284033] ? check_noncircular+0x20/0x20 [ 478.288248] generic_file_write_iter+0x399/0x790 [ 478.292991] ? __generic_file_write_iter+0x5b0/0x5b0 [ 478.298507] ? iov_iter_init+0xaf/0x1d0 [ 478.302459] __vfs_write+0x684/0x970 [ 478.306145] ? lock_acquire+0x1d5/0x580 [ 478.310097] ? kernel_read+0x120/0x120 [ 478.313975] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 478.318703] ? __sb_start_write+0x209/0x2a0 [ 478.323003] vfs_write+0x189/0x510 [ 478.326533] SyS_write+0xef/0x220 [ 478.329962] ? SyS_read+0x220/0x220 [ 478.333563] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 478.338567] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 478.343315] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 478.348043] RIP: 0033:0x452e39 [ 478.351204] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 478.359204] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 478.366448] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 478.373689] RBP: 0000000000000062 R08: 0000000000000000 R09: 0000000000000000 [ 478.380930] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee9d0 [ 478.388176] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 478.429686] FAULT_FLAG_ALLOW_RETRY missing 30 [ 478.434246] CPU: 0 PID: 23381 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 478.441595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.450926] Call Trace: [ 478.453486] dump_stack+0x194/0x257 [ 478.457090] ? arch_local_irq_restore+0x53/0x53 [ 478.461737] ? handle_userfault+0x12b7/0x24c0 [ 478.466210] handle_userfault+0x12fa/0x24c0 [ 478.470502] ? handle_userfault+0x150b/0x24c0 [ 478.474981] ? userfaultfd_ioctl+0x4520/0x4520 [ 478.479537] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 478.484700] ? check_noncircular+0x20/0x20 [ 478.488907] ? lock_acquire+0xe0/0x580 [ 478.492766] ? lock_acquire+0x1d5/0x580 [ 478.496710] ? pick_next_task_fair+0xdc0/0x16b0 [ 478.501351] ? print_irqtrace_events+0x270/0x270 [ 478.506078] ? print_irqtrace_events+0x270/0x270 [ 478.510808] ? find_held_lock+0x35/0x1d0 [ 478.514850] ? __update_idle_core+0x305/0x600 [ 478.519321] ? __lock_acquire+0x664/0x3e00 [ 478.523529] ? check_noncircular+0x20/0x20 [ 478.527734] ? __lock_acquire+0x664/0x3e00 [ 478.531951] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 478.537115] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 478.542279] ? find_held_lock+0x35/0x1d0 [ 478.546320] ? __handle_mm_fault+0x3296/0x3ce0 [ 478.550873] ? lock_downgrade+0x980/0x980 [ 478.554994] ? lock_release+0xa40/0xa40 [ 478.558947] ? copy_overflow+0x20/0x20 [ 478.562807] ? do_raw_spin_trylock+0x190/0x190 [ 478.567361] ? userfaultfd_ctx_put+0x740/0x740 [ 478.571922] __handle_mm_fault+0x32a3/0x3ce0 [ 478.576310] ? __pmd_alloc+0x4e0/0x4e0 [ 478.580172] ? plist_check_head+0xe2/0x130 [ 478.584380] ? find_held_lock+0x35/0x1d0 [ 478.588423] ? handle_mm_fault+0x248/0x8d0 [ 478.592634] ? lock_downgrade+0x980/0x980 [ 478.596773] handle_mm_fault+0x334/0x8d0 [ 478.600806] ? down_read+0x96/0x150 [ 478.604405] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 478.608957] ? vmacache_find+0x5f/0x280 [ 478.612908] ? find_vma+0x30/0x150 [ 478.616422] __do_page_fault+0x5c9/0xc90 [ 478.620464] ? mm_fault_error+0x2c0/0x2c0 [ 478.624585] ? check_noncircular+0x20/0x20 [ 478.628792] ? get_futex_value_locked+0xc3/0xf0 [ 478.633437] do_page_fault+0xee/0x720 [ 478.637208] ? __do_page_fault+0xc90/0xc90 [ 478.641414] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 478.646582] ? __lock_is_held+0xb6/0x140 [ 478.650631] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 478.655453] page_fault+0x2c/0x60 [ 478.658878] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 478.664643] RSP: 0018:ffff8801b0f3f928 EFLAGS: 00010246 [ 478.669983] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 478.677223] RDX: 00000000000000b0 RSI: ffffc9000213c000 RDI: ffff8801b0f3fd28 [ 478.684461] RBP: ffff8801b0f3fa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 478.691700] R10: ffff8801b0f3fa50 R11: 0000000000000000 R12: 1ffff100361e7f28 [ 478.698942] R13: ffff8801b0f3f9e0 R14: 0000000000000000 R15: ffff8801b0f3fd20 [ 478.706194] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 478.711360] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 478.716521] ? iov_iter_revert+0x9d0/0x9d0 [ 478.720730] ? mark_held_locks+0xaf/0x100 [ 478.724849] ? current_kernel_time64+0x122/0x2f0 [ 478.729579] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 478.734570] generic_perform_write+0x200/0x600 [ 478.739125] ? lock_acquire+0x1d5/0x580 [ 478.743079] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 478.748324] ? generic_update_time+0x1b2/0x270 [ 478.752881] ? __mnt_drop_write_file+0xd/0x70 [ 478.757349] ? file_update_time+0xbf/0x470 [ 478.761560] ? current_time+0xc0/0xc0 [ 478.765336] ? down_write+0x87/0x120 [ 478.769034] __generic_file_write_iter+0x366/0x5b0 [ 478.773935] ? check_noncircular+0x20/0x20 [ 478.778155] generic_file_write_iter+0x399/0x790 [ 478.782885] ? __generic_file_write_iter+0x5b0/0x5b0 [ 478.787962] ? iov_iter_init+0xaf/0x1d0 [ 478.791910] __vfs_write+0x684/0x970 [ 478.795600] ? lock_acquire+0x1d5/0x580 [ 478.799551] ? kernel_read+0x120/0x120 [ 478.803431] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 478.808157] ? __sb_start_write+0x209/0x2a0 [ 478.812453] vfs_write+0x189/0x510 [ 478.815968] SyS_write+0xef/0x220 [ 478.819395] ? SyS_read+0x220/0x220 [ 478.822993] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 478.827986] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 478.832719] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 478.837444] RIP: 0033:0x452e39 [ 478.840605] RSP: 002b:00007efe3e585c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 478.848281] RAX: ffffffffffffffda RBX: 00007efe3e586700 RCX: 0000000000452e39 [ 478.855531] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 478.862770] RBP: 0000000000a2f870 R08: 0000000000000000 R09: 0000000000000000 [ 478.870012] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 2018/01/17 19:07:50 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:50 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:50 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:50 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:50 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:50 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f000011e000-0x4)=0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) sendto(r0, &(0x7f0000def000-0x1d)="3e769074d3671d3260e306836f1624219c416b17196ad5c491adcf016b", 0x1d, 0x48080, &(0x7f0000c37000)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:50 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000b76000-0xa)='./control\x00', 0x400180, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:50 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) 2018/01/17 19:07:50 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 478.877258] R13: 0000000000a2f7ef R14: 00007efe3e5869c0 R15: 000000000000000b 2018/01/17 19:07:50 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:50 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:50 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:50 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:50 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:51 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:51 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = socket$nfc_raw(0x27, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000735000)={0x5, 0x5, 0x5, 0x3, 0x1ec30e63383db73f, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x2c) accept$llc(r3, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r4 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000174000-0x30)={0x8, 0xff, 0x9c1, 0x200, 0x7, 0x68}) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r4, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f000011e000-0x4)=0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000224000-0x2c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) sendto(r0, &(0x7f0000def000-0x1d)="3e769074d3671d3260e306836f1624219c416b17196ad5c491adcf016b", 0x1d, 0x48080, &(0x7f0000c37000)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f000082a000)={0x0, 0x10, &(0x7f0000728000-0x68)=[@in={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, &(0x7f00008b7000)=0x10) sendto$inet6(r0, &(0x7f0000704000)='.', 0x1, 0x4000841, &(0x7f000086d000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) syz_open_dev$midi(&(0x7f0000c13000+0x8bc)='/dev/midi#\x00', 0xffffffffffffffed, 0x2000) 2018/01/17 19:07:51 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:51 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000cdc000)={0x1ff, 0x8202, 0x3000, 0xffffffffffff7fff, 0x0}, &(0x7f000017e000-0x4)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00009e8000-0xa0)={r2, @in={{0x2, 0x1, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40, 0x40, 0x0, 0x9, 0x5}, &(0x7f0000b61000)=0xa0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) syz_open_dev$sndpcmp(&(0x7f000090c000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) ioctl$TCFLSH(r0, 0x540b, 0x3) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00004d6000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f00006a5000)="e4da2cf2e2bb54457885cb2675e73ede1d629ea0f1592d1f7f1b89767fd4071a0c59883b8daf9a38919524890d5cdc5d887bb028965a50e51c70f486bfa411c8269b06f4466387d64ab3bec2a8ad69368784") 2018/01/17 19:07:51 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 479.004636] FAULT_FLAG_ALLOW_RETRY missing 30 [ 479.009804] CPU: 0 PID: 23408 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 479.017173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.026519] Call Trace: [ 479.029111] dump_stack+0x194/0x257 [ 479.032739] ? arch_local_irq_restore+0x53/0x53 [ 479.037416] ? handle_userfault+0x12b7/0x24c0 [ 479.041921] handle_userfault+0x12fa/0x24c0 [ 479.046235] ? handle_userfault+0x150b/0x24c0 [ 479.050741] ? userfaultfd_ioctl+0x4520/0x4520 [ 479.055319] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 479.060507] ? __lock_is_held+0xb6/0x140 [ 479.064582] ? print_irqtrace_events+0x270/0x270 [ 479.069334] ? print_irqtrace_events+0x270/0x270 [ 479.074084] ? get_user_pages_fast+0x277/0x340 [ 479.078664] ? switched_to_fair+0xb0/0xb0 [ 479.082805] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 479.087817] ? trace_hardirqs_on+0xd/0x10 [ 479.091964] ? get_user_pages_fast+0x14e/0x340 [ 479.096549] ? pick_next_entity+0x197/0x400 [ 479.100872] ? __lock_acquire+0x664/0x3e00 2018/01/17 19:07:51 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:51 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 479.105098] ? check_noncircular+0x20/0x20 [ 479.109328] ? __lock_acquire+0x664/0x3e00 [ 479.113587] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 479.119125] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 479.124328] ? find_held_lock+0x35/0x1d0 [ 479.128405] ? __handle_mm_fault+0x3296/0x3ce0 [ 479.132984] ? lock_downgrade+0x980/0x980 [ 479.137132] ? lock_release+0xa40/0xa40 [ 479.141101] ? copy_overflow+0x20/0x20 [ 479.144983] ? do_raw_spin_trylock+0x190/0x190 [ 479.149588] ? userfaultfd_ctx_put+0x740/0x740 [ 479.154190] __handle_mm_fault+0x32a3/0x3ce0 [ 479.158607] ? __pmd_alloc+0x4e0/0x4e0 [ 479.162501] ? print_irqtrace_events+0x270/0x270 [ 479.167266] ? find_held_lock+0x35/0x1d0 [ 479.171340] ? handle_mm_fault+0x248/0x8d0 [ 479.175580] ? lock_downgrade+0x980/0x980 [ 479.179768] handle_mm_fault+0x334/0x8d0 [ 479.183828] ? down_read+0x96/0x150 [ 479.187455] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 479.192048] ? vmacache_find+0x5f/0x280 [ 479.196026] ? find_vma+0x30/0x150 [ 479.199557] __do_page_fault+0x5c9/0xc90 [ 479.203615] ? mm_fault_error+0x2c0/0x2c0 [ 479.207748] ? find_held_lock+0x35/0x1d0 [ 479.211793] do_page_fault+0xee/0x720 [ 479.215581] ? __do_page_fault+0xc90/0xc90 [ 479.219805] ? lock_release+0xa40/0xa40 [ 479.223760] ? do_raw_spin_trylock+0x190/0x190 [ 479.228332] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 479.233172] page_fault+0x2c/0x60 [ 479.236614] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 479.242390] RSP: 0018:ffff8801c21b7928 EFLAGS: 00010246 [ 479.247728] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 479.254979] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801c21b7d28 [ 479.262228] RBP: ffff8801c21b7a08 R08: 0000000000000000 R09: 1ffff10038436ee7 [ 479.269476] R10: ffff8801c21b7858 R11: 0000000000000003 R12: 1ffff10038436f28 [ 479.276724] R13: ffff8801c21b79e0 R14: 0000000000000000 R15: ffff8801c21b7d20 [ 479.283989] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 479.289169] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 479.294342] ? iov_iter_revert+0x9d0/0x9d0 [ 479.298582] ? mark_held_locks+0xaf/0x100 [ 479.302711] ? simple_xattr_get+0xeb/0x160 [ 479.306933] ? current_kernel_time64+0x122/0x2f0 [ 479.311672] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 479.316680] generic_perform_write+0x200/0x600 [ 479.321261] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 479.326519] ? generic_update_time+0x1b2/0x270 [ 479.331097] ? __mnt_drop_write_file+0xd/0x70 [ 479.335579] ? file_update_time+0xbf/0x470 [ 479.339811] ? current_time+0xc0/0xc0 [ 479.343615] ? down_write+0x87/0x120 [ 479.347350] __generic_file_write_iter+0x366/0x5b0 [ 479.352277] ? check_noncircular+0x20/0x20 [ 479.356502] generic_file_write_iter+0x399/0x790 [ 479.361250] ? __generic_file_write_iter+0x5b0/0x5b0 [ 479.366333] ? iov_iter_init+0xaf/0x1d0 [ 479.370287] __vfs_write+0x684/0x970 [ 479.373975] ? lock_acquire+0x1d5/0x580 [ 479.377940] ? kernel_read+0x120/0x120 [ 479.381840] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 479.386574] ? __sb_start_write+0x209/0x2a0 [ 479.390875] vfs_write+0x189/0x510 [ 479.394399] SyS_write+0xef/0x220 [ 479.397830] ? SyS_read+0x220/0x220 [ 479.401432] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 479.406425] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 479.411184] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 479.415916] RIP: 0033:0x452e39 [ 479.419082] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 479.426775] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 479.434025] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 [ 479.441278] RBP: 00000000000003b3 R08: 0000000000000000 R09: 0000000000000000 [ 479.448527] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3968 2018/01/17 19:07:51 executing program 5 (fault-call:4 fault-nth:0): mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) [ 479.455779] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 479.492399] FAULT_FLAG_ALLOW_RETRY missing 30 [ 479.499179] CPU: 1 PID: 23419 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 479.506559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.515909] Call Trace: [ 479.518503] dump_stack+0x194/0x257 [ 479.522134] ? arch_local_irq_restore+0x53/0x53 [ 479.526815] ? handle_userfault+0x12b7/0x24c0 [ 479.531314] handle_userfault+0x12fa/0x24c0 [ 479.535630] ? handle_userfault+0x150b/0x24c0 [ 479.540123] ? userfaultfd_ioctl+0x4520/0x4520 [ 479.544676] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 479.549838] ? __lock_is_held+0xb6/0x140 [ 479.553883] ? print_irqtrace_events+0x270/0x270 [ 479.558613] ? print_irqtrace_events+0x270/0x270 [ 479.563520] ? get_user_pages_fast+0x277/0x340 [ 479.568078] ? switched_to_fair+0xb0/0xb0 [ 479.572201] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 479.577194] ? trace_hardirqs_on+0xd/0x10 [ 479.581317] ? get_user_pages_fast+0x14e/0x340 [ 479.585881] ? pick_next_entity+0x197/0x400 [ 479.590188] ? __lock_acquire+0x664/0x3e00 [ 479.594408] ? check_noncircular+0x20/0x20 [ 479.598620] ? __lock_acquire+0x664/0x3e00 [ 479.602846] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 479.608017] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 479.613190] ? find_held_lock+0x35/0x1d0 [ 479.617233] ? __handle_mm_fault+0x3296/0x3ce0 [ 479.621791] ? lock_downgrade+0x980/0x980 [ 479.625930] ? lock_release+0xa40/0xa40 [ 479.629881] ? copy_overflow+0x20/0x20 [ 479.633740] ? do_raw_spin_trylock+0x190/0x190 [ 479.638294] ? userfaultfd_ctx_put+0x740/0x740 [ 479.642861] __handle_mm_fault+0x32a3/0x3ce0 [ 479.647250] ? __pmd_alloc+0x4e0/0x4e0 [ 479.651111] ? print_irqtrace_events+0x270/0x270 [ 479.655846] ? find_held_lock+0x35/0x1d0 [ 479.659884] ? handle_mm_fault+0x248/0x8d0 [ 479.664092] ? lock_downgrade+0x980/0x980 [ 479.668232] handle_mm_fault+0x334/0x8d0 [ 479.672266] ? down_read+0x96/0x150 [ 479.675867] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 479.680421] ? vmacache_find+0x5f/0x280 [ 479.684371] ? find_vma+0x30/0x150 [ 479.687888] __do_page_fault+0x5c9/0xc90 [ 479.691941] ? mm_fault_error+0x2c0/0x2c0 [ 479.696059] ? find_held_lock+0x35/0x1d0 [ 479.700098] do_page_fault+0xee/0x720 [ 479.703879] ? __do_page_fault+0xc90/0xc90 [ 479.708088] ? lock_release+0xa40/0xa40 [ 479.712044] ? do_raw_spin_trylock+0x190/0x190 [ 479.716610] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 479.721435] page_fault+0x2c/0x60 [ 479.724863] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 479.730627] RSP: 0018:ffff8801c21bf928 EFLAGS: 00010246 [ 479.735961] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 479.743203] RDX: 000000000000010b RSI: ffffc9000213c000 RDI: ffff8801c21bfd28 [ 479.750446] RBP: ffff8801c21bfa08 R08: 0000000000000000 R09: 1ffff10038437ee7 [ 479.757687] R10: ffff8801c21bf858 R11: 0000000000000003 R12: 1ffff10038437f28 [ 479.764930] R13: ffff8801c21bf9e0 R14: 0000000000000000 R15: ffff8801c21bfd20 [ 479.772184] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 479.777351] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 479.782514] ? iov_iter_revert+0x9d0/0x9d0 [ 479.786731] ? mark_held_locks+0xaf/0x100 [ 479.790852] ? simple_xattr_get+0xeb/0x160 [ 479.795060] ? current_kernel_time64+0x122/0x2f0 [ 479.799792] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 479.804791] generic_perform_write+0x200/0x600 [ 479.809357] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 479.814611] ? generic_update_time+0x1b2/0x270 [ 479.819169] ? __mnt_drop_write_file+0xd/0x70 [ 479.823637] ? file_update_time+0xbf/0x470 [ 479.827849] ? current_time+0xc0/0xc0 [ 479.831627] ? down_write+0x87/0x120 [ 479.835316] __generic_file_write_iter+0x366/0x5b0 [ 479.840218] ? check_noncircular+0x20/0x20 [ 479.844430] generic_file_write_iter+0x399/0x790 [ 479.849164] ? __generic_file_write_iter+0x5b0/0x5b0 [ 479.854245] ? iov_iter_init+0xaf/0x1d0 [ 479.858195] __vfs_write+0x684/0x970 [ 479.861881] ? lock_acquire+0x1d5/0x580 [ 479.865834] ? kernel_read+0x120/0x120 [ 479.869717] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 479.874451] ? __sb_start_write+0x209/0x2a0 [ 479.878756] vfs_write+0x189/0x510 [ 479.882279] SyS_write+0xef/0x220 [ 479.885717] ? SyS_read+0x220/0x220 [ 479.889318] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 479.894316] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 479.899063] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 479.903795] RIP: 0033:0x452e39 2018/01/17 19:07:51 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:51 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) socket$nfc_raw(0x27, 0x3, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:51 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:51 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000d5e000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x8080) clock_gettime(0x0, &(0x7f0000b18000-0x10)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000a65000-0x68)={0x907, 0x7, 0x7, {r1, r2+10000000}, 0x0, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) syz_open_dev$sg(&(0x7f000048d000)='/dev/sg#\x00', 0x800, 0x40000) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r3, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:51 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) 2018/01/17 19:07:51 executing program 1 (fault-call:3 fault-nth:0): mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:51 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:51 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:51 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 479.906959] RSP: 002b:00007efe3e585c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 479.914642] RAX: ffffffffffffffda RBX: 00007efe3e586700 RCX: 0000000000452e39 [ 479.921886] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 [ 479.929131] RBP: 0000000000a2f870 R08: 0000000000000000 R09: 0000000000000000 [ 479.936372] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 479.943613] R13: 0000000000a2f7ef R14: 00007efe3e5869c0 R15: 000000000000000a [ 480.030297] FAULT_FLAG_ALLOW_RETRY missing 30 [ 480.034995] CPU: 0 PID: 23466 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 480.042345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 480.051679] Call Trace: [ 480.054251] dump_stack+0x194/0x257 [ 480.057858] ? arch_local_irq_restore+0x53/0x53 [ 480.062514] ? handle_userfault+0x12b7/0x24c0 [ 480.066993] handle_userfault+0x12fa/0x24c0 [ 480.071292] ? handle_userfault+0x150b/0x24c0 [ 480.075770] ? userfaultfd_ioctl+0x4520/0x4520 [ 480.080326] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 480.085498] ? print_irqtrace_events+0x270/0x270 [ 480.090231] ? find_held_lock+0x35/0x1d0 [ 480.094265] ? print_irqtrace_events+0x270/0x270 [ 480.098993] ? print_irqtrace_events+0x270/0x270 [ 480.103724] ? cpuacct_charge+0x2e6/0x5c0 [ 480.107849] ? find_held_lock+0x35/0x1d0 [ 480.111894] ? __lock_acquire+0x664/0x3e00 [ 480.116102] ? check_noncircular+0x20/0x20 [ 480.120306] ? __lock_acquire+0x664/0x3e00 [ 480.124513] ? lock_release+0xa40/0xa40 [ 480.128465] ? __lock_is_held+0xb6/0x140 [ 480.132507] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 480.137680] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 480.142852] ? find_held_lock+0x35/0x1d0 [ 480.146893] ? __handle_mm_fault+0x3296/0x3ce0 [ 480.151448] ? lock_downgrade+0x980/0x980 [ 480.155570] ? lock_release+0xa40/0xa40 [ 480.159517] ? update_cfs_rq_load_avg.part.69+0x2d0/0x2d0 [ 480.165037] ? do_raw_spin_trylock+0x190/0x190 [ 480.169598] ? userfaultfd_ctx_put+0x740/0x740 [ 480.174162] __handle_mm_fault+0x32a3/0x3ce0 [ 480.178550] ? __pmd_alloc+0x4e0/0x4e0 [ 480.182408] ? print_irqtrace_events+0x270/0x270 [ 480.187154] ? find_held_lock+0x35/0x1d0 [ 480.191205] ? handle_mm_fault+0x248/0x8d0 [ 480.195414] ? lock_downgrade+0x980/0x980 [ 480.199556] handle_mm_fault+0x334/0x8d0 [ 480.203600] ? down_read+0x96/0x150 [ 480.207204] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 480.211756] ? vmacache_find+0x5f/0x280 [ 480.215709] ? find_vma+0x30/0x150 [ 480.219226] __do_page_fault+0x5c9/0xc90 [ 480.223268] ? mm_fault_error+0x2c0/0x2c0 [ 480.227396] ? find_held_lock+0x35/0x1d0 [ 480.231443] do_page_fault+0xee/0x720 [ 480.235221] ? __do_page_fault+0xc90/0xc90 [ 480.239441] ? lock_release+0xa40/0xa40 [ 480.243398] ? do_raw_spin_trylock+0x190/0x190 [ 480.247961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 480.252788] page_fault+0x2c/0x60 [ 480.256218] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 480.261985] RSP: 0018:ffff8801be0ef928 EFLAGS: 00010246 [ 480.267331] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 480.274580] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801be0efd28 [ 480.281824] RBP: ffff8801be0efa08 R08: 0000000000000000 R09: 1ffff10037c1dee7 [ 480.289068] R10: ffff8801be0ef858 R11: 0000000000000003 R12: 1ffff10037c1df28 [ 480.296327] R13: ffff8801be0ef9e0 R14: 0000000000000000 R15: ffff8801be0efd20 [ 480.303594] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 480.308764] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 480.313930] ? iov_iter_revert+0x9d0/0x9d0 [ 480.318146] ? mark_held_locks+0xaf/0x100 [ 480.322266] ? simple_xattr_get+0xeb/0x160 [ 480.326479] ? current_kernel_time64+0x122/0x2f0 [ 480.331211] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 480.336205] generic_perform_write+0x200/0x600 [ 480.340775] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 480.346029] ? generic_update_time+0x1b2/0x270 [ 480.350590] ? __mnt_drop_write_file+0xd/0x70 [ 480.355061] ? file_update_time+0xbf/0x470 [ 480.359496] ? current_time+0xc0/0xc0 [ 480.363276] ? down_write+0x87/0x120 [ 480.366969] __generic_file_write_iter+0x366/0x5b0 [ 480.371885] ? check_noncircular+0x20/0x20 [ 480.376096] generic_file_write_iter+0x399/0x790 [ 480.380841] ? __generic_file_write_iter+0x5b0/0x5b0 [ 480.385922] ? iov_iter_init+0xaf/0x1d0 [ 480.389875] __vfs_write+0x684/0x970 [ 480.393560] ? lock_acquire+0x1d5/0x580 [ 480.397512] ? kernel_read+0x120/0x120 [ 480.401396] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 480.406126] ? __sb_start_write+0x209/0x2a0 [ 480.410425] vfs_write+0x189/0x510 [ 480.413942] SyS_write+0xef/0x220 [ 480.417375] ? SyS_read+0x220/0x220 [ 480.420973] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 480.425963] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 480.430700] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 480.435430] RIP: 0033:0x452e39 [ 480.438590] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 480.446275] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 480.453522] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 [ 480.460768] RBP: 00000000000005f3 R08: 0000000000000000 R09: 0000000000000000 [ 480.468018] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6f68 [ 480.475267] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:52 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) sendfile(r0, r0, &(0x7f0000b0a000)=0x0, 0x3) 2018/01/17 19:07:52 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = syz_open_dev$sndpcmp(&(0x7f0000284000-0x12)='/dev/snd/pcmC#D#p\x00', 0x8, 0x8000) ioctl$fiemap(r0, 0xc020660b, &(0x7f0000866000)={0x7, 0x7, 0x5, 0x5, 0x3, [{0x1, 0x4, 0x7fffffff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}, {0x100000000, 0x100, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0}, {0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}]}) ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f0000201000)={0x100000, 0x1000, 0x8, 0x9f77, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:52 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:52 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:52 executing program 7: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:52 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000b3c000-0xe)='/selinux/user\x00', 0x2, 0x0) socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_open_dev$sndctrl(&(0x7f0000afe000)='/dev/snd/controlC#\x00', 0x5, 0x88000) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000cfd000-0x8)={0x0, 0x0}) set_tid_address(&(0x7f0000dfb000-0x4)=0x0) 2018/01/17 19:07:52 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f00004e3000)=""/92, 0x5c, 0x10000, 0x0, 0xffffffffffffff88) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) r3 = mmap$binder(&(0x7f0000f67000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f00000b4000)={r3, 0x0, 0x0, 0x0}) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r2, &(0x7f000094b000-0x1d)=@random={'os2.\x00', "7b7365637572697479757365726d696d655f747970651c00"}) ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:52 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) mkdir(&(0x7f000048a000-0x6)='./bus\x00', 0x30) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:52 executing program 7: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:52 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:52 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:52 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:52 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000187000)='/dev/sequencer\x00', 0x400001, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000f4f000-0xc)={0x2, r0, 0x0}) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:52 executing program 7: ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:52 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:52 executing program 1: openat$autofs(0xffffffffffffff9c, &(0x7f0000f2f000-0xc)='/dev/autofs\x00', 0x20002, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) [ 480.603664] audit: type=1400 audit(1516216072.610:27373): avc: denied { map } for pid=23501 comm="syz-executor0" path="/2116/control" dev="tmpfs" ino=123129 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=dir permissive=1 [ 480.684620] FAULT_FLAG_ALLOW_RETRY missing 30 [ 480.689281] CPU: 1 PID: 23503 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 480.696632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 480.705969] Call Trace: [ 480.708539] dump_stack+0x194/0x257 [ 480.712162] ? arch_local_irq_restore+0x53/0x53 [ 480.716820] ? handle_userfault+0x12b7/0x24c0 [ 480.721297] handle_userfault+0x12fa/0x24c0 [ 480.725598] ? handle_userfault+0x150b/0x24c0 [ 480.730078] ? userfaultfd_ioctl+0x4520/0x4520 [ 480.734633] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 480.739796] ? __lock_is_held+0xb6/0x140 [ 480.743857] ? print_irqtrace_events+0x270/0x270 [ 480.748588] ? print_irqtrace_events+0x270/0x270 [ 480.753319] ? get_user_pages_fast+0x277/0x340 [ 480.757909] ? switched_to_fair+0xb0/0xb0 [ 480.762039] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 480.767034] ? trace_hardirqs_on+0xd/0x10 [ 480.771155] ? get_user_pages_fast+0x14e/0x340 [ 480.775713] ? pick_next_entity+0x197/0x400 [ 480.780015] ? __lock_acquire+0x664/0x3e00 [ 480.784231] ? check_noncircular+0x20/0x20 [ 480.788438] ? __lock_acquire+0x664/0x3e00 [ 480.792661] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 480.797828] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 480.803012] ? find_held_lock+0x35/0x1d0 [ 480.807059] ? __handle_mm_fault+0x3296/0x3ce0 [ 480.811616] ? lock_downgrade+0x980/0x980 [ 480.815741] ? lock_release+0xa40/0xa40 [ 480.819689] ? copy_overflow+0x20/0x20 [ 480.823550] ? do_raw_spin_trylock+0x190/0x190 [ 480.828108] ? userfaultfd_ctx_put+0x740/0x740 [ 480.832673] __handle_mm_fault+0x32a3/0x3ce0 [ 480.837063] ? __pmd_alloc+0x4e0/0x4e0 [ 480.840924] ? print_irqtrace_events+0x270/0x270 [ 480.845664] ? plist_check_head+0xe2/0x130 [ 480.849878] ? find_held_lock+0x35/0x1d0 [ 480.853919] ? handle_mm_fault+0x248/0x8d0 [ 480.858135] ? lock_downgrade+0x980/0x980 [ 480.862300] handle_mm_fault+0x334/0x8d0 [ 480.866339] ? down_read+0x96/0x150 [ 480.869941] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 480.874500] ? vmacache_find+0x5f/0x280 [ 480.878466] ? find_vma+0x30/0x150 [ 480.881986] __do_page_fault+0x5c9/0xc90 [ 480.886041] ? mm_fault_error+0x2c0/0x2c0 [ 480.890165] ? get_futex_value_locked+0xc3/0xf0 [ 480.894814] do_page_fault+0xee/0x720 [ 480.898599] ? __do_page_fault+0xc90/0xc90 [ 480.902818] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 480.907983] ? check_noncircular+0x20/0x20 [ 480.912193] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 480.917268] ? futex_wait+0x6a9/0x9a0 [ 480.921048] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 480.925873] page_fault+0x2c/0x60 [ 480.929299] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 480.935068] RSP: 0018:ffff8801bb6af928 EFLAGS: 00010246 [ 480.940403] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 480.947646] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801bb6afd28 [ 480.954889] RBP: ffff8801bb6afa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 480.962131] R10: ffff8801bb6af858 R11: 0000000000000000 R12: 1ffff100376d5f28 [ 480.969376] R13: ffff8801bb6af9e0 R14: 0000000000000000 R15: ffff8801bb6afd20 [ 480.976637] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 480.981810] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 480.986978] ? iov_iter_revert+0x9d0/0x9d0 [ 480.991198] ? mark_held_locks+0xaf/0x100 [ 480.995321] ? simple_xattr_get+0xeb/0x160 [ 480.999530] ? current_kernel_time64+0x122/0x2f0 [ 481.004261] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 481.009268] generic_perform_write+0x200/0x600 [ 481.013839] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 481.019091] ? current_time+0x88/0xc0 [ 481.022866] ? file_update_time+0xbf/0x470 [ 481.027079] ? current_time+0xc0/0xc0 [ 481.030859] ? down_write+0x87/0x120 [ 481.034549] __generic_file_write_iter+0x366/0x5b0 [ 481.039453] ? check_noncircular+0x20/0x20 [ 481.043667] generic_file_write_iter+0x399/0x790 [ 481.048408] ? __generic_file_write_iter+0x5b0/0x5b0 [ 481.053496] ? iov_iter_init+0xaf/0x1d0 [ 481.057457] __vfs_write+0x684/0x970 [ 481.061151] ? lock_acquire+0x1d5/0x580 [ 481.065109] ? kernel_read+0x120/0x120 [ 481.069000] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 481.073734] ? __sb_start_write+0x209/0x2a0 [ 481.078042] vfs_write+0x189/0x510 [ 481.081566] SyS_write+0xef/0x220 [ 481.084995] ? SyS_read+0x220/0x220 [ 481.088599] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 481.093601] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.098344] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 481.103072] RIP: 0033:0x452e39 [ 481.106235] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 481.113914] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 481.121157] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 481.128399] RBP: 00000000000003b3 R08: 0000000000000000 R09: 0000000000000000 2018/01/17 19:07:53 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:53 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:53 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f000080d000)={0x0, 0x10000, 0x0}) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:53 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000c2f000-0x12)='/dev/loop-control\x00', 0x2c000, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) fadvise64(r0, 0x0, 0x101, 0x4) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:53 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:53 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00009c8000)='/dev/rfkill\x00', 0x107180, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x9) r3 = shmget$private(0x0, 0x2000, 0x78000002, &(0x7f0000de0000/0x2000)=nil) shmctl$IPC_INFO(r3, 0x3, &(0x7f00002f4000-0xd7)=""/215) bind$netlink(r2, &(0x7f000006c000)={0x10, 0x0, 0x0, 0x9}, 0xc) bind$netlink(r2, &(0x7f0000d86000)={0x10, 0x0, 0x0, 0x0}, 0xc) setsockopt$sock_int(r1, 0x1, 0x3f, &(0x7f0000ef5000-0x4)=0xffffffffffff7fff, 0x4) readv(r0, &(0x7f000098a000-0x70)=[{&(0x7f000077b000)=""/4096, 0xb119aa3fffb579a2}, {&(0x7f0000104000-0x7c)=""/124, 0xffffffab}, {&(0x7f00005c6000-0x52)=""/82, 0x52}, {&(0x7f00006fa000-0x1000)=""/4096, 0x8de}, {&(0x7f00000a2000)=""/203, 0xcb}, {&(0x7f0000b1a000)=""/148, 0x94}, {&(0x7f000097b000-0xf3)=""/243, 0xf3}], 0x7) futimesat(r1, &(0x7f00009bd000)='./file0\x00', &(0x7f0000195000)={{0x0, 0x0}, {0x0, 0x2710}}) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000f40000-0x20)={0x80000001, 0x0, 0x10001, 0x6}) ioctl$DRM_IOCTL_AGP_BIND(r1, 0x40106436, &(0x7f000097c000)={r4, 0x9}) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000b83000-0x10)="2bd2ffa6c8e36e89a19ab1ad3cc2bd40", 0x10) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000e61000+0xc76)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x0}) [ 481.135641] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3968 [ 481.142882] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:53 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:53 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:53 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000007000)={0x10000, 0x453}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f000018e000-0xd8)=@ioapic={0x4002, 0x4800, 0x5, 0x8, 0x0, [{0x2286, 0x4, 0x7fffffff, [0x0, 0x0, 0x0, 0x0], 0x7fff}, {0x3f, 0x6ce, 0x200000000000000, [0x0, 0x0, 0x0, 0x0], 0xffffffff}, {0xfffffffffffffff8, 0xf246, 0x8, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x2, 0x2, 0x3000000000000000, [0x0, 0x0, 0x0, 0x0], 0x6}, {0x4, 0x401, 0x9, [0x0, 0x0, 0x0, 0x0], 0x1}, {0x9, 0x80c2, 0x40, [0x0, 0x0, 0x0, 0x0], 0x9}, {0x5, 0x8000, 0x101, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x96, 0x7, 0x4, [0x0, 0x0, 0x0, 0x0], 0x80000000}, {0x7, 0x7194, 0xa1f8, [0x0, 0x0, 0x0, 0x0], 0xfffffffffffffffc}, {0x3, 0x7f, 0x10001, [0x0, 0x0, 0x0, 0x0], 0x0}, {0x40, 0xffffffffffff4d41, 0x3, [0x0, 0x0, 0x0, 0x0], 0x725d}, {0x5, 0x7f, 0x4831, [0x0, 0x0, 0x0, 0x0], 0x80000000}, {0xfffffffffffffff9, 0x0, 0x35e, [0x0, 0x0, 0x0, 0x0], 0x3ff}, {0x1, 0xe77, 0xffffffff80000001, [0x0, 0x0, 0x0, 0x0], 0x101}, {0x0, 0x0, 0xffffffffffffffe1, [0x0, 0x0, 0x0, 0x0], 0x10000}, {0x0, 0x0, 0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0], 0x5}, {0x7, 0x5, 0x1, [0x0, 0x0, 0x0, 0x0], 0x8}, {0x9, 0x5, 0x5ec, [0x0, 0x0, 0x0, 0x0], 0x9}, {0x8, 0x7, 0x1, [0x0, 0x0, 0x0, 0x0], 0x78}, {0x6, 0x5, 0x7, [0x0, 0x0, 0x0, 0x0], 0x100}, {0x1, 0x8, 0x8, [0x0, 0x0, 0x0, 0x0], 0x9ab}, {0x7, 0x2, 0x8, [0x0, 0x0, 0x0, 0x0], 0x1175}, {0x6, 0x6, 0x7, [0x0, 0x0, 0x0, 0x0], 0x95b}, {0x5, 0x80, 0xfffffffffffffc00, [0x0, 0x0, 0x0, 0x0], 0x5}]}) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000457000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, 0x8, "57273c97e3a5bb6f4e7cb3e2482be8a5ea178a6716579eb465174781eb82ac72b12f42ace744584567fdbc0eb2a864bdc201f0ba96a3255002df88b3846d0ac0", "c179315178324db9fb852967349097c3c366cbc6251211f79e9411c6b459be6d", [0xffff, 0x4], 0x0}) 2018/01/17 19:07:53 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f000052f000)='/selinux/policy\x00', 0x0, 0x0) bind$bt_sco(r1, &(0x7f00006cf000-0x1)={0x1f, {0x8, 0x0, 0x29f, 0x34aa, 0x1, 0x8}}, 0x8) acct(&(0x7f0000de0000)='./file0\x00') ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$KVM_SMI(r1, 0xaeb7) setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, &(0x7f0000c8a000)=0x4, 0x4) 2018/01/17 19:07:53 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) socket$nl_generic(0x10, 0x3, 0x10) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:53 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) faccessat(r0, &(0x7f000079c000)='./file0\x00', 0x10a, 0x1000) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:53 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:53 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$KVM_GET_TSC_KHZ(r1, 0xaea3) socket$netlink(0x10, 0x3, 0x1b) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:53 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:53 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000a28000-0x10)={0x1000, &(0x7f00006f7000+0x88)=""/4096}) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 481.391973] FAULT_FLAG_ALLOW_RETRY missing 30 [ 481.396848] CPU: 0 PID: 23572 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 481.404196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.413527] Call Trace: [ 481.416095] dump_stack+0x194/0x257 [ 481.419700] ? arch_local_irq_restore+0x53/0x53 [ 481.424366] ? handle_userfault+0x12b7/0x24c0 [ 481.428854] handle_userfault+0x12fa/0x24c0 [ 481.433153] ? handle_userfault+0x150b/0x24c0 [ 481.437632] ? userfaultfd_ioctl+0x4520/0x4520 [ 481.442198] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 481.447384] ? __lock_is_held+0xb6/0x140 [ 481.451438] ? print_irqtrace_events+0x270/0x270 [ 481.456168] ? print_irqtrace_events+0x270/0x270 [ 481.460902] ? get_user_pages_fast+0x277/0x340 [ 481.465457] ? switched_to_fair+0xb0/0xb0 [ 481.469578] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 481.474569] ? trace_hardirqs_on+0xd/0x10 [ 481.478691] ? get_user_pages_fast+0x14e/0x340 [ 481.483247] ? pick_next_entity+0x197/0x400 [ 481.487545] ? __lock_acquire+0x664/0x3e00 [ 481.491751] ? check_noncircular+0x20/0x20 [ 481.495958] ? __lock_acquire+0x664/0x3e00 [ 481.500178] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 481.505345] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 481.510511] ? find_held_lock+0x35/0x1d0 [ 481.514554] ? __handle_mm_fault+0x3296/0x3ce0 [ 481.519108] ? lock_downgrade+0x980/0x980 [ 481.523230] ? lock_release+0xa40/0xa40 [ 481.527181] ? copy_overflow+0x20/0x20 [ 481.531049] ? do_raw_spin_trylock+0x190/0x190 [ 481.535605] ? userfaultfd_ctx_put+0x740/0x740 [ 481.540172] __handle_mm_fault+0x32a3/0x3ce0 [ 481.544561] ? __pmd_alloc+0x4e0/0x4e0 [ 481.548422] ? print_irqtrace_events+0x270/0x270 [ 481.553154] ? find_held_lock+0x35/0x1d0 [ 481.557195] ? handle_mm_fault+0x248/0x8d0 [ 481.561407] ? lock_downgrade+0x980/0x980 [ 481.565548] handle_mm_fault+0x334/0x8d0 [ 481.569585] ? down_read+0x96/0x150 [ 481.573193] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 481.577757] ? vmacache_find+0x5f/0x280 [ 481.581719] ? find_vma+0x30/0x150 [ 481.585246] __do_page_fault+0x5c9/0xc90 [ 481.589293] ? mm_fault_error+0x2c0/0x2c0 [ 481.593414] ? find_held_lock+0x35/0x1d0 [ 481.597456] do_page_fault+0xee/0x720 [ 481.601237] ? __do_page_fault+0xc90/0xc90 [ 481.605447] ? lock_release+0xa40/0xa40 [ 481.609398] ? do_raw_spin_trylock+0x190/0x190 [ 481.613960] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 481.618784] page_fault+0x2c/0x60 [ 481.622212] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 481.627978] RSP: 0018:ffff8801b0c27928 EFLAGS: 00010246 [ 481.633314] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 481.640555] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b0c27d28 [ 481.647796] RBP: ffff8801b0c27a08 R08: 0000000000000000 R09: 1ffff10036184ee7 [ 481.655040] R10: ffff8801b0c27858 R11: 0000000000000003 R12: 1ffff10036184f28 [ 481.662282] R13: ffff8801b0c279e0 R14: 0000000000000000 R15: ffff8801b0c27d20 [ 481.669641] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 481.674813] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 481.679977] ? iov_iter_revert+0x9d0/0x9d0 [ 481.684188] ? mark_held_locks+0xaf/0x100 [ 481.688309] ? simple_xattr_get+0xeb/0x160 [ 481.692516] ? current_kernel_time64+0x122/0x2f0 [ 481.697246] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 481.702241] generic_perform_write+0x200/0x600 [ 481.706813] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 481.712068] ? generic_update_time+0x1b2/0x270 [ 481.716625] ? __mnt_drop_write_file+0xd/0x70 [ 481.721101] ? file_update_time+0xbf/0x470 [ 481.725311] ? current_time+0xc0/0xc0 [ 481.729088] ? down_write+0x87/0x120 [ 481.732779] __generic_file_write_iter+0x366/0x5b0 [ 481.737681] ? check_noncircular+0x20/0x20 [ 481.741893] generic_file_write_iter+0x399/0x790 [ 481.746630] ? __generic_file_write_iter+0x5b0/0x5b0 [ 481.751711] ? iov_iter_init+0xaf/0x1d0 [ 481.755668] __vfs_write+0x684/0x970 [ 481.759356] ? lock_acquire+0x1d5/0x580 [ 481.763307] ? kernel_read+0x120/0x120 [ 481.767188] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 481.771919] ? __sb_start_write+0x209/0x2a0 [ 481.776216] vfs_write+0x189/0x510 [ 481.779735] SyS_write+0xef/0x220 [ 481.783164] ? SyS_read+0x220/0x220 [ 481.786765] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 481.791758] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.796506] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 481.801234] RIP: 0033:0x452e39 [ 481.804398] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 481.812078] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 481.819320] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 481.826560] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 481.833802] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 481.841046] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 481.880862] FAULT_FLAG_ALLOW_RETRY missing 30 [ 481.885423] CPU: 0 PID: 23572 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 481.892759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.902085] Call Trace: [ 481.904650] dump_stack+0x194/0x257 [ 481.908258] ? arch_local_irq_restore+0x53/0x53 [ 481.912903] ? handle_userfault+0x12b7/0x24c0 [ 481.917374] handle_userfault+0x12fa/0x24c0 [ 481.921670] ? handle_userfault+0x150b/0x24c0 [ 481.926149] ? userfaultfd_ioctl+0x4520/0x4520 [ 481.930702] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 481.935866] ? find_held_lock+0x35/0x1d0 [ 481.939900] ? check_noncircular+0x20/0x20 [ 481.944116] ? print_irqtrace_events+0x270/0x270 [ 481.948851] ? print_irqtrace_events+0x270/0x270 [ 481.953580] ? find_held_lock+0x35/0x1d0 [ 481.957623] ? __update_idle_core+0x305/0x600 [ 481.962097] ? __lock_acquire+0x664/0x3e00 [ 481.966306] ? check_noncircular+0x20/0x20 [ 481.970512] ? __lock_acquire+0x664/0x3e00 [ 481.974731] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 481.979892] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 481.985058] ? find_held_lock+0x35/0x1d0 [ 481.989103] ? __handle_mm_fault+0x3296/0x3ce0 [ 481.993659] ? lock_downgrade+0x980/0x980 [ 481.997783] ? lock_release+0xa40/0xa40 [ 482.001730] ? copy_overflow+0x20/0x20 [ 482.005591] ? do_raw_spin_trylock+0x190/0x190 [ 482.010149] ? userfaultfd_ctx_put+0x740/0x740 [ 482.014715] __handle_mm_fault+0x32a3/0x3ce0 [ 482.019101] ? __pmd_alloc+0x4e0/0x4e0 [ 482.022961] ? print_irqtrace_events+0x270/0x270 [ 482.027694] ? find_held_lock+0x35/0x1d0 [ 482.031737] ? handle_mm_fault+0x248/0x8d0 [ 482.035944] ? lock_downgrade+0x980/0x980 [ 482.040085] handle_mm_fault+0x334/0x8d0 [ 482.044121] ? down_read+0x96/0x150 [ 482.047722] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 482.052276] ? vmacache_find+0x5f/0x280 [ 482.056228] ? find_vma+0x30/0x150 [ 482.059751] __do_page_fault+0x5c9/0xc90 [ 482.063794] ? mm_fault_error+0x2c0/0x2c0 [ 482.067917] ? find_held_lock+0x35/0x1d0 [ 482.071956] do_page_fault+0xee/0x720 [ 482.075731] ? __do_page_fault+0xc90/0xc90 [ 482.079940] ? lock_release+0xa40/0xa40 [ 482.083893] ? do_raw_spin_trylock+0x190/0x190 [ 482.088464] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.093300] page_fault+0x2c/0x60 [ 482.096728] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 482.102495] RSP: 0018:ffff8801b0c27928 EFLAGS: 00010246 [ 482.107830] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 482.115084] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b0c27d28 [ 482.122328] RBP: ffff8801b0c27a08 R08: 0000000000000000 R09: 1ffff10036184ee7 [ 482.129601] R10: ffff8801b0c27858 R11: 0000000000000003 R12: 1ffff10036184f28 [ 482.136845] R13: ffff8801b0c279e0 R14: 0000000000000000 R15: ffff8801b0c27d20 [ 482.144104] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 482.149283] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 482.154451] ? iov_iter_revert+0x9d0/0x9d0 [ 482.158667] ? mark_held_locks+0xaf/0x100 [ 482.162790] ? simple_xattr_get+0xeb/0x160 [ 482.167006] ? current_kernel_time64+0x122/0x2f0 [ 482.171744] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 482.176737] generic_perform_write+0x200/0x600 [ 482.181305] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 482.186552] ? generic_update_time+0x1b2/0x270 [ 482.191111] ? __mnt_drop_write_file+0xd/0x70 [ 482.195581] ? file_update_time+0xbf/0x470 [ 482.199791] ? current_time+0xc0/0xc0 [ 482.203573] ? down_write+0x87/0x120 [ 482.207264] __generic_file_write_iter+0x366/0x5b0 [ 482.212167] ? check_noncircular+0x20/0x20 [ 482.216381] generic_file_write_iter+0x399/0x790 [ 482.221113] ? __generic_file_write_iter+0x5b0/0x5b0 [ 482.226196] ? iov_iter_init+0xaf/0x1d0 [ 482.230156] __vfs_write+0x684/0x970 [ 482.233843] ? lock_acquire+0x1d5/0x580 [ 482.237794] ? kernel_read+0x120/0x120 [ 482.241678] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 482.246409] ? __sb_start_write+0x209/0x2a0 [ 482.250708] vfs_write+0x189/0x510 [ 482.254230] SyS_write+0xef/0x220 [ 482.257659] ? SyS_read+0x220/0x220 [ 482.261261] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 482.266259] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 482.271007] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 482.275745] RIP: 0033:0x452e39 2018/01/17 19:07:54 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:54 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:54 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:54 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x1, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:54 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f000033b000-0x4)={0x7, 0xffffffffffffff5b, 0x40000000000000}) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:54 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000a6d000)='/dev/vcs\x00', 0x200000, 0x0) setsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f0000bdb000-0x4)=0x9, 0x4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f00008cf000)=""}) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00007c4000-0x18)={0x0, 0x7bc, 0x6, &(0x7f0000518000)=0x0}) clock_getres(0x5, &(0x7f000059b000-0x10)={0x0, 0x0}) ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000625000)={0xfffffffffffffffa, 0x2}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:07:54 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x100082000) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000ce8000-0xc)={0x0, 0x797, 0x30}, &(0x7f0000ff0000)=0xc) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000ddd000-0x8)={r2, 0xffffffff}, 0x8) r3 = creat(&(0x7f00009ee000-0xa)='./control\x00', 0x1dc) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00003a8000-0x64)={&(0x7f000084b000-0x8)=[0xffffffff, 0x150], 0x4000000000000077, 0x8000, 0x8, 0x6, 0x0, 0x8, {0xffffffffffffff7b, 0x6, 0x2, 0x0, 0x78, 0xfffffffffffffe01, 0x532, 0x1, 0xfffffffffffffff7, 0x25800, 0x1, 0x5, 0x100000000, 0x3, "325cc8c10aa1426351b470d747a524d12e4b9ecaef8179c80685975752ba4d65"}}) ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl$sock_netrom_TIOCOUTQ(r0, 0x5411, &(0x7f000054f000)=0x0) sendmsg(r3, &(0x7f00009ba000)={&(0x7f0000b0f000)=@rc={0x1f, {0xd117, 0x6, 0x1ff, 0x6, 0x9, 0x9}, 0xffffffff00000001}, 0x9, &(0x7f000097e000-0x30)=[{&(0x7f000008d000)="c4f337dc996217a859fabc5f43d8d6b281e3d9eb515269ad1170bc2c4c91e1d091eb3ac4f0820bbbe47591b4b5915db3bff310459d1110c3fc62ea5aec", 0x3d}, {&(0x7f00007fd000)="8581c10df8605ea6a399e0e9587f570e11228013f860584334c823526f85dfd380b17a7f78d7caa193efe67eb9bef7e96973af6858ec4529360855d5cd201e4f869f42fc91569d82acb415906b68916d0964a1596f89c07be4f7815a3368619e8306bba8f3d6043ba8900d886112116babb638a39f345444e0c710f1b15459575d8c93df59e3c878dabece167a8fdaaed2c28007aef7923be7edbf197c1f92966d55c0830242e83b5ea8312f2e186f91986deeb84d3f9c", 0xb7}, {&(0x7f0000dcc000)="b54e33635fa2b27860dd9d0e9108692970c343a6cace0a1b5108ce3acdbfaf3c914e481fc5115dcfc901f591df984695045ed5e519de62c0c00abfa28e47a2a5508785afc4d2e815ac2d0b543e6e8b25ba132864e916cf0ae5ff8a7617ed2ebfacbbfad73953afe76dbb92e8258bf05fea522a9b43cf2e2e61c003b3467e0671e6d015969dce8af6e9446ef29be8379882b4657794ee9dfe0b44ff01406eb6064a020cb6bd0b43290cf3f6cb3c01a4af1bac9ab216b55374a478ff6c703828d04cc7ddd891bdc82f4233451af83a867dd078abb05a97eed680f0d2f811", 0xdd}], 0x3, &(0x7f0000463000)=[{0xd0, 0x105, 0x7f, "e847737674892c98327aa0779af5b63181c24e5abce14ece101915958e5a4c983684ae91bd994dc0862b9df3441a11d181faf90755f7a82914544c50fa2d97bf7513155748698ef7f870c35b737e38e4820031509715827dac671cbb09da0b68c3ec8fa94f602c0334d1484b466783627e0760408279e6b23ffa47d55bc604722e9fd4c28ba519947f2b4e15711cd1307b3e656033513aea46359467fb0f6424a6c326dc3be09abae5a6584c88fd1206ad6beaf956fc955f69eaa2"}], 0xd0, 0x4000005}, 0x10) mount(&(0x7f00006e4000-0x4)='./control\x00', &(0x7f00003f1000-0x8)='./file0\x00', &(0x7f0000e9a000-0x8)='overlay\x00', 0x0, &(0x7f0000185000-0xc8)="c53ae5c7d7adb7252f115500c861e295e9e00290c9e004c980784a7089268bf71c4d5cb683bf3d665f96c3ea92bf968c4f22601163c89eb2a5da4e16d5370f648a7af9645ae5920703665c21ed9b9fc42b1eb3ec622cc02713f809e5f62588f96c28a77b6320cbe84dd09d80cda6c1f40209de5b58556f1fa71b7e2bcdc2a2b4c83d4c34622350844da2e87829fb1de3038110ec145f0a7471fa8af15174f89435823f92415bcf92ffc681f4f444639e4a80ab6a6243d52e14a26e557f8d1e74dc2e3fb688837fc5") ioctl$VT_RELDISP(r0, 0x5605) 2018/01/17 19:07:54 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) lseek(r0, 0x0, 0x4) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) [ 482.278914] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 482.286591] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 482.293838] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 482.301089] RBP: 00000000000003db R08: 0000000000000000 R09: 0000000000000000 [ 482.308329] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3d28 [ 482.315576] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:54 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:54 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:54 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:54 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:54 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x7, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000d5c000-0x4)=0x0) r4 = getpgrp(0xffffffffffffffff) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r0, &(0x7f0000ea1000-0xc)={r2, r0, 0x1}) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:54 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:54 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r1 = socket$bt_rfcomm(0x1f, 0x2, 0x3) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f000041b000-0x8)={0x1fa9, 0x2}, 0x8) r2 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000353000-0x11)='/selinux/relabel\x00', 0x2, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) 2018/01/17 19:07:54 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80000) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x4, 0x3, @tick=0x0, {0x0, 0xfffffffffffffff9}, {0x40000001f, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:54 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:54 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:54 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:54 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:54 executing program 1: socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f00003b4000)={0x0, 0x0}) openat$hwrng(0xffffffffffffff9c, &(0x7f00003a6000-0xb)='/dev/hwrng\x00', 0x30000, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000c7b000)={{0x2, 0x3, @dev={0xac, 0x14, 0x0, 0x10}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x20, {0x2, 0x1, @rand_addr=0xffffffffffffff86, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @common='bridge0\x00'}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000404000)='/dev/qat_adf_ctl\x00', 0x200000, 0x0) flistxattr(r1, &(0x7f000020b000)=""/228, 0xe4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$usbmon(&(0x7f00000a5000-0xd)='/dev/usbmon#\x00', 0x3, 0x1) 2018/01/17 19:07:54 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:54 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000bed000)={0x26, 'hash\x00', 0x0, 0x10, 'sha224-avx\x00'}, 0x32) r2 = accept$alg(r1, 0x0, 0x0) r3 = open(&(0x7f00004b9000-0x8)='./file0\x00', 0x28042, 0x0) fallocate(r3, 0x0, 0x0, 0x9) socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r2, r3, &(0x7f0000e65000-0x8)=0x0, 0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000ae000-0xa0)={0x0, @in6={{0xa, 0x0, 0x3f, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x81}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x7fffffff, 0xfffffffeffffffff, 0x33, 0xfff, 0x9}, &(0x7f0000763000-0x4)=0xa0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000bfa000)={r4, 0x9, 0x0, 0x928f, 0xd924}, &(0x7f00006ed000-0x4)=0x18) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:54 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:54 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:54 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) sendfile(0xffffffffffffffff, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:07:54 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:54 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f00005a6000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x8, 0x2, 0x0, 0x8000, 0x2000, 0x5000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000984000)='./file0\x00', 0x1) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') uselib(&(0x7f00005ed000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, &(0x7f00002d6000-0x30)={0x2, 0x100000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:54 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:54 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) sendfile(0xffffffffffffffff, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:07:54 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:07:54 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:54 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:54 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) sendfile(0xffffffffffffffff, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:07:54 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:54 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) splice(r0, &(0x7f0000258000-0x8)=0x0, r0, &(0x7f0000235000)=0x0, 0xffff, 0x6) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f000089f000-0x108)={0x0, @in={{0x2, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x6, 0x800, 0x100, 0x7, 0x1, 0x4, 0x9, 0xc1fe, 0x183, 0x558, 0xfffffffffffffffe, 0x9, 0x1730000000000, 0x6, 0x6]}, &(0x7f00005ff000)=0x108) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000bd8000-0xa0)={r2, @in6={{0xa, 0x1, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x80000001}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xfffffffffffeffff, 0x1f, 0x53cdb538, 0x0, 0x80}, &(0x7f000051d000-0x4)=0xa0) syz_extract_tcp_res$synack(&(0x7f0000b2f000)={0x0, 0x0}, 0x1, 0x0) [ 482.630338] FAULT_FLAG_ALLOW_RETRY missing 30 [ 482.635092] CPU: 0 PID: 23665 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 482.642456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.651806] Call Trace: [ 482.654403] dump_stack+0x194/0x257 [ 482.658039] ? arch_local_irq_restore+0x53/0x53 [ 482.662716] ? handle_userfault+0x12b7/0x24c0 [ 482.667213] handle_userfault+0x12fa/0x24c0 [ 482.671511] ? handle_userfault+0x150b/0x24c0 [ 482.676004] ? userfaultfd_ioctl+0x4520/0x4520 [ 482.680572] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 482.685735] ? __lock_is_held+0xb6/0x140 [ 482.689796] ? print_irqtrace_events+0x270/0x270 [ 482.694544] ? print_irqtrace_events+0x270/0x270 [ 482.699284] ? get_user_pages_fast+0x277/0x340 [ 482.703838] ? switched_to_fair+0xb0/0xb0 [ 482.707956] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 482.712946] ? trace_hardirqs_on+0xd/0x10 [ 482.717062] ? get_user_pages_fast+0x14e/0x340 [ 482.721621] ? pick_next_entity+0x197/0x400 [ 482.725918] ? __lock_acquire+0x664/0x3e00 [ 482.730123] ? check_noncircular+0x20/0x20 [ 482.734333] ? __lock_acquire+0x664/0x3e00 [ 482.738554] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 482.743716] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 482.748882] ? find_held_lock+0x35/0x1d0 [ 482.752924] ? __handle_mm_fault+0x3296/0x3ce0 [ 482.757477] ? lock_downgrade+0x980/0x980 [ 482.761600] ? lock_release+0xa40/0xa40 [ 482.765549] ? copy_overflow+0x20/0x20 [ 482.769411] ? do_raw_spin_trylock+0x190/0x190 [ 482.773965] ? userfaultfd_ctx_put+0x740/0x740 [ 482.778529] __handle_mm_fault+0x32a3/0x3ce0 [ 482.782913] ? __pmd_alloc+0x4e0/0x4e0 [ 482.786773] ? print_irqtrace_events+0x270/0x270 [ 482.791504] ? find_held_lock+0x35/0x1d0 [ 482.795545] ? handle_mm_fault+0x248/0x8d0 [ 482.799753] ? lock_downgrade+0x980/0x980 [ 482.803896] handle_mm_fault+0x334/0x8d0 [ 482.807929] ? down_read+0x96/0x150 [ 482.811528] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 482.816083] ? vmacache_find+0x5f/0x280 [ 482.820040] ? find_vma+0x30/0x150 [ 482.823556] __do_page_fault+0x5c9/0xc90 [ 482.827595] ? mm_fault_error+0x2c0/0x2c0 [ 482.831718] ? find_held_lock+0x35/0x1d0 [ 482.835760] do_page_fault+0xee/0x720 [ 482.839534] ? __do_page_fault+0xc90/0xc90 [ 482.843744] ? lock_release+0xa40/0xa40 [ 482.847713] ? do_raw_spin_trylock+0x190/0x190 [ 482.852280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.857101] page_fault+0x2c/0x60 [ 482.860527] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 482.866302] RSP: 0018:ffff8801b5677928 EFLAGS: 00010246 [ 482.871637] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 482.878879] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b5677d28 [ 482.886121] RBP: ffff8801b5677a08 R08: 0000000000000000 R09: 1ffff10036aceee7 [ 482.893369] R10: ffff8801b5677858 R11: 0000000000000003 R12: 1ffff10036acef28 [ 482.900611] R13: ffff8801b56779e0 R14: 0000000000000000 R15: ffff8801b5677d20 [ 482.907866] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 482.913043] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 482.918210] ? iov_iter_revert+0x9d0/0x9d0 [ 482.922423] ? mark_held_locks+0xaf/0x100 [ 482.926540] ? simple_xattr_get+0xeb/0x160 [ 482.930747] ? current_kernel_time64+0x122/0x2f0 [ 482.935477] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 482.940472] generic_perform_write+0x200/0x600 [ 482.945047] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 482.950306] ? generic_update_time+0x1b2/0x270 [ 482.954864] ? __mnt_drop_write_file+0xd/0x70 [ 482.959333] ? file_update_time+0xbf/0x470 [ 482.963544] ? current_time+0xc0/0xc0 [ 482.967322] ? down_write+0x87/0x120 [ 482.971021] __generic_file_write_iter+0x366/0x5b0 [ 482.975931] ? check_noncircular+0x20/0x20 [ 482.980142] generic_file_write_iter+0x399/0x790 [ 482.984875] ? __generic_file_write_iter+0x5b0/0x5b0 [ 482.989955] ? iov_iter_init+0xaf/0x1d0 [ 482.993905] __vfs_write+0x684/0x970 [ 482.997590] ? lock_acquire+0x1d5/0x580 [ 483.001540] ? kernel_read+0x120/0x120 [ 483.005419] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 483.010150] ? __sb_start_write+0x209/0x2a0 [ 483.014452] vfs_write+0x189/0x510 [ 483.017968] SyS_write+0xef/0x220 [ 483.021397] ? SyS_read+0x220/0x220 [ 483.024994] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 483.029996] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 483.034739] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 483.039465] RIP: 0033:0x452e39 [ 483.042625] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 483.050304] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 483.057546] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 483.064787] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 483.072036] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 483.079279] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:55 executing program 0: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000001000-0x8)={0x0, 0x0}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sched_rr_get_interval(r0, &(0x7f0000000000)={0x0, 0x0}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r1 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r1, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r2, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:55 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:55 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0xffffffffffffff6e, 0x0, &(0x7f0000798000)=[@release={0x40046306, 0x4}, @request_death={0x400c630e, 0x4, 0x3}, @reply_sg={0x40486312, {{0x4, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000c4a000)=[], &(0x7f00003c3000)=[0x48, 0x40, 0x18]}, 0x8001}}], 0x22b, 0x0, &(0x7f00000e5000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:55 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:55 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) getcwd(&(0x7f0000fdf000)=""/87, 0x57) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000c55000)=0x0) 2018/01/17 19:07:55 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:55 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:55 executing program 3: socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f00003b4000)={0x0, 0x0}) openat$hwrng(0xffffffffffffff9c, &(0x7f00003a6000-0xb)='/dev/hwrng\x00', 0x30000, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000c7b000)={{0x2, 0x3, @dev={0xac, 0x14, 0x0, 0x10}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x20, {0x2, 0x1, @rand_addr=0xffffffffffffff86, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @common='bridge0\x00'}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000404000)='/dev/qat_adf_ctl\x00', 0x200000, 0x0) flistxattr(r1, &(0x7f000020b000)=""/228, 0xe4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_open_dev$usbmon(&(0x7f00000a5000-0xd)='/dev/usbmon#\x00', 0x3, 0x1) 2018/01/17 19:07:55 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:55 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:55 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:55 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80000) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x4, 0x3, @tick=0x0, {0x0, 0xfffffffffffffff9}, {0x40000001f, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:55 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 483.236707] FAULT_FLAG_ALLOW_RETRY missing 30 [ 483.241329] CPU: 0 PID: 23707 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 483.248678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 483.258008] Call Trace: [ 483.260583] dump_stack+0x194/0x257 [ 483.264187] ? arch_local_irq_restore+0x53/0x53 [ 483.268833] ? handle_userfault+0x12b7/0x24c0 [ 483.273307] handle_userfault+0x12fa/0x24c0 [ 483.277603] ? handle_userfault+0x150b/0x24c0 [ 483.282081] ? userfaultfd_ioctl+0x4520/0x4520 [ 483.286636] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 483.291796] ? __lock_is_held+0xb6/0x140 [ 483.295837] ? print_irqtrace_events+0x270/0x270 [ 483.300566] ? print_irqtrace_events+0x270/0x270 [ 483.305297] ? get_user_pages_fast+0x277/0x340 [ 483.309851] ? switched_to_fair+0xb0/0xb0 [ 483.313971] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 483.318975] ? trace_hardirqs_on+0xd/0x10 [ 483.323097] ? get_user_pages_fast+0x14e/0x340 [ 483.327662] ? pick_next_entity+0x197/0x400 [ 483.331959] ? __lock_acquire+0x664/0x3e00 [ 483.336165] ? check_noncircular+0x20/0x20 [ 483.340370] ? __lock_acquire+0x664/0x3e00 [ 483.344588] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 483.349762] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 483.354926] ? find_held_lock+0x35/0x1d0 [ 483.358968] ? __handle_mm_fault+0x3296/0x3ce0 [ 483.363521] ? lock_downgrade+0x980/0x980 [ 483.367643] ? lock_release+0xa40/0xa40 [ 483.371590] ? copy_overflow+0x20/0x20 [ 483.375449] ? do_raw_spin_trylock+0x190/0x190 [ 483.380010] ? userfaultfd_ctx_put+0x740/0x740 [ 483.384583] __handle_mm_fault+0x32a3/0x3ce0 [ 483.388968] ? __pmd_alloc+0x4e0/0x4e0 [ 483.392827] ? print_irqtrace_events+0x270/0x270 [ 483.397555] ? plist_check_head+0xe2/0x130 [ 483.401768] ? find_held_lock+0x35/0x1d0 [ 483.405810] ? handle_mm_fault+0x248/0x8d0 [ 483.410027] ? lock_downgrade+0x980/0x980 [ 483.414171] handle_mm_fault+0x334/0x8d0 [ 483.418204] ? down_read+0x96/0x150 [ 483.421804] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 483.426360] ? vmacache_find+0x5f/0x280 [ 483.430310] ? find_vma+0x30/0x150 [ 483.433872] __do_page_fault+0x5c9/0xc90 [ 483.437913] ? mm_fault_error+0x2c0/0x2c0 [ 483.442038] ? get_futex_value_locked+0xc3/0xf0 [ 483.446685] do_page_fault+0xee/0x720 [ 483.450463] ? __do_page_fault+0xc90/0xc90 [ 483.454674] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 483.459839] ? check_noncircular+0x20/0x20 [ 483.464051] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 483.469132] ? futex_wait+0x6a9/0x9a0 [ 483.472912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 483.477733] page_fault+0x2c/0x60 [ 483.481161] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 483.486928] RSP: 0018:ffff8801b56bf928 EFLAGS: 00010246 [ 483.492264] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 483.499505] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801b56bfd28 [ 483.506749] RBP: ffff8801b56bfa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 483.513997] R10: ffff8801b56bf858 R11: 0000000000000000 R12: 1ffff10036ad7f28 [ 483.521245] R13: ffff8801b56bf9e0 R14: 0000000000000000 R15: ffff8801b56bfd20 [ 483.528504] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 483.533678] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 483.538845] ? iov_iter_revert+0x9d0/0x9d0 [ 483.543061] ? mark_held_locks+0xaf/0x100 [ 483.547182] ? simple_xattr_get+0xeb/0x160 [ 483.551393] ? current_kernel_time64+0x122/0x2f0 [ 483.556129] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 483.561129] generic_perform_write+0x200/0x600 [ 483.565701] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 483.570954] ? current_time+0x88/0xc0 [ 483.574730] ? file_update_time+0xbf/0x470 [ 483.578939] ? current_time+0xc0/0xc0 [ 483.582720] ? down_write+0x87/0x120 [ 483.586413] __generic_file_write_iter+0x366/0x5b0 [ 483.591315] ? check_noncircular+0x20/0x20 [ 483.595570] generic_file_write_iter+0x399/0x790 [ 483.600308] ? __generic_file_write_iter+0x5b0/0x5b0 [ 483.605396] ? iov_iter_init+0xaf/0x1d0 [ 483.609351] __vfs_write+0x684/0x970 [ 483.613041] ? lock_acquire+0x1d5/0x580 [ 483.616991] ? kernel_read+0x120/0x120 [ 483.620875] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 483.625604] ? __sb_start_write+0x209/0x2a0 [ 483.629901] vfs_write+0x189/0x510 [ 483.633420] SyS_write+0xef/0x220 [ 483.636851] ? SyS_read+0x220/0x220 [ 483.640450] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 483.645453] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 483.650192] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 483.654919] RIP: 0033:0x452e39 [ 483.658080] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 483.665762] RAX: ffffffffffffffda RBX: 00007efe3e5a7700 RCX: 0000000000452e39 [ 483.673007] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 483.680260] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 483.687503] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 483.694747] R13: 0000000000a2f7ef R14: 00007efe3e5a79c0 R15: 0000000000000000 [ 483.736795] FAULT_FLAG_ALLOW_RETRY missing 30 [ 483.741351] CPU: 1 PID: 23707 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 483.748693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 483.758020] Call Trace: [ 483.760587] dump_stack+0x194/0x257 [ 483.764193] ? arch_local_irq_restore+0x53/0x53 [ 483.768839] ? handle_userfault+0x12b7/0x24c0 [ 483.773313] handle_userfault+0x12fa/0x24c0 [ 483.777608] ? handle_userfault+0x150b/0x24c0 [ 483.782086] ? userfaultfd_ioctl+0x4520/0x4520 [ 483.786639] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 483.791805] ? check_noncircular+0x20/0x20 [ 483.796010] ? lock_acquire+0xe0/0x580 [ 483.799873] ? lock_acquire+0x1d5/0x580 [ 483.803818] ? pick_next_task_fair+0xdc0/0x16b0 [ 483.808460] ? print_irqtrace_events+0x270/0x270 [ 483.813191] ? print_irqtrace_events+0x270/0x270 [ 483.817922] ? find_held_lock+0x35/0x1d0 [ 483.821961] ? __update_idle_core+0x305/0x600 [ 483.826431] ? __lock_acquire+0x664/0x3e00 [ 483.830639] ? check_noncircular+0x20/0x20 [ 483.834842] ? __lock_acquire+0x664/0x3e00 [ 483.839060] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 483.844221] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 483.849385] ? find_held_lock+0x35/0x1d0 [ 483.853428] ? __handle_mm_fault+0x3296/0x3ce0 [ 483.857991] ? lock_downgrade+0x980/0x980 [ 483.862118] ? lock_release+0xa40/0xa40 [ 483.866070] ? do_raw_spin_trylock+0x190/0x190 [ 483.870626] ? userfaultfd_ctx_put+0x740/0x740 [ 483.875190] __handle_mm_fault+0x32a3/0x3ce0 [ 483.879575] ? __pmd_alloc+0x4e0/0x4e0 [ 483.883437] ? print_irqtrace_events+0x270/0x270 [ 483.888169] ? find_held_lock+0x35/0x1d0 [ 483.892211] ? handle_mm_fault+0x248/0x8d0 [ 483.896418] ? lock_downgrade+0x980/0x980 [ 483.900558] handle_mm_fault+0x334/0x8d0 [ 483.904594] ? down_read+0x96/0x150 [ 483.908195] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 483.912749] ? vmacache_find+0x5f/0x280 [ 483.916698] ? find_vma+0x30/0x150 [ 483.920222] __do_page_fault+0x5c9/0xc90 [ 483.924262] ? mm_fault_error+0x2c0/0x2c0 [ 483.928387] ? find_held_lock+0x35/0x1d0 [ 483.932428] do_page_fault+0xee/0x720 [ 483.936201] ? __do_page_fault+0xc90/0xc90 [ 483.940408] ? lock_release+0xa40/0xa40 [ 483.944351] ? __lock_is_held+0xb6/0x140 [ 483.948390] ? do_raw_spin_trylock+0x190/0x190 [ 483.952960] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 483.957782] page_fault+0x2c/0x60 [ 483.961206] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 483.966971] RSP: 0018:ffff8801b56bf928 EFLAGS: 00010246 [ 483.972306] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 483.979547] RDX: 000000000000010d RSI: ffffc900020bb000 RDI: ffff8801b56bfd28 [ 483.986787] RBP: ffff8801b56bfa08 R08: 0000000000000000 R09: 1ffff10036ad7ee7 [ 483.994031] R10: ffff8801b56bf858 R11: 0000000000000003 R12: 1ffff10036ad7f28 [ 484.001273] R13: ffff8801b56bf9e0 R14: 0000000000000000 R15: ffff8801b56bfd20 [ 484.008527] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 484.013697] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 484.018860] ? iov_iter_revert+0x9d0/0x9d0 [ 484.023073] ? mark_held_locks+0xaf/0x100 [ 484.027189] ? simple_xattr_get+0xeb/0x160 [ 484.031406] ? current_kernel_time64+0x122/0x2f0 [ 484.036137] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 484.041132] generic_perform_write+0x200/0x600 [ 484.045706] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 484.050953] ? generic_update_time+0x1b2/0x270 [ 484.055513] ? __mnt_drop_write_file+0xd/0x70 [ 484.059988] ? file_update_time+0xbf/0x470 [ 484.064200] ? current_time+0xc0/0xc0 [ 484.067979] ? down_write+0x87/0x120 [ 484.071669] __generic_file_write_iter+0x366/0x5b0 [ 484.076938] ? check_noncircular+0x20/0x20 [ 484.081148] generic_file_write_iter+0x399/0x790 [ 484.085887] ? __generic_file_write_iter+0x5b0/0x5b0 [ 484.090971] ? iov_iter_init+0xaf/0x1d0 [ 484.095096] __vfs_write+0x684/0x970 [ 484.098780] ? lock_acquire+0x1d5/0x580 [ 484.102728] ? kernel_read+0x120/0x120 [ 484.106609] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 484.111335] ? __sb_start_write+0x209/0x2a0 [ 484.115635] vfs_write+0x189/0x510 [ 484.119154] SyS_write+0xef/0x220 [ 484.122587] ? SyS_read+0x220/0x220 [ 484.126184] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 484.131171] ? trace_hardirqs_on_thunk+0x1a/0x1c 2018/01/17 19:07:56 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r0, 0x540b, 0x2) 2018/01/17 19:07:56 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:56 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = accept4$inet6(0xffffffffffffff9c, &(0x7f000053e000)={0x0, 0xffffffffffffffff, 0x0, @remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0x0}, &(0x7f00005db000)=0x1c, 0x80000) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00004e4000)={@common='bond0\x00', 0x8}) r1 = syz_open_dev$sndmidi(&(0x7f0000e2c000-0x12)='/dev/snd/midiC#D#\x00', 0xfa, 0x40140) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000530000)={0xfffffd8b, 0x0, &(0x7f0000d00000)=[], 0xfffffffffffffe2f, 0x0, &(0x7f0000005000)=""}) mlock2(&(0x7f00009c2000/0x4000)=nil, 0x4000, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) 2018/01/17 19:07:56 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:56 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f00000fc000-0xa)='/dev/dsp#\x00', 0x80000001, 0x0) getsockopt$inet_int(r0, 0x0, 0xc, &(0x7f00005c9000)=0x0, &(0x7f000030b000-0x4)=0x4) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00001fe000)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000b44000-0x18)={0x0, 0x8, 0x6, &(0x7f000044d000)=0x0}) 2018/01/17 19:07:56 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:56 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) recvmsg$kcm(r0, &(0x7f0000224000)={&(0x7f0000875000-0x14)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, 0x14, &(0x7f0000ed3000-0x20)=[{&(0x7f0000692000)=""/31, 0x1f}, {&(0x7f0000e77000)=""/121, 0x79}], 0x2, &(0x7f00007b5000)=""/202, 0xca, 0xd2}, 0x2) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00002fc000-0xc)={r2, @dev={0xac, 0x14, 0x0, 0x15}, @dev={0xac, 0x14, 0x0, 0x12}}, 0xc) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:56 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 484.135907] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 484.140635] RIP: 0033:0x452e39 [ 484.143795] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 484.151475] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 484.158716] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 484.165957] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 484.173201] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 484.180442] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:56 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r0, 0x540b, 0x2) 2018/01/17 19:07:56 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:56 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:56 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r0, 0x540b, 0x2) 2018/01/17 19:07:56 executing program 4: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:56 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:56 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:56 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:56 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000a7f000)='/dev/snd/pcmC#D#p\x00', 0x3, 0x0) bind$bt_hci(r0, &(0x7f0000800000)={0x1f, 0x10001, 0x1}, 0x6) socket$nfc_raw(0x27, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) getsockname(r2, &(0x7f0000f73000)=@generic={0x0, ""/126}, &(0x7f00007d2000-0x4)=0x80) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:56 executing program 4: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:56 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) pipe2(&(0x7f000026d000-0x8)={0x0, 0x0}, 0x800) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f000007d000)='/selinux/checkreqprot\x00', 0x200, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000a3b000)={r1, 0x8, 0xfc, "1cbfd40f9a7e7038909130946a76c7b555728380319e5958e6cbce59ac7263bda04fd1023f85f09d0ceb94ee2b4a20437eeb1bfa00b7e2a94c2fda43e3cd367864a3b05b8577deab7e915e07250bf89fdc45394c91ae4c3e28abd60b66f51c799061e55ee9c72c7ec76433507f3b31e9e3e077f8f730c161a3cf07d9dca9138404c280e360bb7b21b1ee6c3a7b1d57efe77b8fc3a853e78bcec8c065c55cb77a4db2372a5ded9bd846fc35fbb9110282f8704bd303748eef71fdc68b98a2e604e55b5c06be4e811b2c63ff5c67f36f876c0523dbb939b05a54b417a640fe908d69cebbc8eec404d1fd8385b20c5098461153bcb6be2af18963e53cff2395cca9f1f948d94b03599cc57c78ae496a61faf59c7e10e7db98850c538441292a8f63d1ea77c0520fcc93b32c5d69c1a05274cf82dba935e8b1fe20c5339dc0bf7b52a3e2235401994efecc3acd390e85f0e7a16b4ad233891eda7e528e486ac946a98c1247ff05b01aba826f66fc8819c51b65d4564cd2f655c8777fb84da515e6340af4148cf3e142715f49ffb926a454c4e32206944c000a28d5806c6382f4b4a352622a59dd7ca29d90ba85880a7f8f6ef9a56bf71505563ed1d6ac921e51e35b72eb563d33e4a5f068ae67e02d7ddde59ed4f39632b8a9b85a7cf7a2fd31b523d068d3058860cb19362a42dba9636c8a973d5756fbfbf5e980549ac556147f657db06075e3936530ef85309ebbf5124cc4a7a76d866f663bb63dc3ce4ba78a4539a29a9b8b9b21bc5f7fa1e246741a39d1ed6035b2735b00bb2fb921cf82c0d53b15ac6c8be12fcbb46f81cea0459cc5a1efce5d7bd729ac3ed595d547c3560da7767be551a3c2ae6cafe7f8bf317e9b1b0f93799e5e08008551c8136eebd7666a36d696d1c39361b30c6de398c559641f25ef1543d58b8fa0398ce3875d1cb867937e8b0c2bab89ba3487926e7a9491e98caebb0829bbcb4966c6ec7d27f920cfdf0354be41841da205262bce503ac73be9e34e6ef54549bf7087448a4002e1a81eb85451add95ba6c6b672bf54219c9f602b7c596feb99e1f690083861ddb93ccf68b54396d33be6b65054d6599777d6c98464ea7282d72db610c840a2faf7a721ad65bb088a939eb59a2ac1bb2ff64b5c7d53d43cf676717726e1e1d60284078cb64ef9b644588441e1c57268c9d229f7cb6b967c6a92b1f06fa5646cef8ebfe9c81a60d573ef28b784de3fa9be4baa258663c0ea28ce01f0f010234e954f8593d0e5886af2bb2de2bb89b3c160a6e845e00c7e82c1b426e6a92ea21317fc47437af0ae92d358c96e729b687744be24b265b1152a052adc487df15cb52420a4318bb46c22e43e3aaf634e0643425ff4262bd64a1409fc9c5b52cc41b58545bb5076d62fb167a492bf29ade8de05e604aeb304545cd6afdb1329386774f874ffc9b908f9fc0d7c54677e9a88c7cfd75ea7c67dba9ad4a41292496fa5bab409622c06b8489062eb8595963d461d8798cc9bb7df1d65c0e50f9657975c77dfff5e1f6206b49f552ca1b353cf444d6099c25fe2b149eea0c5ad1e0638d9f1cd46828a6daffefcad5a17e18e2b9a76b8b33566574f8ac710292deb85d086c9eff8ee44c011ffe2a6884da2d337853e87663de5c88259e36badebe7048b0c74969bbc95b26cedad4e7523a8b549733fd8b9eb15a0f6c8d83e122d5e44ba5ebf85eb349f97b755d7d971d9c3413c23da50403037aa2a1374236a8f02c2d13adda9ac96cbbcfd99de75bc080a3eea919a1aa46bab65b9abba4008dd1fa2b00a05966c7a823abf3000e690e362a598b3fb05e100ad85c232b5c756e21a54fcc282e89fb762fb85be3fb777a938be17bfe081eff2467a75ad8ed9225b0cd9207e49ff2fb784f0098df7c067abc60917ec7e147e608a9cbc769f39372331bc8b3122079c692a1426481d2a867bfd73dd927069a30f07ee572180d4da1027aacfcd946d60d5e3cb1257155aafdec716478bb5c03a546c97954df55917ff7384b40d88c28ff3f334c1399e3cefeecdac77f3d546c093880049e9583fff65924d19b663cd97a3b43001cc3bc866c9b23d84641d0b2f11ba0358a17ea5da62cad4648ab82ad6d3001d32940530504d4a8c76939a8492f277d83b7f5b929ca3b139e1fea99661e8e59b144c7f130a7650ba0b284fc3ba1ee0344fe9352ac2d96154014dd81ba9128c62f1e416f3010545685b3f04e1dcc6e2384699c73b54d2fc04ffcc44253d40691caa2614326be185bac2ff832f03de6a89446664a69c7ad4ff708be4f21348199295b8831b8d9ea2cc455300f965432fa7cfc11dc13c18c46c1897467accd016bf37e8846b5a6fa765f1ed542c39fc8cc3e97818fa6a45365e73bf6bb51e5ab7724b34a322facb5343c9026e2284eed6a57eafd963e90ef5058669c01bc84a0137fe4596b257e1f4bde78f6e1602fefa04bac9dc65f5524f82c34d5315f973d2cc023b4706f37d350159a2121f68bc9b837615ffb31c3852d598ea2a364027a4e3c6e9ced0b64559fbac21d763827789dc63ed8a924068bb0a18caad3bf75ab6978a27c2a603851a9d78dc9e194ce0bdb6756607818204c817a238e8b178a882e0d1250f84435f11e7969ae7e990e8a622c865671c0f8a8436c5c795f0a9861829b9444cf48aff1f6db36c91c6f3c1cddcc44a7fdafea7f39e8fc73ba0b0c83fb5650e78946b75d7dc2cf819366c124b8c6cc5c1a6c76749c7e43aec84e4beec9650e0397fa5304f4d4bf1d3e915a8f673e9eb6eda452c88de74eb090b8baf03fced9bda5fdee781d397f7d2642bd03958597f1a70c37e8cc38a7cfdcfece6c90d5ccf248c43bc68970e790e8e6a650b671af8945f066602ea0fe265a1125cf05dbc1451efa2e9e4c9c96d30eac9c928edcc1e29cd36499272b10fee6f0637a78ba89fb5f15bf3a63f6e35d6dd4cb25d0e3808cc9d08ce597f28300774ec4dfdef4a7a9658cecd903eaa3dbd7aa4ef80be5f2cb8ac28f498f3e6403148d17683bb6e4878719360448f5f148a500f8aba6813ef6f0ecdeb5321bb8b883ad97f23bec0db3d81e043104edd93a918669300864e2d49cd676879d6a8701e5676d62ef5b281f82d884d210bc7686aef624e4830fcb587d5f97a2fbfd930e4e7312f3b8b2c6d07fc79e7f9cd3275e56f4fbb56d2bd0a5d1678a3539a6bde719e34418f7041ddeb74e06ae47db0dfa937cb79a9b28574c98ed27a1bdb56792e2ce821d8569cbd1b8f2a59a9cbec7d04ea90e8016f0c95783bfd97ef6b328a89f934cb01273362d180af2a077a021f26f16d013b61548504aa43ab75698dc24ad0501e7f60497f0ec01b3ecfb3223a4f6f3088d074054a2eb29020a32928d473fea248d346a72efd6ef181ef4514bea3b4bf5b52e7a8f9dbb9da4e6b5d5a0d4f82aac521448fd6957394e889cbfe59a4d41b96359924c85cc085a85ab287c64522c0e973d2ac5db28c2d794f10719059ae3e1df8f75b1a9e08b80c84e6d35c5813757b77017548a912d419e7e22b6af6d7a9ff0bffd6ac4705a36c8688956e1595378e70bce1369ec98b4f7f7f938414deb080cefc360384b2dc2a32c8b89c648df5b70ffa93bef46ebf21c866cd2a6344d5de95c1420a9860bcb3381db7f688909993e5ee0ae7f556227f6b876204eeb5c96d235aa64dd394ff3bee92f6ffee13d7370e973079114867ab4284e29b50b4365b869959dddf14261d28de9587dc62cc21e58d89573ad09c75e96c9659bf3dc7ca369f65d0fc34b884f3a055032daaeb66e6fb865eea36ac808ed99330ea9c3508d3594c5c739e41ee68b1fc05cd912119868013bb212b8d16e705f04441e91240a8d3ff640ada81c66c3650a2d82b25c2d86740d48b3168fc9be3fb5dac689e30e48bf1e55777fe283aa26eb3a5d057ccbecbdb132d2849b4bb641c3f867c293815beea2a040631052628f0b1da8bb4df75817d2e300c00fd36f930228cc7db3ee80caf1b94ede8eee0a196b1119573106ac22f49061148b5806a939c66d84bef65a3f868fd6df97619d665d4a323f758de653892c2b4ffe3b99e71a037ba8c80e9930cf907e4c2828798fd11c839d60eb22257746c096ed0e9155c9a716c4acd90f223019237688be01cf72052f308c8f269023750ab5ebffef6c07cf49bab27c83b808b092ee222ea1c9cdd003bbab4691cd95b1c8fdd10a18aeb4c75fd1af28d8bcb416eb14b313f10da6442e332e5874f02fcd3fb5b710b81f4f456978677a981601b8d6580d35af5f14ae0572dbf7573618658eb6087f439fc1287c0678d65e39438d4b2d1a466422a626146669d0ac11c9cb73280811597b84a6019a8add7d19b1b36e81884e4095589350243533f5e55592d6807d0d10c0c8d88ba947e10406e764faa7dce3e16d8a9329d66bbac47da973189bd79f5ac5a7ab254a3c5551568bd459ede31ab713bd62d2c719b7b7d520068c6058ae854c260559d186cd0f52defd529bca6eea00ce52a0aff30bb9ad91958b4b7d3124321e5d51c612c2399b7d6cc50e74d52f5f5af8fcbd2babff8b492d370d924a7cdb7ed923697404ec2fab87043ad05ef3712c8ae411fff7f17e205120a27359ed56999a20aae6884ec20fe318b7f4e126184219e42fe6d7330df4b523ae60faded26dce6155f0119c2d0d52599d9c838f13ec9a3a9d9ed0e799eb56361c8b8a957866c4c73870e710a26267639f8ecb76639907585db811417a5264d9fe5b468df6602f2d33227de3143acd02b9142733fc0b25de087524aec549b9e985e38335b555f255bd67c7a9671df9d628ee3a1e65d350567331946d24498c9459c152adc93c89d096a59a82a98e6ee51b5e62c7f05d4f5c9ae822eff3e34001dde3d11813c72bd75fa65d4b402d786522ad0a97818c409cc7540925c2b7a8bcb33a0ebc3952d691b4cbc4ecbf2bb7695f361bda4de802669454a63a53767c2de13961b4cd18434f90faff2a318753d7a96085195f6bc8daad3a0d2872371a98f4b7e44d2dd78bd4a69c6a8f3bbe979345dd02b49cb2717a1cac81ef31dec6402aa7b53243db4c7bd9b6779d9bb0d67ae9307c884bbc94f7e590f5e7307f922d1aa036eab5a9028fcfd85027533328cce723faa592a47592093a79a3fb79b9831b3867b6f514872c46ded35df24284e703cc57b5ebdb7a68cf9e03e963229111de3a47b5930be4eae140beae1ee7a81e2c9811e8066c9cae05caab8fd83c64ff52286f2390c8e8f8a47bfc39c768edf7eec1d54ea2a6e102430a6acae4b346044cb207c03f2ca19ad92ca55fa1970186afcdf12279ac35adbb7c739a0cc5b827b20dbb58005341d3fd5163f90950c907f8502372731fc8f3429ca4accbc7029f44da94b727accd8efd7f63a895defc191dd9d733a826d448f0429bf5c858f5a5359049de3365e5eafe2188b19ac8d3011089ab366ecebf5e6bd1b7e5bdfcd188ee331dd321d5dd4fee7defb7f713885a120bc65f2cdf9d2276970b6e2c1856d73de1f2cd035115db921ac696b15dd3572faeb77ba39f5f14cb27b66d494878a1728e61d02ca0a2b2e9b6aeb64bda862090a9b0bb4eaa6432a2f292390083c1a669631618582589dfd073bdcfba954f2e13796c5b2eb696e16dd92ab173715263eb72078aa4950cae6a1ab3d1e8de996ef286c06da39f8324cc7d89d9993e3b5b57f26bca5ef37ccc5355ff2d287baad38614d5abb54fbfdccc103157dc5962a6fbc9783739aef718a99fd7e4ca343c354c5f621633784994e2f"}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) dup3(r2, r2, 0x80000) 2018/01/17 19:07:56 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:56 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) [ 484.320095] FAULT_FLAG_ALLOW_RETRY missing 30 [ 484.324894] CPU: 0 PID: 23749 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 484.332264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 484.341617] Call Trace: [ 484.344205] dump_stack+0x194/0x257 [ 484.347837] ? arch_local_irq_restore+0x53/0x53 [ 484.352515] ? handle_userfault+0x12b7/0x24c0 [ 484.357418] handle_userfault+0x12fa/0x24c0 [ 484.361733] ? handle_userfault+0x150b/0x24c0 [ 484.366216] ? userfaultfd_ioctl+0x4520/0x4520 [ 484.370789] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 484.375979] ? find_held_lock+0x35/0x1d0 [ 484.380029] ? print_irqtrace_events+0x270/0x270 [ 484.384784] ? print_irqtrace_events+0x270/0x270 [ 484.389525] ? cpuacct_charge+0x2e6/0x5c0 [ 484.393662] ? find_held_lock+0x35/0x1d0 [ 484.397711] ? __lock_acquire+0x664/0x3e00 [ 484.401920] ? check_noncircular+0x20/0x20 [ 484.406126] ? __lock_acquire+0x664/0x3e00 [ 484.410332] ? lock_release+0xa40/0xa40 [ 484.414283] ? __lock_is_held+0xb6/0x140 [ 484.418324] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 484.423487] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 484.428653] ? find_held_lock+0x35/0x1d0 [ 484.432694] ? __handle_mm_fault+0x3296/0x3ce0 [ 484.437250] ? lock_downgrade+0x980/0x980 [ 484.441374] ? lock_release+0xa40/0xa40 [ 484.445321] ? update_cfs_rq_load_avg.part.69+0x2d0/0x2d0 [ 484.450834] ? do_raw_spin_trylock+0x190/0x190 [ 484.455398] ? userfaultfd_ctx_put+0x740/0x740 [ 484.459974] __handle_mm_fault+0x32a3/0x3ce0 [ 484.464363] ? __pmd_alloc+0x4e0/0x4e0 [ 484.468224] ? print_irqtrace_events+0x270/0x270 [ 484.472956] ? find_held_lock+0x35/0x1d0 [ 484.476997] ? handle_mm_fault+0x248/0x8d0 [ 484.481211] ? lock_downgrade+0x980/0x980 [ 484.485355] handle_mm_fault+0x334/0x8d0 [ 484.489389] ? down_read+0x96/0x150 [ 484.492991] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 484.497549] ? vmacache_find+0x5f/0x280 [ 484.501499] ? find_vma+0x30/0x150 [ 484.505025] __do_page_fault+0x5c9/0xc90 [ 484.509076] ? mm_fault_error+0x2c0/0x2c0 [ 484.513198] ? __lock_is_held+0xb6/0x140 [ 484.517236] do_page_fault+0xee/0x720 [ 484.521017] ? __do_page_fault+0xc90/0xc90 [ 484.525506] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 484.532662] ? check_noncircular+0x20/0x20 [ 484.538526] ? check_noncircular+0x20/0x20 [ 484.543426] ? switched_to_fair+0xb0/0xb0 [ 484.547549] ? __enqueue_entity+0x109/0x1e0 [ 484.551848] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 484.556671] page_fault+0x2c/0x60 [ 484.560099] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 484.565871] RSP: 0018:ffff8801b65ef928 EFLAGS: 00010246 [ 484.571215] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 484.578457] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801b65efd28 [ 484.586133] RBP: ffff8801b65efa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 484.593386] R10: ffff8801b65ef858 R11: 0000000000000000 R12: 1ffff10036cbdf28 [ 484.600628] R13: ffff8801b65ef9e0 R14: 0000000000000000 R15: ffff8801b65efd20 [ 484.607889] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 484.613061] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 484.618227] ? iov_iter_revert+0x9d0/0x9d0 [ 484.622438] ? mark_held_locks+0xaf/0x100 [ 484.626567] ? simple_xattr_get+0xeb/0x160 [ 484.630778] ? current_kernel_time64+0x122/0x2f0 [ 484.635510] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 484.640504] generic_perform_write+0x200/0x600 [ 484.645076] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 484.650326] ? current_time+0x88/0xc0 [ 484.654107] ? file_update_time+0xbf/0x470 [ 484.658316] ? current_time+0xc0/0xc0 [ 484.662095] ? down_write+0x87/0x120 [ 484.665788] __generic_file_write_iter+0x366/0x5b0 [ 484.670689] ? check_noncircular+0x20/0x20 [ 484.674901] generic_file_write_iter+0x399/0x790 [ 484.679646] ? __generic_file_write_iter+0x5b0/0x5b0 [ 484.684730] ? iov_iter_init+0xaf/0x1d0 [ 484.688683] __vfs_write+0x684/0x970 [ 484.692370] ? lock_acquire+0x1d5/0x580 [ 484.696319] ? kernel_read+0x120/0x120 [ 484.700220] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 484.704954] ? __sb_start_write+0x209/0x2a0 [ 484.709251] vfs_write+0x189/0x510 [ 484.712768] SyS_write+0xef/0x220 [ 484.716196] ? SyS_read+0x220/0x220 [ 484.719794] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 484.724784] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 484.729521] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 484.734246] RIP: 0033:0x452e39 [ 484.737406] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 484.745086] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 484.752327] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 484.759569] RBP: 0000000000000062 R08: 0000000000000000 R09: 0000000000000000 [ 484.766810] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee9d0 [ 484.774054] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 484.817540] FAULT_FLAG_ALLOW_RETRY missing 30 [ 484.822744] CPU: 0 PID: 23749 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 484.830891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 484.841198] Call Trace: [ 484.843789] dump_stack+0x194/0x257 [ 484.847428] ? arch_local_irq_restore+0x53/0x53 [ 484.852104] ? handle_userfault+0x12b7/0x24c0 [ 484.856602] handle_userfault+0x12fa/0x24c0 [ 484.860924] ? handle_userfault+0x150b/0x24c0 [ 484.865435] ? userfaultfd_ioctl+0x4520/0x4520 [ 484.870015] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 484.875185] ? find_held_lock+0x35/0x1d0 [ 484.879222] ? check_noncircular+0x20/0x20 [ 484.883432] ? print_irqtrace_events+0x270/0x270 [ 484.888159] ? print_irqtrace_events+0x270/0x270 [ 484.892888] ? find_held_lock+0x35/0x1d0 [ 484.896928] ? __update_idle_core+0x305/0x600 [ 484.901401] ? __lock_acquire+0x664/0x3e00 [ 484.905607] ? check_noncircular+0x20/0x20 [ 484.909814] ? __lock_acquire+0x664/0x3e00 [ 484.914044] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 484.919206] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 484.924371] ? find_held_lock+0x35/0x1d0 [ 484.928413] ? __handle_mm_fault+0x3296/0x3ce0 [ 484.932966] ? lock_downgrade+0x980/0x980 [ 484.937089] ? lock_release+0xa40/0xa40 [ 484.941040] ? copy_overflow+0x20/0x20 [ 484.944900] ? do_raw_spin_trylock+0x190/0x190 [ 484.949471] ? userfaultfd_ctx_put+0x740/0x740 [ 484.954055] __handle_mm_fault+0x32a3/0x3ce0 [ 484.958446] ? __pmd_alloc+0x4e0/0x4e0 [ 484.962307] ? print_irqtrace_events+0x270/0x270 [ 484.967042] ? find_held_lock+0x35/0x1d0 [ 484.971082] ? handle_mm_fault+0x248/0x8d0 [ 484.975289] ? lock_downgrade+0x980/0x980 [ 484.979432] handle_mm_fault+0x334/0x8d0 [ 484.983473] ? down_read+0x96/0x150 [ 484.987080] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 484.991632] ? vmacache_find+0x5f/0x280 [ 484.995581] ? find_vma+0x30/0x150 [ 484.999096] __do_page_fault+0x5c9/0xc90 [ 485.003135] ? mm_fault_error+0x2c0/0x2c0 [ 485.007256] ? find_held_lock+0x35/0x1d0 [ 485.011295] do_page_fault+0xee/0x720 [ 485.015072] ? __do_page_fault+0xc90/0xc90 [ 485.019279] ? lock_release+0xa40/0xa40 [ 485.023238] ? do_raw_spin_trylock+0x190/0x190 [ 485.027803] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 485.032623] page_fault+0x2c/0x60 [ 485.036316] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 485.042083] RSP: 0018:ffff8801b65ef928 EFLAGS: 00010246 [ 485.047417] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 485.054667] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b65efd28 [ 485.061908] RBP: ffff8801b65efa08 R08: 0000000000000000 R09: 1ffff10036cbdee7 [ 485.069147] R10: ffff8801b65ef858 R11: 0000000000000003 R12: 1ffff10036cbdf28 [ 485.076389] R13: ffff8801b65ef9e0 R14: 0000000000000000 R15: ffff8801b65efd20 [ 485.083640] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 485.088805] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 485.093969] ? iov_iter_revert+0x9d0/0x9d0 [ 485.098182] ? mark_held_locks+0xaf/0x100 [ 485.102300] ? simple_xattr_get+0xeb/0x160 [ 485.106510] ? current_kernel_time64+0x122/0x2f0 [ 485.111242] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 485.116235] generic_perform_write+0x200/0x600 [ 485.120808] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 485.126058] ? generic_update_time+0x1b2/0x270 [ 485.130614] ? __mnt_drop_write_file+0xd/0x70 [ 485.135082] ? file_update_time+0xbf/0x470 [ 485.139292] ? current_time+0xc0/0xc0 [ 485.143068] ? down_write+0x87/0x120 [ 485.146759] __generic_file_write_iter+0x366/0x5b0 [ 485.151659] ? check_noncircular+0x20/0x20 [ 485.155872] generic_file_write_iter+0x399/0x790 [ 485.160605] ? __generic_file_write_iter+0x5b0/0x5b0 [ 485.165681] ? fget_raw+0x20/0x20 [ 485.169108] ? iov_iter_init+0xaf/0x1d0 [ 485.173064] __vfs_write+0x684/0x970 [ 485.177532] ? lock_acquire+0x1d5/0x580 [ 485.182783] ? kernel_read+0x120/0x120 [ 485.187988] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 485.193325] ? __sb_start_write+0x209/0x2a0 [ 485.197624] vfs_write+0x189/0x510 [ 485.201141] SyS_write+0xef/0x220 [ 485.204572] ? SyS_read+0x220/0x220 [ 485.208169] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 485.213158] ? trace_hardirqs_on_thunk+0x1a/0x1c 2018/01/17 19:07:57 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:57 executing program 4: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:57 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:57 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:57 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000ddb000-0x10)='attr/sockcreate\x00') setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00001c0000)={0x7, [0x9, 0x4, 0x6, 0x4, 0xfffffffffffffffa, 0x5, 0x8]}, 0x12) socket$nfc_raw(0x27, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000c39000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:57 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:57 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000f8d000-0x11)='/dev/qat_adf_ctl\x00', 0x40000, 0x0) getsockopt$packet_buf(r1, 0x107, 0x5, &(0x7f0000c44000-0x3c)=""/60, &(0x7f0000488000)=0x3c) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000c6b000-0x1a)={0x16, "a87c635dc7a4f945bdc2816e6b44a824e684ea21e405"}) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000610000-0x9)='/dev/dsp\x00', 0x200001, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000970000)={0x0, @in={{0x2, 0x1, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x4, 0xfffffffffffffffa, 0x0, 0x5, 0x7}, &(0x7f0000005000)=0xa0) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000b7a000)={r3, 0x1ada, 0x1000, "8ca5408a8bccdc7830a5a27b93964285a567b30617fb5e2edb031372cf3f86856304327e3661f0dcc4c7df416f489e077a94a3c6379887a64658b2ba8c1414c57f369da7226fba18286fed5c7599d6b0cfbe5486664ae485458b849f8c0ba414178c1081ade2aa13a23046acca8004878e7442fa132e50322b1884646dd61c52b7d444f0fbccc1c7405986f3c10d9b7745296a97aeb0819c9cba38d653cf11eef146df4c18817a550ecfdf7c7a08fa129557e2a841a0c79ae09ed943c30fb2aca56d93a011afb01a4965ae6ee901258e13cee1eca05656fc953f0d594c14888be87aa1b4fda064e771a7338734eff9891a4efc238836a0176f633979502ae3819ac9726c145f173a0bb2651460db3008e9acd211c09d29959add0f0d9071ccb48091de6d3f0decabe0576ae70657ca9dad49213448408d1e782fb244ff18aba712159f57b1dddcb1d5707b42c2c82e7a5cb197222a7b0cb720644ce806ca8bb7e865840771d0b9fa62d8369cd7a132e2cb3705bacbfead90b54d6e6539b317f4affb7b1d330c609df904b61ef7508cd1d1de90eae0339986fca04b597b7cbbd3d9928326eca9ad4d5ea0d0b59be9f981ab88c953e607f304ef0c4e2c20bdcb4ed78b7945dfc53915ca4af13e47abcaa7de6ece9c08fd3842669c5a6086e52673432a775d50fe1dfaf5dbfdd0daba80cc340c61269f1e85697d2266ca575137a81f4f14d112343e47b629c8586a6bf2b3a10059b4d89fa453281d16d7df9c95fb4cf215cb090d505117da7d96650a51aca2cea293db40c1795f0bac8cc9018de7bc9fb4f90061c9125b720da4a3df93b8b58b5c059cc4801e61070fd10558d3ba209c3c23ee06f33d5cc2dfe07f484f311e9b6c9c02d0fe95fe754a06dc5d2696e6feb53c1cbbda7158958fdeadd8bb918952c2b2b6bbb2a7f5abbe42320b160b086f85b3599a4bc2f6e9fdc1f2512c8a922e18ea70d02ef2d8e3405cc140fe100ebc0a7736901b953535b919ad254559c21a868d7430f7652e4eae5f1563fe817c235eca69cac4799cec901c6e215d6b9caec1260dd19bbab52db250a0eca9711214587aa71a7393395d9ee0d35264cd0002f75571d9ce1ee5906c8b671c18972134a06a6488baedb9d78b00d9052aa8c92ddfb6216009e6902534c9aaee95392743829f33402832219292e07cc38ba735b9c33d30a079387694ec5dcf86602d8227f77165b4fe8cd0c71b70ac3561bd67f3adfcc0189c8d1b6bd06f514bfdcfc3fd08aba9ef7bdfec685d505da6fbd4df0832fd7caad953a00ad98ff65980cda728aa7390926d881871ed810b608672bc9f91af2e66516c2642d2038b7e0914f017358abb2aca91ca0f7f17fef422c9481477d675e421d1e3a39bf3cdc51af4553e37ba99d5cdf169e46da5afa135d0600c0d3efd0250c019e7460c9929f537fd20d4adcfba1ef95a85e34e3a9a6d54fadc673f819a1e62a0888abf9e9ea03b597948d71babef9868d7cfb33732c4f705f0d1a8679dcb218a143712e6ff796ed2418a2fb43e5bffc28ef50e842bbaca45896922beb8a9a654875dea32b46babf7498ad5716ee730623eed56c9c13a012ddbdbd011090727a9e69ffb0c4230adaf7dbeb70a1169b36898023679a2f89f9e6590e4ec6a68daea98f52652eb8db7749401335f45bd35c5aeaf7c6e89113558042e473710b1cf902742f3d9de1ba60ff8c280b622a4ae2f0522514cdbb028b05cb3385ababfc90714155c75258a09c8fd50949150557a66738149cb8857a34717f0ed764b7dc39c2727a0b1c6ad3d3fe5c067d949c447aa16a9385dc5b48765160b457dfeacf6dd9ae2a58e38aa7c1004539ed09d30549859a138e5e3f86355df06bc0712101ee71736e41736b3401a64bb3a722c16670e1b31a633436a151d946797004ff9102c74df96fb2d9dcdde9e03113c314ce203f368313d96816badef9ffbaf3f8dcdc0ceca5473e1595c35ce464058cbf7c1ff35e6780137eafadb8f33df1714f8fad89c62ac240fdb20e32105c424159d896d7d7972e9de93c37037d132d3d87e33c9b20b7e03cfb7945c507593fb369c8196ac98ef293b9c8399bcf5839852afbf19ff74749d49ab7326b9085d27d599ab326465720270fa6a11fbfacc3e6ba3f685400378a24c55ffccf28b8180e4d495348aa93201373969ddd195eece2ab5ea8a7c1a35b667daa49e9ba0c66f489077055db2e19ab102f39087dbc882f16f14f7334d6efd00d84ea28c9aa092d5037a0255bde6854d07144d28a3b83dc3ec304f5427cacf287b6735f14137521f4953960fc21930698297a945dd85ab5b94ed6a8eb306cfded2dae4f5c6baa79ed8f5a58f82028737d85e4c0776aedd24ed82d53647cd777aa6bd3c65bfe81e7213ba88ceabe7d8ded921a94d43c37ccdbbf211cb68ab2654898a0dfb0c42a0bb09e172b708d4403dd0e5703820879c035e466835a7a5315ae84b005774ff95020518581b35ee1696e849d9b69df4c790b08444278ab75d8f286eff132e5912fca168a434bc7102b481ae03fa39c29131b364bd777d82111cde4862a0514b1072d9e5f0adcd661067908a0152d4fa802e11978b1bb9270624bacaf0e01b6d18d86cd587797c18f755a31f65937a10eb0f99a0a22af56eac328a46fa0d907c02020b9646f98c858f83b0e07d4037bf36ff1626ed79b55051dbe5929cfce4ad22dbaf2d470cc698e9c84227baebb2cecdb7bdc00ddc739a383b78f3c30742e8daf38bfb9d06dc7b11e190c351a4fdbf3717833f2f6764a61475acb7c0ac5e80f5c9b0bfe579fca542a8c0377aacf6bc822d89c9b03c0b7cb6999a06b3b679795394c45d7b4fada9dd1c54c3db34378b138efcdeb5bac85afdf2b6cc6bde7bc209651a1d02bd997495f05299a6d0450232912f6b1ab0b3c040b948deff798d35f92db34a105566a6bdada078055724e99ec031f3e464226bb0bcdab64409affcd01ada43fbf08dbb98008fccc5eaad5ad9bccef1158af21f644c547012f014faf5c0a5ce2a4b5cf6a6e59c68178ffb5ea7b8ed9612612e43ed6a284f7c1e07a708c6761b83a05a4f0254ce751a77c5669f91f0a661947ac498c216e4b4558b44a4d132c015cac2f9e73f4fc51c66c07facc624db4fc5d0aca38c49c5b593db50de816b194ff2819410960c55fd9e3109db8ab61b4d997fcc831483a52d41669e5b5b232e59323e93b38ef8e60d2a64569e40169a94c21c252483d991299a1c55fe264985ad60a1a138d6145f19aea1f890c5572be96a69c0c91f7b6094b313e6be3b72a1222385f3fe119fb81620002a3858731b7fb8fb9800a6f9a0cf7957baeca3d9890f1a5338019806b36de1fe768c809f1e6b86a8eb4bc16f8ee0f444c0567a247326d2fcf4d3e6fb576a4cb3a52ca8246245a8ce6d13842eff0869db0cd0809ddd43e0c83faa7df529a1501888d61a5d01373cc86074bd1ebe5535e4de3e0b677720ddad72193ce27c772e6577543d71d4ea0b386f2c728649d2ace3c382b75d6ad4dc4b6030546dc706ec53114ff4a859930443d36ff529a952e14b54e58ab7fd2713316994c53c3d90df0f3456181b300bcdcc77ce2b82bbee4f133e4a2a3bb4a0713d2d06b4462b35275a546d816678ed1107b616e58ed50b772f97c140843ca4e60fab698956f50c8b6f9614470523de2e9f3b8c9817536e909a53befcb5ef6a2d62d8b4556ad4d407046a48e8828e44d874502bb7657191e8a308dca69ea1db05fb3edc9e5a155f26f6775185e53f24d9923dae1cc5fbd0f881acd3dff335b8ac4f8c1bb3fd33572d5279cd02738242664b78fc85333933504ce9a2b05e59f2c4f860610389e4a9038fbd9a0cfd7c0212fd11be6dacf46c8b295b38f90b9c1f4601df55c9da9ed9ce0b8a7c704d70cc022038cb59a3e9e50d945bd8c5102bf9ed5345273d6a43211848ebe6d5311892a2d8ca2babaaf1931c24b40588d831fbcdc7b4b71df19e22afcfbf046e058b79711de1b95079fbbe117739d5d89bb56a6ea6174d233a8c733d800b21785bd1d524b293bfec2e84377329caf138765e551dc153ca847f257dd3e63893d59649b28753865b8de7946ff05d0391916e2feee679ad2740177e2033e033cd33d2870b44c6c45d58feeec8730cb4b2c4270863a9cc914e4ed4dc1bd122b90447fa73eeb3444f321453cdacaee73f1da68c839c959e4c110238a01b31c7d96941cfc9e09ab04322d0926ad9eec3e638bf80234eff07d0f8bac41740203155035c5c5144edb4146483c8e307b4dbdc0b1a4d91509442cbb5c0824439fe956a7536c74768c14dc80246fcc07905f786f74d4d52f63f14f1070d27211ff89378f1765cc23c343df3263d66c34b0572527662d9d967c4d24e36261780e81223c72d7d312ebaae42160d77cc8d6dbe916595d97683e5078d4758fc2abe6346a77fe30d69812c22948f7f4d406d7590113162cf8937bbf0b4593ba2b81cbbc945ca84f80a5b41f69d8f92b61522f54fcba1745170776d1bf02f4db44d0a7a380920fcb8e7063603e5582966a1436cb525e1b6ba3765a0508cf8a59de928d4b1192f28a034d05b11e6ca047673ca88bf39a37f08e2abcfdbd88ce27ce6f290d065156c1effa4fce13cb6ecbdb5950fc1cd0534f69214fd9379d0c761b720105a2ea8de7e9c90f79c0c3e50e9fab69586e7381bd38fba0c6122afcb8c2ba5c409c39193f4ca5065f351d35eb40294ad4954cb72fd137b093e1392bd01dc3f92568feec2c4d2a5dc87fd9da7da10fc8d7c6dfb8d3ea92a1b0ef3695478baeea5b5a9783bc7f20826bdd2b9f202edbddb87faad07bb3f644ff3d64bad70eb621c454f169f675a02a9d8d26ea9b59d772e33021aa220ae75cae80eeab3cd428860765aec19d023469b20aeb01b7c38847ea303fa5873173d23f757b0dca98b1e1652eeb9b64d04e9edf3d7e7868d31581931b4aac196d023b7d4be0e0a1bf494fd69f306d75290eef095a036e4e06baf659d8518da9326634ec8728a04c199d167327bd14d2f6980c842e3ace51b2e63cef8994c4e6b01392696e81e40888915e75d5f5179eb9d7054bca4447f5df6059387effc511318194f6cc4498e23cc42b4df9e5728cf4e5769be52771686e4e4f46d329a091055223a1f52b25e2a1f4afa22e7e331548612eb69d6f5b0503933f39d3ca1c5881ae8473aafdac61a240db66f00ec24647e7b988ce6fd89143437678f97c6787941c2c77b260895c135868951fb3098d44f68230cfe1b61805bb046f2dcf0c69054084d296707ac463b9ccb2623e607c2f44360b787d6fd1d1601ae278351883f84bfd9a14d128a3faaed215efb39a2cbf1121a546451c41f3eeae3c80b675847c9fe09e0c4eeea32ebe5e76ebe81d0c1995c6633219cf1a50405878c14318c84940ad1543a8949ce440215e727c1ec823c5c4a0d60ec94b45212d42100df595c966c4c2d4986c1665087d5f99d5b1a51b814fa8c22b00743b9dc0481e4d34ebbe34ceae38e1ad9cda6f53e22151119a5a14dbf475da39b58e0b4d0e25a03b6c10f93730e18a282dcf6fd3cb72fcf958fd87fdc980e0d8ec9aed2560a3a73e937e087baab1fa4fe6554c68df77e5a8a4a1f1e4ac419cee2a5bdc203f74d886e41fe6a77167653941c6e0166f06a17b8b8987ac620e25a0a99041623c6d32aa14626433636033547e97f3346fe3e23b9e3422d98ab10f7c727b6d82023799e595041bcfa283e171e06a79e603eb525387b8d641eb890e06a23b769"}, 0x1008) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000be5000-0xc)='/dev/autofs\x00', 0x80000000080, 0x0) getdents(r4, &(0x7f00000a7000)=""/101, 0x65) 2018/01/17 19:07:57 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl$sock_ipx_SIOCIPXNCPCONN(r2, 0x89e3, &(0x7f000034d000-0x2)=0x0) [ 485.217895] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 485.222620] RIP: 0033:0x452e39 [ 485.225780] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 485.233460] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 485.240701] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 485.247941] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 485.255184] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 485.262423] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:57 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:57 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = accept4$inet6(0xffffffffffffff9c, &(0x7f000053e000)={0x0, 0xffffffffffffffff, 0x0, @remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0x0}, &(0x7f00005db000)=0x1c, 0x80000) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00004e4000)={@common='bond0\x00', 0x8}) r1 = syz_open_dev$sndmidi(&(0x7f0000e2c000-0x12)='/dev/snd/midiC#D#\x00', 0xfa, 0x40140) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000530000)={0xfffffd8b, 0x0, &(0x7f0000d00000)=[], 0xfffffffffffffe2f, 0x0, &(0x7f0000005000)=""}) mlock2(&(0x7f00009c2000/0x4000)=nil, 0x4000, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) [ 485.379357] FAULT_FLAG_ALLOW_RETRY missing 30 [ 485.383905] CPU: 1 PID: 23813 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 485.391238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.400564] Call Trace: [ 485.403129] dump_stack+0x194/0x257 [ 485.406735] ? arch_local_irq_restore+0x53/0x53 [ 485.411382] ? handle_userfault+0x12b7/0x24c0 [ 485.415855] handle_userfault+0x12fa/0x24c0 [ 485.420149] ? handle_userfault+0x150b/0x24c0 [ 485.424637] ? userfaultfd_ioctl+0x4520/0x4520 [ 485.429191] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 485.434354] ? __lock_is_held+0xb6/0x140 [ 485.438403] ? print_irqtrace_events+0x270/0x270 [ 485.443132] ? print_irqtrace_events+0x270/0x270 [ 485.447862] ? get_user_pages_fast+0x277/0x340 [ 485.452417] ? switched_to_fair+0xb0/0xb0 [ 485.456538] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 485.461525] ? trace_hardirqs_on+0xd/0x10 [ 485.465644] ? get_user_pages_fast+0x14e/0x340 [ 485.470200] ? pick_next_entity+0x197/0x400 [ 485.474497] ? __lock_acquire+0x664/0x3e00 [ 485.478702] ? check_noncircular+0x20/0x20 [ 485.482906] ? __lock_acquire+0x664/0x3e00 [ 485.487135] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 485.492297] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 485.497477] ? find_held_lock+0x35/0x1d0 [ 485.501515] ? __handle_mm_fault+0x3296/0x3ce0 [ 485.506071] ? lock_downgrade+0x980/0x980 [ 485.511494] ? lock_release+0xa40/0xa40 [ 485.516751] ? copy_overflow+0x20/0x20 [ 485.521916] ? do_raw_spin_trylock+0x190/0x190 [ 485.526476] ? userfaultfd_ctx_put+0x740/0x740 [ 485.531044] __handle_mm_fault+0x32a3/0x3ce0 [ 485.535431] ? __pmd_alloc+0x4e0/0x4e0 [ 485.539292] ? print_irqtrace_events+0x270/0x270 [ 485.544026] ? plist_check_head+0xe2/0x130 [ 485.548238] ? find_held_lock+0x35/0x1d0 [ 485.552278] ? handle_mm_fault+0x248/0x8d0 [ 485.556485] ? lock_downgrade+0x980/0x980 [ 485.560628] handle_mm_fault+0x334/0x8d0 [ 485.564660] ? down_read+0x96/0x150 [ 485.568268] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 485.572826] ? vmacache_find+0x5f/0x280 [ 485.576779] ? find_vma+0x30/0x150 [ 485.580297] __do_page_fault+0x5c9/0xc90 [ 485.584340] ? mm_fault_error+0x2c0/0x2c0 [ 485.588465] ? get_futex_value_locked+0xc3/0xf0 [ 485.593113] do_page_fault+0xee/0x720 [ 485.596885] ? __do_page_fault+0xc90/0xc90 [ 485.601094] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 485.606259] ? check_noncircular+0x20/0x20 [ 485.610467] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 485.615544] ? futex_wait+0x6a9/0x9a0 [ 485.619322] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 485.624143] page_fault+0x2c/0x60 [ 485.627570] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 485.633344] RSP: 0018:ffff8801ababf928 EFLAGS: 00010246 [ 485.638679] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 485.645920] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801ababfd28 [ 485.653163] RBP: ffff8801ababfa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 485.660402] R10: ffff8801ababf858 R11: 0000000000000000 R12: 1ffff10035757f28 [ 485.667642] R13: ffff8801ababf9e0 R14: 0000000000000000 R15: ffff8801ababfd20 [ 485.674900] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 485.680068] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 485.685234] ? iov_iter_revert+0x9d0/0x9d0 [ 485.689448] ? mark_held_locks+0xaf/0x100 [ 485.693568] ? simple_xattr_get+0xeb/0x160 [ 485.697776] ? current_kernel_time64+0x122/0x2f0 [ 485.702509] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 485.707503] generic_perform_write+0x200/0x600 [ 485.712071] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 485.717326] ? current_time+0x88/0xc0 [ 485.721102] ? file_update_time+0xbf/0x470 [ 485.725311] ? current_time+0xc0/0xc0 [ 485.729092] ? down_write+0x87/0x120 [ 485.732781] __generic_file_write_iter+0x366/0x5b0 [ 485.737682] ? check_noncircular+0x20/0x20 [ 485.741894] generic_file_write_iter+0x399/0x790 [ 485.746628] ? __generic_file_write_iter+0x5b0/0x5b0 [ 485.751707] ? iov_iter_init+0xaf/0x1d0 [ 485.755657] __vfs_write+0x684/0x970 [ 485.759351] ? lock_acquire+0x1d5/0x580 [ 485.763303] ? kernel_read+0x120/0x120 [ 485.767182] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 485.771908] ? __sb_start_write+0x209/0x2a0 [ 485.776207] vfs_write+0x189/0x510 [ 485.779724] SyS_write+0xef/0x220 [ 485.783151] ? SyS_read+0x220/0x220 [ 485.786747] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 485.791738] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 485.796474] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 485.801199] RIP: 0033:0x452e39 [ 485.804359] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 485.812039] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 485.819281] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 485.826530] RBP: 00000000000003b3 R08: 0000000000000000 R09: 0000000000000000 [ 485.833769] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3968 [ 485.841012] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 485.879823] FAULT_FLAG_ALLOW_RETRY missing 30 [ 485.884379] CPU: 0 PID: 23813 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 485.891714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.901041] Call Trace: [ 485.903603] dump_stack+0x194/0x257 [ 485.907209] ? arch_local_irq_restore+0x53/0x53 [ 485.911857] ? handle_userfault+0x12b7/0x24c0 [ 485.916327] handle_userfault+0x12fa/0x24c0 [ 485.920621] ? handle_userfault+0x150b/0x24c0 [ 485.925099] ? userfaultfd_ioctl+0x4520/0x4520 [ 485.929652] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 485.934817] ? check_noncircular+0x20/0x20 [ 485.939029] ? lock_acquire+0xe0/0x580 [ 485.942889] ? lock_acquire+0x1d5/0x580 [ 485.946835] ? pick_next_task_fair+0xdc0/0x16b0 [ 485.951494] ? print_irqtrace_events+0x270/0x270 [ 485.956224] ? print_irqtrace_events+0x270/0x270 [ 485.960954] ? find_held_lock+0x35/0x1d0 [ 485.964993] ? __update_idle_core+0x305/0x600 [ 485.969470] ? __lock_acquire+0x664/0x3e00 [ 485.973676] ? check_noncircular+0x20/0x20 [ 485.977882] ? __lock_acquire+0x664/0x3e00 [ 485.982106] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 485.987269] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 485.992432] ? find_held_lock+0x35/0x1d0 [ 485.996472] ? __handle_mm_fault+0x3296/0x3ce0 [ 486.001034] ? lock_downgrade+0x980/0x980 [ 486.005159] ? lock_release+0xa40/0xa40 [ 486.009110] ? copy_overflow+0x20/0x20 [ 486.012970] ? do_raw_spin_trylock+0x190/0x190 [ 486.017525] ? userfaultfd_ctx_put+0x740/0x740 [ 486.022089] __handle_mm_fault+0x32a3/0x3ce0 [ 486.026486] ? __pmd_alloc+0x4e0/0x4e0 [ 486.030349] ? print_irqtrace_events+0x270/0x270 [ 486.035081] ? find_held_lock+0x35/0x1d0 [ 486.039119] ? handle_mm_fault+0x248/0x8d0 [ 486.043327] ? lock_downgrade+0x980/0x980 [ 486.047467] handle_mm_fault+0x334/0x8d0 [ 486.051499] ? down_read+0x96/0x150 [ 486.055098] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 486.059653] ? vmacache_find+0x5f/0x280 [ 486.063603] ? find_vma+0x30/0x150 [ 486.067127] __do_page_fault+0x5c9/0xc90 [ 486.071169] ? mm_fault_error+0x2c0/0x2c0 [ 486.075289] ? find_held_lock+0x35/0x1d0 [ 486.079331] do_page_fault+0xee/0x720 [ 486.083104] ? __do_page_fault+0xc90/0xc90 [ 486.087313] ? lock_release+0xa40/0xa40 [ 486.091264] ? do_raw_spin_trylock+0x190/0x190 [ 486.095828] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 486.100651] page_fault+0x2c/0x60 [ 486.104077] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 486.109840] RSP: 0018:ffff8801ababf928 EFLAGS: 00010246 [ 486.115175] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 486.122426] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801ababfd28 [ 486.129667] RBP: ffff8801ababfa08 R08: 0000000000000000 R09: 1ffff10035757ee7 [ 486.136911] R10: ffff8801ababf858 R11: 0000000000000003 R12: 1ffff10035757f28 [ 486.144152] R13: ffff8801ababf9e0 R14: 0000000000000000 R15: ffff8801ababfd20 [ 486.151417] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 486.156585] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 486.161750] ? iov_iter_revert+0x9d0/0x9d0 [ 486.165961] ? mark_held_locks+0xaf/0x100 [ 486.170080] ? simple_xattr_get+0xeb/0x160 [ 486.174294] ? current_kernel_time64+0x122/0x2f0 [ 486.179033] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 486.184037] generic_perform_write+0x200/0x600 [ 486.188604] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 486.193853] ? generic_update_time+0x1b2/0x270 [ 486.198408] ? __mnt_drop_write_file+0xd/0x70 [ 486.202875] ? file_update_time+0xbf/0x470 [ 486.207083] ? current_time+0xc0/0xc0 [ 486.210862] ? down_write+0x87/0x120 [ 486.214553] __generic_file_write_iter+0x366/0x5b0 [ 486.219454] ? check_noncircular+0x20/0x20 [ 486.223666] generic_file_write_iter+0x399/0x790 [ 486.228398] ? __generic_file_write_iter+0x5b0/0x5b0 [ 486.233476] ? iov_iter_init+0xaf/0x1d0 [ 486.237429] __vfs_write+0x684/0x970 [ 486.241113] ? lock_acquire+0x1d5/0x580 [ 486.245062] ? kernel_read+0x120/0x120 [ 486.248942] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 486.253671] ? __sb_start_write+0x209/0x2a0 [ 486.257967] vfs_write+0x189/0x510 [ 486.261484] SyS_write+0xef/0x220 [ 486.264913] ? SyS_read+0x220/0x220 [ 486.268511] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 486.273502] ? trace_hardirqs_on_thunk+0x1a/0x1c 2018/01/17 19:07:58 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:58 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:58 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:58 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:58 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffff9c, 0xc00caee0, &(0x7f000008f000)={0x1, r0, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000491000)={0x1fe, 0x3, 0x5, 0x1000, &(0x7f0000060000/0x1000)=nil}) 2018/01/17 19:07:58 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000af1000-0x1e)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r1 = syz_open_dev$amidi(&(0x7f000075a000)='/dev/amidi#\x00', 0x8000, 0x400000) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) accept4(r0, &(0x7f000034d000-0x10)=@ipx={0x0, 0x0, 0x0, ""/6, 0x0, 0x0}, &(0x7f00004a7000)=0x10, 0x80000) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000e80000-0x30)={0x6, 0xd7, 0x9, 0x100000000, 0x10000, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) 2018/01/17 19:07:58 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000f22000)='./file0\x00', 0xfffffffffffffffc) lstat(&(0x7f000067e000-0x8)='./file0\x00', &(0x7f0000254000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x1, &(0x7f000077a000-0x4)=[r0]) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00007f8000)={0x3, 0xffffffffffffffff, 0x0}) ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f000092b000)=""/4096) r2 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000bdf000-0x20)={{&(0x7f0000f78000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r4 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r4, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') statx(r2, &(0x7f0000771000)='./control/file0\x00', 0x2000, 0x7ff, &(0x7f00002da000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) timer_create(0x3, &(0x7f00007ff000+0x3de)={0x0, 0x22, 0x4, @thr={&(0x7f00003e0000-0x4e)="7f03bb2b2107e477920f4706bc1bafedb13ef5773868254bd026f0bbdf9cf2abbd6a4117ac76bebd014ada04617115fa71c172883ebb6eb67d885b32131aacdd7d820e0adda7ecef6ee872c84a43", &(0x7f000071e000)="7fe6a1844ff70bbb26bc886afaa12d71c17dfe9fd07e9694fa3d4a601a4b6f7fc40029200f3a7a7406f8da33f818bad44acd8f56e38738208e32f63fc8a6d84f5eb60a27d3c69c2f28e28d6c0d94e8e1f2c8535704ce52f4ae46389a005538476554685007a5edf0632aa04f3ee7be66bf0892e5510171fd50b1fb45f629ffeb2c0c661e0fc633944828f7b79b4624b9989abecd03957c8cb24441b5fbf55b64250fecc9c073b17595b60268ac4849e3ce9d546acf6a6ebbc90b32e2759e5a3a8853eb9d1f1d8ba739c8699fefe076fb9f9b99598674f2f29a3f814632e24ed256d05820221bb53252dbf8f21fed4a7e0b2b05033d2c3fadf3a9cfdaa86ae50d65eb65075bc15f1dd1eed0552937382cb4c5b9673a6dd005f9777c340f9b09059ae326123edf32e79d75e1d17673036da85f4f61be6b5a0f2aca7953871aa7506d74b5b733ae51c80c84954c8371a18538b415579460d2c59b4113407169554dfca8e6736ae380540c34dee2b0128a0fa44ad6558bb49f081739f7654224e666b2c27c725472deb768015a9de04e28638daed483ffbf17585d0e8ce9bf5c8c7db996941d8e9320624b097a664b95645f77f86f6611e0c876b9273fa019b935eb2caa038cd146bd4603da68ae6c9d72b1c9284ea562acde9b2bdd277715cfb56edbda460627ba1bc05a682775f46d8afef61922ba8a620bfd60492e660b01e08f08c2b3aa53bdfd0ae5f4f84ede649506144962f816a2c71c3880dc81941fae7194da11898d2b28b0a2ec223a9e50b3b67c58a1285d18e49458b26f5393e9fc42281715cce9199e6d2ad7a7f7d5962585f75a6323a0a6769b0c8f14f66743f5216cd939654fa01cf88224ac0ee29fda17cafa47b6f200787a915794f92e1f924f10ce6ae5900529a601f16cf07dfdf9313342185ffa8d926ce95f402243b99e871a97d6a84a9bee403aeb7a997ea73e7f450ded99ebe088cfa983a47bbb84ddc9b4e048760bffd12ca05a777d87d720f4f3bf8f558d42430df7fe1f5fd86c889ebe30465e6c964027c32395c2be39884d0999a7499ba347cd059c1e226b50d2b00ee2e2e32e3bd8a1b363b2dbaf55e4af2c5d2d8315c179c71618d66dec389e1e5affe78216a24a01e4a220cc610b1b4e0c2e3397fe801dc3ef2332541cec220a86d479c343124b367051a58e40dd67086d2d1b53f929c79117f9b14f61bba38a705d61bfe4ffc3488adce53e2ea06faae7254173d31fa5156ffe58bba9eba475fbf10c859624e815ef72280b6d328d3bae5f2f2851ea1553707b45f40a244d67a5e9f94c0d4b559ef17eacc493e53ed63b2fef6a081c618a814e2cec03d4f53a272b81587d6c3594048866548d469382138a36d32bab08e86697bfbaa26e3ed3b67032e4c76bf9ac0e519b00ad00d0154c93b4461d83ee9e364f0c541f4bb642e39eb735ddbb0692d67f0269b8cfaf49a87d49f4c3f7b192c9f203cb94e440115930eafec9d2077da27ec6430a5fe96746a8a5492ef53d76de0b1a359c177af62953345b521941782b169927c2a7ea1823a88f03254e0fac809eb7b18f206d70ca21d76e11f633ad850f4890b3f7c2b8d3d3567862ac1cfcc9665d795edd110484f8aecf9ffbcf48029238f70b5da120cd9c19699e7bb940c85fc5bcf46974b552c42c1942ef57402b17721b8a2faa45c1090c99f284e7612e057513078906abb074953e0a2514e3ae2d5d0e8bdeebc0356fe27359f5e7c6eb988194741f95a3517d6fc6d9545109dad2883db79b9f7115cfd02c715ad8e30b4f74dfb94c87ebad233bfee20bc32989b0e98bfc5dcafc4fd138a316658bb0167bfbbeed9698632af1f454f3952352ec40708ba3b5d834d1e98577410de0fe7bc1de9fb092fda8988d0611e06f1c019973ced86f24648390d09dcfff99e646144a3804779457f8fb058bbd3ffeefc30f3279660674cf99cdf8a4ec2f8abe49c55c7d35c952151cb7ba556c1aacad019ee933bf85792c1e32b890ac50bcbfbf6b34e755e32e6727f5465f5d7ce9b129926eed059a5c72e1e36d17254309806e39dd67d4d62eb91aa223c8f199b5cd713d1444a4b47733eed0f2e8685eb03a84e207e807f93053e6b241f57898410bd73914a4eec6015a440381a6c0b1efa8c1841fc792620503445a0f1bde78c7f9c962b81308c4f823c31b9c8d441a43954578b69dec5ff198f227d12ab50f4bfa8f387dcf88048118acee60c52000fb7d89eaacfa13f9e1888fa403cd4de33bbaef5017c28c9f81a84a3b4cd32395cf0e5251a6c7ed242567482247057a8b062cbdc617b3f1d327deff7645f94fb4f190b8b612fd0e4b478629cab8f76ebf360760c88ca08794b3ba5bc55d04846258228b0db81fcfd6ff7055726714e2c69135ebd5055caafcce478ad0854a85ac8b9532c74a1f7d2607cc3c02bbdb291c77b6067e826d1bcc99e68deef99b2a9db5b196d89b8ea381c57cb8e67fc187642ef83d171bfef4649b512082ccab93f35182d336ffd199583ab7ad082f9ae8b0082fd3d9f73a52c10c4ac44e67a80d63602827cfd8cc1b91cba3d337b0db98692f274472d5c428ca4bb1cd620a4483aaf712e528b91144a89a256a2a5d279e755104575c72e9b2af98539e5e74303fa8bb1fc63ec5f77bd8276c556d764ab52f58f898033a32c44aef21b61a5aeb1cdf16b64239c1d5a1876c8b08f06b9aede4d8437cf9269da1c4247b5712502f387c9f358322a62b501a925b52e9cc6fe5f47f59bcffdb918ef43b8200250f36137cadd84a350e09d33e53c743905c4289849c4fa46541b125f1f5a19a35a7a80bb4dbc17c62fbb7366de1b69e474466b6d64bb750800c5b131caee4ae70772b124423ed6472fe70e123cbc34667e229277ca57a154124056bf5ca1b9b1b2055def1307769b040cc11817b26ede8165842c330d1663c147c8092c5b973c61f183949a4b40a4b5bdcbe581d31630e5783dcc5b5ce4cfacca8d84603de28ebd01ed88e1d13897724044bb7b2ddaead7953a906a185817e51cdbb74fbea87f2fbba64f9c59e714ea02791b5e2e249884410fb67d9a6eebf094ada23a0187969b58b9ae862622d28f43a97824db3205adf9e1374368f869be432cbd1c2dc969ebcf004b402d1ab62c6c8b5b45b83a5482b89c21aa86b9e61e9ffdcfa1d533e8889abf77a145505b76350fc6c771f6b522c156842bc3b890802824be9273d7bfb4cc8c80ef9d7c4089fdb31128d035616845af2a3790fc269cea86cb06b5693cbb168d5b312d8425f61a12b72c2071e56f7497155a837f6eb1e5c98aa670815e68441f6f875c7aa01cab7fd450f7da0f288a77d6842e1cb2549504159a93eb42fb9eb762e4789044bcb660112feb1e65886b8cee1bef1ec80b176c55702772b155686b6092ec954594a6d5f8617cf2237cd9424942109114712c9f2dc67b04453ccc8baf27abfcea8d14df374480a43d7915400ecedbabf9f11a7e92fd6eb12948b1e46cf93fdcd4c92600bf23e184a0de8721f5dad9ad5e6948a13a5d6129d00334769d9d0eba45f378b8749852644a9227690d0be904e2c55041420e8ce31bc82649108773f5e3033539dde457a26486a31bc4768b5d69f9a2ecf6c958e29654d98d69f7bc344d173a1e7c078aee6ef0e3bec7102b73d8411869321135d3cc5ff02fd4c16259af1a355ca7960064f594c3a1742afc547b65dddd4ac2abeee171e9aeba055a653c9962b740d1cf0a59759e1681ca85dcb2951365ccb2e99cc06ad64aaff5927a22d4dc2f7417eef5f426e9849e7db950569d5ca0025408b95425007ddc8482b556d23d1210f0ecbbe9cd7a98d70c0c6b99b51a994f75370f514f56ae31eff7631e4a35d5f9c0d84998be73424e754147b1f194ed406ddc50b46c74d6be5fb1ee9760d2640f6871f9ae2102eaf437fbfabadaa11ae2762ff90fa35bd5ff232ebb94366ec8761d40829105a95d9c897fedb4363ff2560badb18e2386fe5bf1913179d6850e22bf03bd655ef0fb27f0b1a252ed0509c0513b637709b05b601c6086fa0d40ef30a407faf68db6744b988a02d9c74ef3ff1b7dc019c211548111973cee7928eef61af80d47372113d65b01810217202dcdf63b0bb57002e947bf5ebbc2cca7da91ed24df0c4501eb953364f13c089e56d5f4993d6e3836590beae8597cf20d3100fa2e17e1de9cd7020a913519ebd652acb4dc3fa78884dd7d5fac512850152bc92a839c97bcdc44ba110ecf7e35b69b46113399aef129e3e53b0a96ec68c79d5ecd500fdd9dbebe18cee0c65fb3fff03a8a6cb7367aacb2129024e677cfb9d86f632a5d6214e35a94dadf28bcbea501c5d4de69db52fa0646cc5644a6da36ef1637805e8015558cd9259eff9ac287bf5b83d8e3b0a9c58e9836baf7a5cb95899222b585f5ae72bd675911534c4a5e82fdbd9723c32cd6d6fbcf9e6d161f011cd846cdd246ccede5cb0c6ef13681561fb85efd9e5210c49b1b929f5e984c35ac3548e4a9fca93eda09732326fceb35e9fbd7b0f13f0c74e6bd078d040b716535fcd6599ec231d9ba73f84f63cf4acf47f3acd91f89db7d46ec5c7fcdde7ca327247bbf35b535af06a8032c6ee63bb5d1dea2c754076e078c3a4c9b21944a552ab3351727b09885c8519e8b51244908d9e15786b424ee0b9b429b8437a89cd610f117365684a10373ce1f0bce9b9269094d96728b9cc8b3254a9c4ded62f2849ec29e1e67285ea5487b981408464bb7875cf29834cb04ec03ec8b1426507d268717cd8d7704c394c9b6842165d246e677ffb21bb529417471e09614b599bb12c4a03e3038296c7a63506bbd42935601572885f84c05ddcb39d76c4de8c7bb8f88cecc0c62ed430bec8bcd44e23bad45f5fd70ac5bb3ad04aee679fa1d343dca769e03d2b77ee570c08f471a66db5a6554516aa67350e3866acc0b352dece829c562fbaa1046baef53a1eddd71e4feaa611d6f7774a5b82ee6b5f6beff3b9e1657cf0381d3990959acbfaf4dc73a32a13b2f4c72755ff6e181b339e7f843317a19c41f6f6882b1b50d95d3d09e238eef82c5dd56ddef098e80d36a70241ea0be2223d1330a48790d7d36495bbc13199ddabff637cd6842328a83762ef0611dd91654bcf265c279c304d2cd5163ea507d51018484c3e1a175a769eb7aa9359c2f45eb2a1f8dda1cac194cbfbec1643eccd8997ea81b9b2372c12fb6b0642cda45279ea8e488615b6a946f765be8ab5f7adb1ca7afbd0cb2d1a42346c4eaadd126e828a2f6a20a266a6bf807dd466782c0b834252795d445bc6c801da42085ec774d9b2f3cfd403ed951772b0c7bbf3307e214509a0c211b45faf6313c75ce1aaadfaa0209741de4923869e92dbbda7188022f7ff4b0d00df016a44cb359389f789e1188db34b739a15589f2ada74312797dc69d2ef9440008a16a05a1af0ac6a603fe85030c138e1036940fd9666fd4829cd4fb253a784ff547c9c16af0067844411fc72de855ee0a84191ed7433979e7ba6ddb612743de0505905704fa00c0617e7847db1974f52533c665aa063b9e957cdc6da5bc468d31f6a58a9d21c3f8dd9f76b7d5c06a307bee5933cef6afe461922a26edaf9d4d6f472f83acbc55c1d692a89a2ea470917c982854aca731844926aa34682ff38e984af20cbd66f17a4760e6746d51025ea91cd84d60477687339fc3937b32cb0b78a0cdb503d4373ecbc6ae20b3775f3d07d1c84b13781304109850566dbd21228378a2540651e994e816060237739"}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000f7c000)=0x0) timer_delete(r5) fremovexattr(r2, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r3, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:58 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) [ 486.278239] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 486.282968] RIP: 0033:0x452e39 [ 486.286128] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 486.293805] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 486.301055] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 486.308297] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 486.315540] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 486.322784] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:07:58 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:58 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:58 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000ddb000-0x10)='attr/sockcreate\x00') setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00001c0000)={0x7, [0x9, 0x4, 0x6, 0x4, 0xfffffffffffffffa, 0x5, 0x8]}, 0x12) socket$nfc_raw(0x27, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000c39000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:58 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:58 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:58 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:58 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:58 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) getsockopt(r0, 0x5, 0x100, &(0x7f0000936000)=""/0, &(0x7f00007a6000)=0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:07:58 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x10000000}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x50) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:58 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:58 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:58 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x1b3, 0x0, &(0x7f000002a000)=[], 0x16, 0x0, &(0x7f0000501000+0xfc6)="2bb6ee903c2f7bb58c83db8e90d13c27a5bf8390acd1"}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffff9c, 0xc00caee0, &(0x7f00005db000)={0x0, r0, 0x1}) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000030000-0x18)=@get={0x1, &(0x7f000054b000)=""/4096, 0x3}) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00003e3000-0x4)=0x0, &(0x7f0000902000-0x4)=0x4) getsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f00006ea000-0x4)=0x0, &(0x7f00008fb000-0x4)=0x4) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:58 executing program 7 (fault-call:3 fault-nth:0): mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:58 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:58 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) [ 486.509669] FAULT_INJECTION: forcing a failure. [ 486.509669] name failslab, interval 1, probability 0, space 0, times 0 [ 486.519459] FAULT_FLAG_ALLOW_RETRY missing 30 [ 486.519471] CPU: 1 PID: 23866 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 486.519476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.519480] Call Trace: [ 486.519497] dump_stack+0x194/0x257 [ 486.519513] ? arch_local_irq_restore+0x53/0x53 [ 486.519529] ? handle_userfault+0x12b7/0x24c0 [ 486.519546] handle_userfault+0x12fa/0x24c0 [ 486.519555] ? handle_userfault+0x150b/0x24c0 [ 486.519582] ? userfaultfd_ioctl+0x4520/0x4520 [ 486.519591] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 486.519599] ? __lock_is_held+0xb6/0x140 [ 486.519624] ? print_irqtrace_events+0x270/0x270 [ 486.519634] ? print_irqtrace_events+0x270/0x270 [ 486.519644] ? get_user_pages_fast+0x277/0x340 [ 486.519654] ? switched_to_fair+0xb0/0xb0 [ 486.519661] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 486.519672] ? trace_hardirqs_on+0xd/0x10 [ 486.519679] ? get_user_pages_fast+0x14e/0x340 [ 486.519694] ? pick_next_entity+0x197/0x400 [ 486.519709] ? __lock_acquire+0x664/0x3e00 [ 486.519718] ? check_noncircular+0x20/0x20 [ 486.519725] ? __lock_acquire+0x664/0x3e00 [ 486.519736] ? print_irqtrace_events+0x270/0x270 [ 486.519760] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 486.519771] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 486.519787] ? find_held_lock+0x35/0x1d0 [ 486.519807] ? __handle_mm_fault+0x3296/0x3ce0 [ 486.519819] ? lock_downgrade+0x980/0x980 [ 486.519833] ? lock_release+0xa40/0xa40 [ 486.519850] ? do_raw_spin_trylock+0x190/0x190 [ 486.519861] ? userfaultfd_ctx_put+0x740/0x740 [ 486.519887] __handle_mm_fault+0x32a3/0x3ce0 [ 486.519905] ? __pmd_alloc+0x4e0/0x4e0 [ 486.519913] ? print_irqtrace_events+0x270/0x270 [ 486.519931] ? find_held_lock+0x35/0x1d0 [ 486.519951] ? handle_mm_fault+0x248/0x8d0 [ 486.519962] ? lock_downgrade+0x980/0x980 [ 486.520012] handle_mm_fault+0x334/0x8d0 [ 486.520021] ? down_read+0x96/0x150 [ 486.520032] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 486.520039] ? vmacache_find+0x5f/0x280 [ 486.520056] ? find_vma+0x30/0x150 [ 486.520072] __do_page_fault+0x5c9/0xc90 [ 486.520093] ? mm_fault_error+0x2c0/0x2c0 [ 486.520104] ? find_held_lock+0x35/0x1d0 [ 486.520124] do_page_fault+0xee/0x720 [ 486.520137] ? __do_page_fault+0xc90/0xc90 [ 486.520150] ? lock_release+0xa40/0xa40 [ 486.520168] ? do_raw_spin_trylock+0x190/0x190 [ 486.520192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 486.520213] page_fault+0x2c/0x60 [ 486.520222] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 486.520227] RSP: 0018:ffff8801b65ef928 EFLAGS: 00010246 [ 486.520234] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 486.520239] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801b65efd28 [ 486.520244] RBP: ffff8801b65efa08 R08: 0000000000000000 R09: 1ffff10036cbdee7 [ 486.520249] R10: ffff8801b65ef858 R11: 0000000000000003 R12: 1ffff10036cbdf28 [ 486.520254] R13: ffff8801b65ef9e0 R14: 0000000000000000 R15: ffff8801b65efd20 [ 486.520275] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 486.520293] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 486.520306] ? iov_iter_revert+0x9d0/0x9d0 [ 486.520322] ? mark_held_locks+0xaf/0x100 [ 486.520328] ? simple_xattr_get+0xeb/0x160 [ 486.520339] ? current_kernel_time64+0x122/0x2f0 [ 486.520351] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 486.520367] generic_perform_write+0x200/0x600 [ 486.520405] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 486.520414] ? generic_update_time+0x1b2/0x270 [ 486.520427] ? __mnt_drop_write_file+0xd/0x70 [ 486.520436] ? file_update_time+0xbf/0x470 [ 486.520450] ? current_time+0xc0/0xc0 [ 486.520466] ? down_write+0x87/0x120 [ 486.520483] __generic_file_write_iter+0x366/0x5b0 [ 486.520491] ? check_noncircular+0x20/0x20 [ 486.520509] generic_file_write_iter+0x399/0x790 [ 486.520527] ? __generic_file_write_iter+0x5b0/0x5b0 [ 486.520542] ? iov_iter_init+0xaf/0x1d0 [ 486.520559] __vfs_write+0x684/0x970 [ 486.520565] ? lock_acquire+0x1d5/0x580 [ 486.520580] ? kernel_read+0x120/0x120 [ 486.520623] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 486.520631] ? __sb_start_write+0x209/0x2a0 [ 486.520647] vfs_write+0x189/0x510 [ 486.520664] SyS_write+0xef/0x220 [ 486.520678] ? SyS_read+0x220/0x220 [ 486.520685] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 486.520697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 486.520717] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 486.520724] RIP: 0033:0x452e39 [ 486.520728] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 486.520736] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 486.520741] RDX: 0000000000000050 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 486.520745] RBP: 0000000000000445 R08: 0000000000000000 R09: 0000000000000000 [ 486.520750] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4718 [ 486.520754] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 486.544033] FAULT_FLAG_ALLOW_RETRY missing 30 [ 486.544046] CPU: 1 PID: 23866 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 486.544051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.544054] Call Trace: [ 486.544071] dump_stack+0x194/0x257 [ 486.544087] ? arch_local_irq_restore+0x53/0x53 [ 486.544105] ? handle_userfault+0x12b7/0x24c0 [ 486.544121] handle_userfault+0x12fa/0x24c0 [ 486.544129] ? handle_userfault+0x150b/0x24c0 [ 486.544155] ? userfaultfd_ioctl+0x4520/0x4520 [ 486.544165] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 486.544175] ? find_held_lock+0x35/0x1d0 [ 486.544186] ? check_noncircular+0x20/0x20 [ 486.544204] ? print_irqtrace_events+0x270/0x270 [ 486.544214] ? print_irqtrace_events+0x270/0x270 [ 486.544227] ? find_held_lock+0x35/0x1d0 [ 486.544248] ? __update_idle_core+0x305/0x600 [ 486.544267] ? __lock_acquire+0x664/0x3e00 [ 486.544276] ? check_noncircular+0x20/0x20 [ 486.544283] ? __lock_acquire+0x664/0x3e00 [ 486.544313] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 486.544324] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 486.544340] ? find_held_lock+0x35/0x1d0 [ 486.544362] ? __handle_mm_fault+0x3296/0x3ce0 [ 486.544377] ? lock_downgrade+0x980/0x980 [ 486.544392] ? lock_release+0xa40/0xa40 [ 486.544403] ? copy_overflow+0x20/0x20 [ 486.544415] ? do_raw_spin_trylock+0x190/0x190 [ 486.544425] ? userfaultfd_ctx_put+0x740/0x740 [ 486.544451] __handle_mm_fault+0x32a3/0x3ce0 [ 486.544469] ? __pmd_alloc+0x4e0/0x4e0 [ 486.544478] ? print_irqtrace_events+0x270/0x270 [ 486.544487] ? plist_check_head+0xe2/0x130 [ 486.544504] ? find_held_lock+0x35/0x1d0 [ 486.544526] ? handle_mm_fault+0x248/0x8d0 [ 486.544537] ? lock_downgrade+0x980/0x980 [ 486.544585] handle_mm_fault+0x334/0x8d0 [ 486.544593] ? down_read+0x96/0x150 [ 486.544603] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 486.544611] ? vmacache_find+0x5f/0x280 [ 486.544627] ? find_vma+0x30/0x150 [ 486.544642] __do_page_fault+0x5c9/0xc90 [ 486.544664] ? mm_fault_error+0x2c0/0x2c0 [ 486.544676] ? get_futex_value_locked+0xc3/0xf0 [ 486.544695] do_page_fault+0xee/0x720 [ 486.544708] ? __do_page_fault+0xc90/0xc90 [ 486.544719] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 486.544732] ? check_noncircular+0x20/0x20 [ 486.544739] ? __lock_acquire+0x664/0x3e00 [ 486.544749] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 486.544759] ? futex_wait+0x6a9/0x9a0 [ 486.544781] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 486.544802] page_fault+0x2c/0x60 [ 486.544811] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 486.544815] RSP: 0018:ffff8801b65ef928 EFLAGS: 00010246 [ 486.544823] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 486.544828] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801b65efd28 [ 486.544833] RBP: ffff8801b65efa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 486.544838] R10: ffff8801b65ef858 R11: 0000000000000000 R12: 1ffff10036cbdf28 [ 486.544843] R13: ffff8801b65ef9e0 R14: 0000000000000000 R15: ffff8801b65efd20 [ 486.544864] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 486.544882] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 486.544895] ? iov_iter_revert+0x9d0/0x9d0 [ 486.544910] ? mark_held_locks+0xaf/0x100 [ 486.544918] ? simple_xattr_get+0xeb/0x160 [ 486.544928] ? current_kernel_time64+0x122/0x2f0 [ 486.544941] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 486.544957] generic_perform_write+0x200/0x600 [ 486.544989] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 486.545000] ? current_time+0x88/0xc0 [ 486.545013] ? file_update_time+0xbf/0x470 [ 486.545027] ? current_time+0xc0/0xc0 [ 486.545044] ? down_write+0x87/0x120 [ 486.545060] __generic_file_write_iter+0x366/0x5b0 [ 486.545069] ? check_noncircular+0x20/0x20 [ 486.545086] generic_file_write_iter+0x399/0x790 [ 486.545105] ? __generic_file_write_iter+0x5b0/0x5b0 [ 486.545120] ? iov_iter_init+0xaf/0x1d0 [ 486.545136] __vfs_write+0x684/0x970 [ 486.545143] ? lock_acquire+0x1d5/0x580 [ 486.545157] ? kernel_read+0x120/0x120 [ 486.545199] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 486.545208] ? __sb_start_write+0x209/0x2a0 [ 486.545224] vfs_write+0x189/0x510 [ 486.545240] SyS_write+0xef/0x220 [ 486.545255] ? SyS_read+0x220/0x220 [ 486.545262] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 486.545273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 486.545294] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 486.545300] RIP: 0033:0x452e39 [ 486.545304] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 486.545312] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 486.545317] RDX: 0000000000000050 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 486.545321] RBP: 00000000000003bb R08: 0000000000000000 R09: 0000000000000000 [ 486.545326] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3a28 [ 486.545330] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 487.491401] CPU: 0 PID: 23881 Comm: syz-executor7 Not tainted 4.15.0-rc8+ #265 [ 487.498730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.508052] Call Trace: [ 487.510612] dump_stack+0x194/0x257 [ 487.514215] ? arch_local_irq_restore+0x53/0x53 [ 487.518855] ? __might_sleep+0x95/0x190 [ 487.522810] should_fail+0x8c0/0xa40 [ 487.526496] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 487.531574] ? mutex_lock_io_nested+0x1900/0x1900 [ 487.536398] ? find_held_lock+0x35/0x1d0 [ 487.540432] ? __lock_is_held+0xb6/0x140 [ 487.544477] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 487.550329] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 487.555319] ? rcu_note_context_switch+0x710/0x710 [ 487.560230] should_failslab+0xec/0x120 [ 487.564176] kmem_cache_alloc_trace+0x4b/0x750 [ 487.568731] ? driver_deferred_probe_del+0x2b9/0x430 [ 487.573806] ? deferred_probe_work_func+0x580/0x580 [ 487.578796] ? devm_device_remove_groups+0x50/0x50 [ 487.583706] kobject_uevent_env+0x1ed/0xd30 [ 487.587999] ? sysfs_remove_group+0xf6/0x1b0 [ 487.592385] kobject_uevent+0x1f/0x30 [ 487.596159] device_del+0x682/0xb10 [ 487.599762] ? __device_links_no_driver+0x2c0/0x2c0 [ 487.604749] ? mntput+0x66/0x90 [ 487.608003] device_unregister+0x15/0x30 [ 487.612035] bdi_unregister+0x609/0x890 [ 487.615985] ? wb_blkcg_offline+0x200/0x200 [ 487.620284] ? __lock_is_held+0xb6/0x140 [ 487.624331] ? mutex_unlock+0xd/0x10 [ 487.628013] ? kernfs_remove_by_name_ns+0x65/0xb0 [ 487.632831] del_gendisk+0x4eb/0xa40 [ 487.636518] ? refcount_sub_and_test+0x115/0x1b0 [ 487.641244] ? disk_events_poll_msecs_store+0x1d0/0x1d0 [ 487.646578] ? mark_held_locks+0xaf/0x100 [ 487.650703] ? refcount_dec_and_test+0x1a/0x20 [ 487.655261] ? blk_cleanup_queue+0x3f2/0x570 [ 487.659641] loop_remove+0x63/0xc0 [ 487.663153] loop_control_ioctl+0x402/0x490 [ 487.667444] ? loop_add+0xa70/0xa70 [ 487.671049] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 487.676907] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 487.681730] ? loop_add+0xa70/0xa70 [ 487.685330] do_vfs_ioctl+0x1b1/0x1520 [ 487.689188] ? _cond_resched+0x14/0x30 [ 487.693053] ? ioctl_preallocate+0x2b0/0x2b0 [ 487.697442] ? selinux_capable+0x40/0x40 [ 487.701476] ? __sb_end_write+0xa0/0xd0 [ 487.705433] ? fput+0xd2/0x140 [ 487.708615] ? security_file_ioctl+0x89/0xb0 [ 487.712999] SyS_ioctl+0x8f/0xc0 [ 487.716345] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 487.721073] RIP: 0033:0x452e39 [ 487.724233] RSP: 002b:00007fefcf6b6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 487.731910] RAX: ffffffffffffffda RBX: 00007fefcf6b6aa0 RCX: 0000000000452e39 [ 487.739149] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000013 [ 487.746390] RBP: 00007fefcf6b6a90 R08: 0000000000000000 R09: 0000000000000000 [ 487.753631] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7bb6 2018/01/17 19:07:59 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:07:59 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:07:59 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r0 = socket$nfc_raw(0x27, 0x0, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f000064f000-0xb)='/dev/mixer\x00', 0x80000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000c7b000-0x30)={0x5, 0x7a, 0x1ff, 0x0, 0x40, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000886000-0x8)={0x0, 0x0}, 0x1, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x7) fsetxattr(r0, &(0x7f00009a0000-0x15)=@random={'btrfs.\x00', '/selinux/user\x00'}, &(0x7f0000537000)='}\x00', 0x2, 0x3) 2018/01/17 19:07:59 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:07:59 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000d90000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:07:59 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) 2018/01/17 19:07:59 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80000) recvfrom(r0, &(0x7f0000d28000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:07:59 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:07:59 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 487.761739] R13: 00007fefcf6b6bc8 R14: 00000000004b7bb6 R15: 0000000000000000 [ 487.878392] FAULT_FLAG_ALLOW_RETRY missing 30 [ 487.883205] CPU: 1 PID: 23901 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 487.890551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.899878] Call Trace: [ 487.902445] dump_stack+0x194/0x257 [ 487.906050] ? arch_local_irq_restore+0x53/0x53 [ 487.910698] ? handle_userfault+0x12b7/0x24c0 [ 487.915173] handle_userfault+0x12fa/0x24c0 [ 487.919468] ? handle_userfault+0x150b/0x24c0 [ 487.923945] ? userfaultfd_ioctl+0x4520/0x4520 [ 487.928499] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 487.933660] ? __lock_is_held+0xb6/0x140 [ 487.937703] ? print_irqtrace_events+0x270/0x270 [ 487.942435] ? print_irqtrace_events+0x270/0x270 [ 487.947165] ? get_user_pages_fast+0x277/0x340 [ 487.951729] ? switched_to_fair+0xb0/0xb0 [ 487.955849] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 487.960847] ? trace_hardirqs_on+0xd/0x10 [ 487.964974] ? get_user_pages_fast+0x14e/0x340 [ 487.969530] ? pick_next_entity+0x197/0x400 [ 487.973826] ? __lock_acquire+0x664/0x3e00 [ 487.978035] ? check_noncircular+0x20/0x20 [ 487.982264] ? __lock_acquire+0x664/0x3e00 [ 487.986485] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 487.991650] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 487.996820] ? find_held_lock+0x35/0x1d0 [ 488.000859] ? __handle_mm_fault+0x3296/0x3ce0 [ 488.005415] ? lock_downgrade+0x980/0x980 [ 488.009535] ? lock_release+0xa40/0xa40 [ 488.013480] ? copy_overflow+0x20/0x20 [ 488.017339] ? do_raw_spin_trylock+0x190/0x190 [ 488.021895] ? userfaultfd_ctx_put+0x740/0x740 [ 488.026468] __handle_mm_fault+0x32a3/0x3ce0 [ 488.030855] ? __pmd_alloc+0x4e0/0x4e0 [ 488.034716] ? print_irqtrace_events+0x270/0x270 [ 488.039445] ? plist_check_head+0xe2/0x130 [ 488.043654] ? find_held_lock+0x35/0x1d0 [ 488.047695] ? handle_mm_fault+0x248/0x8d0 [ 488.051913] ? lock_downgrade+0x980/0x980 [ 488.056060] handle_mm_fault+0x334/0x8d0 [ 488.060092] ? down_read+0x96/0x150 [ 488.063692] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 488.068245] ? vmacache_find+0x5f/0x280 [ 488.072204] ? find_vma+0x30/0x150 [ 488.075719] __do_page_fault+0x5c9/0xc90 [ 488.079761] ? mm_fault_error+0x2c0/0x2c0 [ 488.083883] ? get_futex_value_locked+0xc3/0xf0 [ 488.088530] do_page_fault+0xee/0x720 [ 488.092305] ? __do_page_fault+0xc90/0xc90 [ 488.096515] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 488.101688] ? check_noncircular+0x20/0x20 [ 488.105897] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 488.110974] ? futex_wait+0x6a9/0x9a0 [ 488.115116] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 488.121253] page_fault+0x2c/0x60 [ 488.124680] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 488.130447] RSP: 0018:ffff8801d0307928 EFLAGS: 00010246 [ 488.135783] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 488.143029] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801d0307d28 [ 488.150271] RBP: ffff8801d0307a08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 488.157510] R10: ffff8801d0307858 R11: 0000000000000000 R12: 1ffff1003a060f28 [ 488.164750] R13: ffff8801d03079e0 R14: 0000000000000000 R15: ffff8801d0307d20 [ 488.172013] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 488.177179] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 488.182342] ? iov_iter_revert+0x9d0/0x9d0 [ 488.186552] ? mark_held_locks+0xaf/0x100 [ 488.191053] ? simple_xattr_get+0xeb/0x160 [ 488.195265] ? current_kernel_time64+0x122/0x2f0 [ 488.199998] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 488.204991] generic_perform_write+0x200/0x600 [ 488.209567] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 488.214817] ? current_time+0x88/0xc0 [ 488.218592] ? file_update_time+0xbf/0x470 [ 488.222801] ? current_time+0xc0/0xc0 [ 488.226578] ? down_write+0x87/0x120 [ 488.230268] __generic_file_write_iter+0x366/0x5b0 [ 488.235167] ? check_noncircular+0x20/0x20 [ 488.239378] generic_file_write_iter+0x399/0x790 [ 488.244113] ? __generic_file_write_iter+0x5b0/0x5b0 [ 488.249193] ? iov_iter_init+0xaf/0x1d0 [ 488.253146] __vfs_write+0x684/0x970 [ 488.256832] ? lock_acquire+0x1d5/0x580 [ 488.260784] ? kernel_read+0x120/0x120 [ 488.264665] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 488.269392] ? __sb_start_write+0x209/0x2a0 [ 488.273691] vfs_write+0x189/0x510 [ 488.277207] SyS_write+0xef/0x220 [ 488.280635] ? SyS_read+0x220/0x220 [ 488.284237] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 488.289226] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 488.293964] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 488.298698] RIP: 0033:0x452e39 [ 488.301866] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 488.309546] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 488.316787] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 488.324026] RBP: 0000000000000618 R08: 0000000000000000 R09: 0000000000000000 [ 488.331266] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f72e0 [ 488.338509] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 [ 488.376868] FAULT_FLAG_ALLOW_RETRY missing 30 [ 488.381437] CPU: 1 PID: 23901 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 488.388778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 488.398106] Call Trace: [ 488.400671] dump_stack+0x194/0x257 [ 488.404276] ? arch_local_irq_restore+0x53/0x53 [ 488.408921] ? handle_userfault+0x12b7/0x24c0 [ 488.413392] handle_userfault+0x12fa/0x24c0 [ 488.417684] ? handle_userfault+0x150b/0x24c0 [ 488.422162] ? userfaultfd_ioctl+0x4520/0x4520 [ 488.426716] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 488.431877] ? find_held_lock+0x35/0x1d0 [ 488.435911] ? check_noncircular+0x20/0x20 [ 488.440121] ? print_irqtrace_events+0x270/0x270 [ 488.444850] ? print_irqtrace_events+0x270/0x270 [ 488.449578] ? find_held_lock+0x35/0x1d0 [ 488.453635] ? __update_idle_core+0x305/0x600 [ 488.458148] ? __lock_acquire+0x664/0x3e00 [ 488.462353] ? check_noncircular+0x20/0x20 [ 488.466558] ? __lock_acquire+0x664/0x3e00 [ 488.470776] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 488.475935] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 488.481101] ? find_held_lock+0x35/0x1d0 [ 488.485144] ? __handle_mm_fault+0x3296/0x3ce0 [ 488.489697] ? lock_downgrade+0x980/0x980 [ 488.493819] ? lock_release+0xa40/0xa40 [ 488.497769] ? copy_overflow+0x20/0x20 [ 488.501630] ? do_raw_spin_trylock+0x190/0x190 [ 488.506192] ? userfaultfd_ctx_put+0x740/0x740 [ 488.510754] __handle_mm_fault+0x32a3/0x3ce0 [ 488.515139] ? __pmd_alloc+0x4e0/0x4e0 [ 488.518999] ? print_irqtrace_events+0x270/0x270 [ 488.523739] ? find_held_lock+0x35/0x1d0 [ 488.527777] ? handle_mm_fault+0x248/0x8d0 [ 488.531984] ? lock_downgrade+0x980/0x980 [ 488.536125] handle_mm_fault+0x334/0x8d0 [ 488.540156] ? down_read+0x96/0x150 [ 488.543754] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 488.548309] ? vmacache_find+0x5f/0x280 [ 488.552256] ? find_vma+0x30/0x150 [ 488.555772] __do_page_fault+0x5c9/0xc90 [ 488.559810] ? mm_fault_error+0x2c0/0x2c0 [ 488.563929] ? find_held_lock+0x35/0x1d0 [ 488.567967] do_page_fault+0xee/0x720 [ 488.571739] ? __do_page_fault+0xc90/0xc90 [ 488.575949] ? lock_release+0xa40/0xa40 [ 488.579897] ? do_raw_spin_trylock+0x190/0x190 [ 488.584462] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 488.589281] page_fault+0x2c/0x60 [ 488.592708] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 488.598471] RSP: 0018:ffff8801d0307928 EFLAGS: 00010246 [ 488.603803] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 488.611047] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801d0307d28 [ 488.618287] RBP: ffff8801d0307a08 R08: 0000000000000000 R09: 1ffff1003a060ee7 [ 488.625527] R10: ffff8801d0307858 R11: 0000000000000003 R12: 1ffff1003a060f28 [ 488.632766] R13: ffff8801d03079e0 R14: 0000000000000000 R15: ffff8801d0307d20 [ 488.640036] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 488.645206] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 488.650369] ? iov_iter_revert+0x9d0/0x9d0 [ 488.654580] ? mark_held_locks+0xaf/0x100 [ 488.658699] ? simple_xattr_get+0xeb/0x160 [ 488.662908] ? current_kernel_time64+0x122/0x2f0 [ 488.667636] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 488.672629] generic_perform_write+0x200/0x600 [ 488.677194] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 488.682444] ? generic_update_time+0x1b2/0x270 [ 488.686999] ? __mnt_drop_write_file+0xd/0x70 [ 488.691470] ? file_update_time+0xbf/0x470 [ 488.695677] ? current_time+0xc0/0xc0 [ 488.699456] ? down_write+0x87/0x120 [ 488.703404] __generic_file_write_iter+0x366/0x5b0 [ 488.708305] ? check_noncircular+0x20/0x20 [ 488.712518] generic_file_write_iter+0x399/0x790 [ 488.717251] ? __generic_file_write_iter+0x5b0/0x5b0 [ 488.722327] ? iov_iter_init+0xaf/0x1d0 [ 488.726279] __vfs_write+0x684/0x970 [ 488.729961] ? lock_acquire+0x1d5/0x580 [ 488.733908] ? kernel_read+0x120/0x120 [ 488.737796] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 488.742521] ? __sb_start_write+0x209/0x2a0 [ 488.746819] vfs_write+0x189/0x510 [ 488.750333] SyS_write+0xef/0x220 [ 488.753760] ? SyS_read+0x220/0x220 [ 488.757357] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 488.762346] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 488.767080] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 488.771805] RIP: 0033:0x452e39 2018/01/17 19:08:00 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = syz_open_procfs(0x0, &(0x7f0000aac000-0x5)='attr\x00') getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000dd7000)={0x0, 0xe089}, &(0x7f00009d3000-0x4)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000fc9000+0x58d)={r1, 0x2}, &(0x7f0000e23000-0x4)=0x8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00004a9000-0x20)={@loopback={0x0, 0x1}, 0x400, 0x1, 0x0, 0x8, 0x0, 0x0, 0x800}, 0x20) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_ADD(r2, 0x4c81, r3) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f00008bd000-0x8)={0x0, 0x0}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:08:00 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) 2018/01/17 19:08:00 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:00 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:00 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) accept(0xffffffffffffff9c, &(0x7f000059c000)=@pppol2tpv3={0x0, 0x0, {0x0, 0x0, {0x0, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x0, 0x0, 0x0}}, &(0x7f000071d000-0x4)=0x2e) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00004a9000-0x4)=0xdcbb, 0x4) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:08:00 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:00 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80005, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000001000)=0x4, 0x4) bind$inet6(r0, &(0x7f0000002000)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) connect$inet6(r0, &(0x7f0000c33000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) r1 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000367000-0x58)={{0x9, 0x10001}, 0x0, 0x80, 0xffffffffffffffff, {0x1, 0x2ac}, 0x2, 0x101, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r1, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r2, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:08:00 executing program 5: socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:00 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 488.774964] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 488.782641] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 488.789883] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 [ 488.797123] RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 [ 488.804362] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7400 [ 488.811603] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:08:00 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:00 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000862000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:00 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(0xffffffffffffffff, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:00 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = getpid() sched_rr_get_interval(r1, &(0x7f0000b20000-0x10)={0x0, 0x0}) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:08:00 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:00 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:00 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000132000-0x14)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random=""/6, [0x0, 0x0]}, &(0x7f0000492000)=0x14, 0x80000) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f000082f000)=0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:08:00 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x5, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f000080d000-0x12)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000a4c000-0x28)={&(0x7f0000546000/0x3000)=nil, 0x8, 0x5, 0x80, &(0x7f00004a1000/0x3000)=nil, 0x0}) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:00 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:00 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:00 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0xfffffec1, 0x0, &(0x7f000002a000)=[], 0x74, 0x0, &(0x7f0000c5a000-0x74)="d427fd02d0d8886b48d2ab2d0c2d2ca09b4013d0d9b6c09b40ef9140ec89c7f9ecf08e039aca8c1acd7227bf79517d78c38389722301fdc4c0979c2f6fa77c6aefc132f29d41aedd42384f01bc19efcfc38d964b76bfb13777a4c2537213317b3f4cd8bc067a1ddffa54e7344d064afb70e1cad6"}) r0 = epoll_create1(0x0) fchdir(r0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) pipe(&(0x7f0000090000-0x8)={0x0, 0x0}) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x74, &(0x7f000001f000)=""/95, &(0x7f00001c1000)=0x5f) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) setsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f000014d000-0x8)={0x40, 0x261, 0x8, 0x8}, 0x8) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000f20000)=0x200, 0x1) 2018/01/17 19:08:00 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 488.994481] FAULT_FLAG_ALLOW_RETRY missing 30 [ 489.006339] CPU: 1 PID: 23934 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 489.013732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.023079] Call Trace: [ 489.025665] dump_stack+0x194/0x257 [ 489.029297] ? arch_local_irq_restore+0x53/0x53 [ 489.033969] ? handle_userfault+0x12b7/0x24c0 [ 489.038466] handle_userfault+0x12fa/0x24c0 [ 489.042786] ? handle_userfault+0x150b/0x24c0 [ 489.047298] ? userfaultfd_ioctl+0x4520/0x4520 [ 489.051877] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 489.057069] ? __lock_is_held+0xb6/0x140 [ 489.061126] ? print_irqtrace_events+0x270/0x270 [ 489.065857] ? print_irqtrace_events+0x270/0x270 [ 489.070600] ? get_user_pages_fast+0x277/0x340 [ 489.075173] ? switched_to_fair+0xb0/0xb0 [ 489.079300] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 489.084295] ? trace_hardirqs_on+0xd/0x10 [ 489.088414] ? get_user_pages_fast+0x14e/0x340 [ 489.092971] ? pick_next_entity+0x197/0x400 [ 489.097266] ? __lock_acquire+0x664/0x3e00 [ 489.101472] ? check_noncircular+0x20/0x20 [ 489.106544] ? __lock_acquire+0x664/0x3e00 [ 489.112587] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 489.118450] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 489.123616] ? find_held_lock+0x35/0x1d0 [ 489.127657] ? __handle_mm_fault+0x3296/0x3ce0 [ 489.132213] ? lock_downgrade+0x980/0x980 [ 489.136334] ? lock_release+0xa40/0xa40 [ 489.140289] ? copy_overflow+0x20/0x20 [ 489.145190] ? do_raw_spin_trylock+0x190/0x190 [ 489.151580] ? userfaultfd_ctx_put+0x740/0x740 [ 489.158318] __handle_mm_fault+0x32a3/0x3ce0 [ 489.164184] ? __pmd_alloc+0x4e0/0x4e0 [ 489.170129] ? print_irqtrace_events+0x270/0x270 [ 489.176165] ? find_held_lock+0x35/0x1d0 [ 489.181595] ? handle_mm_fault+0x248/0x8d0 [ 489.187283] ? lock_downgrade+0x980/0x980 [ 489.192951] handle_mm_fault+0x334/0x8d0 [ 489.198547] ? down_read+0x96/0x150 [ 489.203448] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 489.210174] ? vmacache_find+0x5f/0x280 [ 489.215343] ? find_vma+0x30/0x150 [ 489.220422] __do_page_fault+0x5c9/0xc90 [ 489.225505] ? mm_fault_error+0x2c0/0x2c0 [ 489.231449] ? find_held_lock+0x35/0x1d0 [ 489.237139] do_page_fault+0xee/0x720 [ 489.242304] ? __do_page_fault+0xc90/0xc90 [ 489.248250] ? lock_release+0xa40/0xa40 [ 489.253243] ? do_raw_spin_trylock+0x190/0x190 [ 489.260001] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 489.266479] page_fault+0x2c/0x60 [ 489.271382] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 489.279319] RSP: 0018:ffff8801ac40f928 EFLAGS: 00010246 [ 489.285610] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 489.292852] RDX: 000000000000010b RSI: ffffc900020bb000 RDI: ffff8801ac40fd28 [ 489.300103] RBP: ffff8801ac40fa08 R08: 0000000000000000 R09: 1ffff10035881ee7 [ 489.307346] R10: ffff8801ac40f858 R11: 0000000000000003 R12: 1ffff10035881f28 [ 489.314585] R13: ffff8801ac40f9e0 R14: 0000000000000000 R15: ffff8801ac40fd20 [ 489.321841] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 489.327015] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 489.332186] ? iov_iter_revert+0x9d0/0x9d0 [ 489.336400] ? mark_held_locks+0xaf/0x100 [ 489.340520] ? simple_xattr_get+0xeb/0x160 [ 489.344728] ? current_kernel_time64+0x122/0x2f0 [ 489.349461] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 489.354454] generic_perform_write+0x200/0x600 [ 489.359042] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 489.364299] ? generic_update_time+0x1b2/0x270 [ 489.368857] ? __mnt_drop_write_file+0xd/0x70 [ 489.373325] ? file_update_time+0xbf/0x470 [ 489.377536] ? current_time+0xc0/0xc0 [ 489.381314] ? down_write+0x87/0x120 [ 489.385007] __generic_file_write_iter+0x366/0x5b0 [ 489.390621] ? check_noncircular+0x20/0x20 [ 489.394834] generic_file_write_iter+0x399/0x790 [ 489.399565] ? __generic_file_write_iter+0x5b0/0x5b0 [ 489.404643] ? iov_iter_init+0xaf/0x1d0 [ 489.408596] __vfs_write+0x684/0x970 [ 489.412288] ? lock_acquire+0x1d5/0x580 [ 489.416241] ? kernel_read+0x120/0x120 [ 489.420122] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 489.424851] ? __sb_start_write+0x209/0x2a0 [ 489.429154] vfs_write+0x189/0x510 [ 489.432671] SyS_write+0xef/0x220 [ 489.436098] ? SyS_read+0x220/0x220 [ 489.439698] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 489.444687] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 489.449420] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 489.454147] RIP: 0033:0x452e39 [ 489.457308] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 489.464988] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 489.472235] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 [ 489.479485] RBP: 0000000000000025 R08: 0000000000000000 R09: 0000000000000000 [ 489.486727] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee418 2018/01/17 19:08:01 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:01 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, "1fa81bdfc5693eaacc403eec0ebb14069da82c46b9813b79f8bb872e8122474e9e1e68d7ddad316b235a8651", 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "e7ad6a30f1efb3a8f2f1256dcb0c09c578524021857b879d300ee8a096c658540ed7e3898814aeaed1611e720d68c8376f030d52f18f76e5366434ffa74d3c2d", &(0x7f0000007000)="706f7369785f61636c5f6163636573735d2e027573657224657468312d7d00", 0x1f, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x400000004, 0x0, 0x0, 0x5], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r0 = syz_open_dev$sndctrl(&(0x7f000000a000)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000005000)=0x0, 0x2}, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000)=""/250) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x41c100, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) 2018/01/17 19:08:01 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x0, 0x0) mmap(&(0x7f0000981000/0x4000)=nil, 0x4000, 0x3000009, 0x10013, r0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000519000)='/dev/loop-control\x00', 0x2, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f00004f3000-0xd0)={r0, 0x10001, 0xffff, "8aa2178422391a2b0df831bd88595bb39ae2aba280c0a4af4c876c40b22da3456ec875345a5aa47d5d873f3e77980e4dacd2b36677febd074c6dec838bc7404b284027565b657cc47a0f3791b9edbf1aeaae8d0141fc07ca6d0dadf4c169ade392b68560dd9b300ccced6e4724a70423a4d27cfbc98ceaf0c816f20c33f942f1d8a22505d6efb131801acf209c2e5878ece23f9c0a4dca861178a3b9053f56a7826fe8fa62db8605f2d00eaa06dd44faf6b6ffb853faa9ed6eeb8a48f229447b11eec3a31a2d"}) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000c9d000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000dda000-0x11)='/selinux/context\x00', 0x2, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000708000)=0x0) 2018/01/17 19:08:01 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000223000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket(0x15, 0x80005, 0x0) getsockopt(r2, 0x114, 0x2715, &(0x7f0000af1000-0x19)=""/13, &(0x7f000033c000-0x4)=0xd) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000c81000/0x4000)=nil, 0x4000}, 0x3, 0x0}) r3 = creat(&(0x7f0000614000)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) [ 489.493977] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:08:01 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x0, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:01 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c80, r2) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:01 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) mprotect(&(0x7f0000678000/0x3000)=nil, 0x3000, 0x2) [ 489.572171] snd_dummy snd_dummy.0: control 120:0:0:Î:0 is already present 2018/01/17 19:08:01 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) accept$unix(r1, &(0x7f0000651000-0x1002)=@file={0x0, ""/4096}, &(0x7f0000c14000)=0x1002) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) ioctl$KDGETKEYCODE(r1, 0x4b4c, &(0x7f000016a000-0x8)={0x7, 0x1ff}) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:01 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000487000)={0x0, 0x0}, 0x4000) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @dev={0xac, 0x14, 0x0, 0x14}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f00006d7000-0x20)={0x1, 0x0, [{0x80000002, 0x2ce, 0x6, 0x8, 0x80000000, 0x0}]}) r2 = syz_open_dev$sndpcmp(&(0x7f00009e7000-0x12)='/dev/snd/pcmC#D#p\x00', 0x38b8, 0x580) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000d55000-0x4)=0x0, &(0x7f00004bc000-0x4)=0x4) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000113000-0xa)='/dev/ptmx\x00', 0x200240, 0x0) getpeername$unix(r0, &(0x7f0000a12000-0x16)=@file={0x0, ""/20}, &(0x7f0000aea000)=0x16) 2018/01/17 19:08:01 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x0, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 1: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000001000-0x4)=0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001000-0x11)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f0000001000-0x1c)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendto$ipx(r1, &(0x7f0000239000)="153ce6756e6fc9a4306e15568c463a86983b2fa59d12f681b8a75ce87f8766f0a60c6819bf702af4bad52dbcbff61a56f97ce54107fc5c66927abefd7eca045b56ec8153a236379c7a5757dba8a6dafd7f9df7c2a4bf464206405acfc32d2745f39c2075119a4b61f47f87ed8dcd35cfeb319b4d49b9fcd4baf498bbcf6c0017ac0302d4dbd8c2f833c16a3d0f70058a2dbbb1936f1324b33de64df43f8ccf3ae3f6c8e93b3b91093d60d2748a4644285955112908ed76d201aea1db9d1bd4023a3290b86941187d632d68d4dc9f958bd70f7aa2dbfb3593093f35a95569ff8cea71818ada015d4664a6f1", 0xeb, 0x0, &(0x7f0000b91000)={0x4, 0x8001, 0x1f, "1b8e6b48bbd8", 0xfffffffffffffff8, 0x0}, 0x10) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) openat$selinux_context(0xffffffffffffff9c, &(0x7f0000d02000-0x11)='/selinux/context\x00', 0x2, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) 2018/01/17 19:08:01 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000000e000-0xa)='./control\x00', 0x0) r0 = open(&(0x7f0000741000)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) recvfrom(0xffffffffffffffff, &(0x7f000015d000)=""/92, 0x5c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000b0c000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000fdd000-0x28)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f00000a2000-0xdd)=""/221) r2 = creat(&(0x7f0000614000)='./file0\x00', 0x1) write$sndseq(r2, &(0x7f0000012000-0x2e)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @quote={{0x0, 0x0}, 0x0, 0x0}}], 0x30) rename(&(0x7f00007e3000)='./file0\x00', &(0x7f0000ab4000-0x10)='./control/file0\x00') r3 = syz_open_dev$vcsa(&(0x7f00009bb000-0xb)='/dev/vcsa#\x00', 0x80000001, 0x1) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f0000b59000-0x10)="19f1b987d3adfcd975efc4d037cee80f", 0x10) fremovexattr(r0, &(0x7f0000939000)=@known='security.capability\x00') ioctl$UFFDIO_ZEROPAGE(r1, 0x8010aa02, &(0x7f0000002000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/17 19:08:01 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x0, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) r1 = msgget(0x0, 0x0) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000db8000)=""/137) 2018/01/17 19:08:01 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000411000-0x12)='/dev/loop-control\x00', 0xfffffffffffffffe, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:01 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000001000-0x2)='./file0\x00', 0x2000, 0x45) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000315000-0x10)=@req={0x50, &(0x7f0000000000)={@generic="33502344b4a8590b1bafea3486fe5861", @ifru_ivalue=0x1}}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000663000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f000037f000-0x8)={0x0, 0x0}, &(0x7f0000548000-0x4)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000f57000)={r1, 0xff}, 0x8) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) [ 489.779278] FAULT_FLAG_ALLOW_RETRY missing 30 [ 489.788863] CPU: 0 PID: 24022 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 489.796246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.805591] Call Trace: [ 489.808196] dump_stack+0x194/0x257 [ 489.811831] ? arch_local_irq_restore+0x53/0x53 [ 489.816509] ? handle_userfault+0x12b7/0x24c0 [ 489.821022] handle_userfault+0x12fa/0x24c0 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, 0xffffffffffffffff, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, 0xffffffffffffffff, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 489.825342] ? handle_userfault+0x150b/0x24c0 [ 489.829858] ? userfaultfd_ioctl+0x4520/0x4520 [ 489.834431] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 489.839608] ? __lock_is_held+0xb6/0x140 [ 489.843654] ? print_irqtrace_events+0x270/0x270 [ 489.848392] ? print_irqtrace_events+0x270/0x270 [ 489.853137] ? get_user_pages_fast+0x277/0x340 [ 489.857708] ? perf_event_sync_stat+0x5b0/0x5b0 [ 489.862356] ? __perf_event_task_sched_in+0x200/0xc20 [ 489.867527] ? __lock_acquire+0x664/0x3e00 [ 489.871737] ? check_noncircular+0x20/0x20 [ 489.875941] ? __lock_acquire+0x664/0x3e00 [ 489.880163] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 489.885341] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 489.891182] ? find_held_lock+0x35/0x1d0 [ 489.896526] ? __handle_mm_fault+0x3296/0x3ce0 [ 489.902298] ? lock_downgrade+0x980/0x980 [ 489.906420] ? lock_release+0xa40/0xa40 [ 489.910370] ? copy_overflow+0x20/0x20 [ 489.914231] ? do_raw_spin_trylock+0x190/0x190 [ 489.918787] ? userfaultfd_ctx_put+0x740/0x740 [ 489.923354] __handle_mm_fault+0x32a3/0x3ce0 [ 489.927742] ? __pmd_alloc+0x4e0/0x4e0 [ 489.931875] ? print_irqtrace_events+0x270/0x270 [ 489.938513] ? plist_check_head+0xe2/0x130 [ 489.944197] ? find_held_lock+0x35/0x1d0 [ 489.948254] ? handle_mm_fault+0x248/0x8d0 [ 489.952466] ? lock_downgrade+0x980/0x980 [ 489.956612] handle_mm_fault+0x334/0x8d0 [ 489.960648] ? down_read+0x96/0x150 [ 489.964249] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 489.968802] ? vmacache_find+0x5f/0x280 [ 489.972751] ? find_vma+0x30/0x150 [ 489.976270] __do_page_fault+0x5c9/0xc90 [ 489.980311] ? mm_fault_error+0x2c0/0x2c0 [ 489.984433] ? get_futex_value_locked+0xc3/0xf0 [ 489.989861] do_page_fault+0xee/0x720 [ 489.993642] ? __do_page_fault+0xc90/0xc90 [ 489.997853] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 490.003027] ? check_noncircular+0x20/0x20 [ 490.007239] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 490.012316] ? futex_wait+0x6a9/0x9a0 [ 490.016095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 490.020917] page_fault+0x2c/0x60 [ 490.024350] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 [ 490.030115] RSP: 0018:ffff8801c446f928 EFLAGS: 00010246 [ 490.035450] RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82586671 [ 490.042694] RDX: 00000000000000c9 RSI: ffffc900020bb000 RDI: ffff8801c446fd28 [ 490.049935] RBP: ffff8801c446fa08 R08: 1ffff100386c2532 R09: 0000000000000000 [ 490.057176] R10: ffff8801c446f858 R11: 0000000000000000 R12: 1ffff1003888df28 [ 490.064417] R13: ffff8801c446f9e0 R14: 0000000000000000 R15: ffff8801c446fd20 [ 490.071673] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 490.076840] ? iov_iter_fault_in_readable+0x1a1/0x410 [ 490.082004] ? iov_iter_revert+0x9d0/0x9d0 [ 490.086223] ? mark_held_locks+0xaf/0x100 [ 490.090341] ? simple_xattr_get+0xeb/0x160 [ 490.094550] ? current_kernel_time64+0x122/0x2f0 [ 490.099282] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 490.104273] generic_perform_write+0x200/0x600 [ 490.108844] ? filemap_fdatawait_keep_errors+0xb0/0xb0 [ 490.114102] ? current_time+0x88/0xc0 [ 490.117888] ? file_update_time+0xbf/0x470 [ 490.122097] ? current_time+0xc0/0xc0 [ 490.125876] ? down_write+0x87/0x120 [ 490.129566] __generic_file_write_iter+0x366/0x5b0 [ 490.134470] ? check_noncircular+0x20/0x20 [ 490.138683] generic_file_write_iter+0x399/0x790 [ 490.143417] ? __generic_file_write_iter+0x5b0/0x5b0 [ 490.148496] ? iov_iter_init+0xaf/0x1d0 [ 490.152448] __vfs_write+0x684/0x970 [ 490.156131] ? lock_acquire+0x1d5/0x580 [ 490.160079] ? kernel_read+0x120/0x120 [ 490.163973] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 490.168702] ? __sb_start_write+0x209/0x2a0 [ 490.172998] vfs_write+0x189/0x510 [ 490.176520] SyS_write+0xef/0x220 [ 490.179950] ? SyS_read+0x220/0x220 [ 490.183550] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 490.188549] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 490.193288] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 490.198020] RIP: 0033:0x452e39 [ 490.201185] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 [ 490.208864] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452e39 [ 490.216116] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 [ 490.223359] RBP: 0000000000000230 R08: 0000000000000000 R09: 0000000000000000 2018/01/17 19:08:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f0000567000-0x3b)=""/73) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000886000-0x4)=0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000cce000)={0x8, 0xfff, 0x2, 0x78d, 0x5, 0x1fb, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 490.230599] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f1520 [ 490.237842] R13: 00000000ffffffff R14: 00007efe3e5a76d4 R15: 0000000000000000 2018/01/17 19:08:02 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) rt_sigaction(0x1, &(0x7f000046f000-0x20)={0x1db7, {0x8}, 0xc8000002, 0x5}, 0x0, 0x8, &(0x7f0000563000)={0x0}) openat$hwrng(0xffffffffffffff9c, &(0x7f0000ff7000-0xb)='/dev/hwrng\x00', 0x0, 0x0) 2018/01/17 19:08:02 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, 0xffffffffffffffff, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:02 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000441000)='/selinux/member\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000d1b000)={0x1c, 0x0, &(0x7f0000544000-0x1c)=[@acquire={0x40046305, 0x0}, @clear_death={0x400c630f, 0x4, 0x2}, @register_looper={0x630b}], 0x7b, 0x0, &(0x7f0000806000)="eb72a6ff40b83ac435de623228906e31521e879fb0522bb61223135b1a36109b0a74f0e6a286bf0d8aa08954a528c85b1357853fa919510a6dd096013d1847c072b46b5e032544863c28d403ad8786d775518ba70da1853040ae09e2d1f228b51767acfa93d5f64b9ae7845034a8b849176035bc334c9d9f1bd0b1"}) bind$bt_sco(r0, &(0x7f00009b6000-0x8)={0x1f, {0x2, 0x5, 0x9, 0x4, 0x1c00000, 0x1}}, 0x8) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f000082f000)=0x0, &(0x7f0000bf7000-0x4)=0x4) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) 2018/01/17 19:08:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nfc_raw(0x27, 0x0, 0x0) personality(0x1300000) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000764000)=0x4) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000c63000-0x8)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:02 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x0, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:02 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00001d8000-0x8)={0x0, 0x0}) 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000e30000)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:02 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/01/17 19:08:02 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r0 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 6: lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:02 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000fc5000-0x21c)=[{{&(0x7f00002e3000-0x20)=@pptp={0x0, 0x0, {0x0, @multicast1=0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x20, &(0x7f0000f10000-0x60)=[{&(0x7f0000023000)=""/51, 0x33}, {&(0x7f00000cc000)=""/60, 0x3c}, {&(0x7f000013f000)=""/88, 0x58}, {&(0x7f0000646000)=""/92, 0x5c}, {&(0x7f0000d7d000)=""/4096, 0x1000}, {&(0x7f00008ae000)=""/62, 0x3e}], 0x6, &(0x7f0000f99000)=""/181, 0xb5, 0x1}, 0x3}, {{0x0, 0x0, &(0x7f000010f000-0x20)=[{&(0x7f00005c8000)=""/140, 0x8c}, {&(0x7f0000635000)=""/0, 0x0}], 0x2, &(0x7f0000c1c000-0x99)=""/153, 0x99, 0x6}, 0x3}, {{0x0, 0x0, &(0x7f0000111000-0x30)=[{&(0x7f0000208000-0x66)=""/102, 0x66}, {&(0x7f00006ca000)=""/138, 0x8a}, {&(0x7f0000dd8000)=""/32, 0x20}], 0x3, &(0x7f00003b6000)=""/37, 0x25, 0x6}, 0x80000000}, {{0x0, 0x0, &(0x7f0000cbb000-0x20)=[{&(0x7f00007ca000)=""/171, 0xab}, {&(0x7f0000ab5000)=""/4096, 0x1000}], 0x2, &(0x7f000028f000)=""/97, 0x61, 0x6}, 0x162c}, {{&(0x7f000050b000-0x60)=@nfc_llcp={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/63, 0x0}, 0x60, &(0x7f00003d9000)=[{&(0x7f0000d29000-0x2b)=""/43, 0x2b}], 0x1, 0x0, 0x0, 0xe16a}, 0x47}, {{&(0x7f0000329000)=@pptp={0x0, 0x0, {0x0, @multicast1=0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x20, &(0x7f00001f9000)=[{&(0x7f00008ce000-0xe0)=""/224, 0xe0}, {&(0x7f0000a89000-0x6c)=""/108, 0x6c}, {&(0x7f00008d4000-0x90)=""/144, 0x90}, {&(0x7f0000726000-0x12)=""/18, 0x12}, {&(0x7f00007de000)=""/95, 0x5f}, {&(0x7f00004f4000-0xea)=""/234, 0xea}], 0x6, &(0x7f0000317000)=""/65, 0x41, 0x8}, 0x3}, {{&(0x7f0000538000-0x3a)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, @mcast2={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x0}}}, 0x3a, &(0x7f00002ec000-0x30)=[{&(0x7f0000de3000)=""/0, 0x0}, {&(0x7f0000182000)=""/145, 0x91}, {&(0x7f00005d4000-0xe1)=""/225, 0xe1}], 0x3, &(0x7f00007a4000-0x9e)=""/158, 0x9e, 0x100}, 0x21cc}, {{&(0x7f0000d0a000)=@pppol2tpin6={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0], @empty=0x0}, 0x0}}}, 0x32, &(0x7f0000686000)=[{&(0x7f0000972000)=""/162, 0xa2}, {&(0x7f000051f000)=""/61, 0x3d}, {&(0x7f0000e0e000-0x98)=""/152, 0x98}], 0x3, &(0x7f0000781000)=""/219, 0xdb, 0x2}, 0x7}, {{0x0, 0x0, &(0x7f000076b000)=[{&(0x7f0000acb000)=""/93, 0x5d}, {&(0x7f00002b0000-0x6f)=""/111, 0x6f}], 0x2, &(0x7f000010f000)=""/58, 0x3a, 0x0}, 0x9}], 0x9, 0x40000000, &(0x7f00002c5000-0x10)={0x0, 0x0}) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f000011a000)=@assoc_value={0x0, 0x8a9}, &(0x7f0000b72000)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00006bd000)=@sack_info={r1, 0x4, 0x40}, &(0x7f00002c3000-0x4)=0xc) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) 2018/01/17 19:08:02 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = syz_open_dev$sg(&(0x7f0000f4e000-0x9)='/dev/sg#\x00', 0x8, 0x12000) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000028000)={0x0, 0x6}, &(0x7f00002e4000)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00008bf000-0x8)={r1, 0x7fff}, 0x8) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c81, 0x0) r3 = add_key$user(&(0x7f0000896000-0x5)='user\x00', &(0x7f00004de000)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f0000d2a000)="4e930e2b439cb7cd63a97a795d0a0e6b7c3c890ef9886522f4d900b60b267cf0a8cc8390bcff5f49dcd21856adbcbc31e03e0b2833301fe81d0002c1431e62690da6ed1362f77d473e2b8b184f89a9e4dc657ba38c7cc70ab37b66a2aa697dc478f60f855ff3e79dc1cd69853fac449724aa6cb736d91c4fc791ea6b7c4da2ee89c69439b559a045f2436903f9083a2c321eff", 0x93, 0xfffffffffffffffa) r4 = request_key(&(0x7f0000d92000)='cifs.spnego\x00', &(0x7f0000b23000-0x5)={0x73, 0x79, 0x7a, 0x1, 0x0}, &(0x7f000038e000-0x9)='/dev/sg#\x00', 0xfffffffffffffff9) keyctl$search(0xa, r3, &(0x7f00002c6000-0xa)='syzkaller\x00', &(0x7f0000e86000)={0x73, 0x79, 0x7a, 0x2, 0x0}, r4) getcwd(&(0x7f00000e6000)=""/188, 0xbc) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:08:02 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000b0f000-0x8)={0x0, 0x0}, 0x1, 0x0) fdatasync(r0) 2018/01/17 19:08:02 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r0 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 6: lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:08:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f000088d000)='/dev/hwrng\x00', 0x1, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00008e1000-0x20)={0x6, 0x0, 0x0, 0x800}) ioctl$DRM_IOCTL_AGP_BIND(r1, 0x40106436, &(0x7f0000235000)={r2, 0x1ff}) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000a15000-0x8)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:08:02 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000086000)='/selinux/context\x00', 0x2, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f000062a000-0x4)=0x8, 0x4) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f00009b8000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c81, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000780000-0xc)={0x1, r1, 0x1}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r2, 0xc10c5541, &(0x7f0000132000-0x10c)={0x0, 0x10001, 0x80000001, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x80000000, 0xfffffffffffffff9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000ffb000-0x4)=0x0) 2018/01/17 19:08:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f00003e6000)=0x7) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket(0x18, 0x0, 0x0) connect$ax25(r1, &(0x7f0000433000-0x10)={0x3, {"cec1bd24010896"}, 0x40}, 0x10) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:02 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 1: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001000-0x9)='net/tcp6\x00') ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000f08000-0x4)=0x0) waitid(0x0, r1, 0x0, 0x4, &(0x7f000076c000-0x90)={{0x0, 0x0}, {0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000cfa000)='/dev/input/mouse#\x00', 0x7, 0x200) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000095000-0xe8)={{{@in=@rand_addr=0x0, @in6=@ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0], @rand_addr=0x0}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in=@broadcast=0x0, 0xffffffffffffffff, 0x0}, 0x0, @in=@multicast1=0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f000011c000-0x4)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000d08000-0xe8)={{{@in=@broadcast=0xffffffff, @in=@multicast2=0xe0000002, 0x3, 0x0, 0x0, 0x100000000, 0xa, 0x0, 0xa0, 0x3b, 0x0, r3}, {0x100, 0x532d, 0x2, 0x80000000, 0x3, 0x8, 0xffffffffffffa8cf, 0x7f}, {0x10001, 0x4, 0x200, 0x80}, 0x7, 0xe, 0x0, 0x0, 0x3, 0x3}, {{@in=@multicast2=0xe0000002, 0x1, 0x6c}, 0xa, @in6=@mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x4, 0x0, 0x3, 0x6, 0x8a0, 0x4f, 0x40}}, 0xe8) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) prctl$seccomp(0x16, 0x1, &(0x7f0000259000)={0x3, &(0x7f0000930000-0x18)=[{0xfffffffffffffff7, 0x10001, 0x80, 0x8}, {0x701f, 0x8, 0x1, 0x8}, {0x57, 0xe1c800, 0x7, 0x9}]}) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f000034a000)='/dev/loop-control\x00', 0xfffffffffffffffd, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) 2018/01/17 19:08:02 executing program 5: semget(0x2, 0x3, 0xa0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fstat(0xffffffffffffff9c, &(0x7f00000ed000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x6, &(0x7f00002f6000)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]) r2 = getgid() fstat(0xffffffffffffffff, &(0x7f0000784000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x4, &(0x7f0000dc9000)=[r0, r1, r2, r3]) socket$nfc_raw(0x27, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000111000)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) flock(r4, 0xc) 2018/01/17 19:08:02 executing program 6: lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:02 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r0 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:02 executing program 0 (fault-call:3 fault-nth:0): mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:08:02 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lgetxattr(&(0x7f000082d000-0x8)='./file0\x00', &(0x7f0000eca000)=@known='security.capability\x00', &(0x7f00009b8000-0x3d)=""/61, 0x3d) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) r1 = accept$netrom(0xffffffffffffff9c, &(0x7f00006df000-0x10)=@ax25={0x0, {""/7}, 0x0}, &(0x7f0000623000)=0x10) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:08:02 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) [ 490.706792] FAULT_INJECTION: forcing a failure. [ 490.706792] name failslab, interval 1, probability 0, space 0, times 0 2018/01/17 19:08:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(r1, 0x540b, 0x0) [ 490.726751] audit: type=1326 audit(1516216082.733:27374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24172 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452e39 code=0x0 [ 490.808467] audit: type=1326 audit(1516216082.815:27375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24172 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452e39 code=0x0 [ 490.864782] CPU: 0 PID: 24178 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #265 [ 490.872138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 490.881467] Call Trace: [ 490.884043] dump_stack+0x194/0x257 [ 490.887664] ? arch_local_irq_restore+0x53/0x53 [ 490.892315] ? __might_sleep+0x95/0x190 [ 490.896271] should_fail+0x8c0/0xa40 [ 490.899972] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 490.905055] ? mutex_lock_io_nested+0x1900/0x1900 [ 490.909890] ? find_held_lock+0x35/0x1d0 [ 490.913939] ? __lock_is_held+0xb6/0x140 [ 490.917985] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 490.923841] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 490.928835] ? rcu_note_context_switch+0x710/0x710 [ 490.933759] should_failslab+0xec/0x120 [ 490.937715] kmem_cache_alloc_trace+0x4b/0x750 [ 490.942274] ? driver_deferred_probe_del+0x2b9/0x430 [ 490.947354] ? deferred_probe_work_func+0x580/0x580 [ 490.952354] ? devm_device_remove_groups+0x50/0x50 [ 490.957268] kobject_uevent_env+0x1ed/0xd30 [ 490.961565] ? sysfs_remove_group+0xf6/0x1b0 [ 490.965959] kobject_uevent+0x1f/0x30 [ 490.969742] device_del+0x682/0xb10 [ 490.973351] ? __device_links_no_driver+0x2c0/0x2c0 [ 490.978344] ? mntput+0x66/0x90 [ 490.981608] device_unregister+0x15/0x30 [ 490.985647] bdi_unregister+0x609/0x890 [ 490.989601] ? wb_blkcg_offline+0x200/0x200 [ 490.993913] ? __lock_is_held+0xb6/0x140 [ 490.997971] ? mutex_unlock+0xd/0x10 [ 491.001669] ? kernfs_remove_by_name_ns+0x65/0xb0 [ 491.006490] del_gendisk+0x4eb/0xa40 [ 491.010181] ? refcount_sub_and_test+0x115/0x1b0 [ 491.014919] ? disk_events_poll_msecs_store+0x1d0/0x1d0 [ 491.020261] ? mark_held_locks+0xaf/0x100 [ 491.024392] ? refcount_dec_and_test+0x1a/0x20 [ 491.028961] ? blk_cleanup_queue+0x3f2/0x570 [ 491.033345] loop_remove+0x63/0xc0 [ 491.036862] loop_control_ioctl+0x402/0x490 [ 491.041158] ? loop_add+0xa70/0xa70 [ 491.044768] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 491.050638] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 491.055472] ? loop_add+0xa70/0xa70 [ 491.059074] do_vfs_ioctl+0x1b1/0x1520 [ 491.062931] ? _cond_resched+0x14/0x30 [ 491.066797] ? ioctl_preallocate+0x2b0/0x2b0 [ 491.071194] ? selinux_capable+0x40/0x40 [ 491.075240] ? __sb_end_write+0xa0/0xd0 [ 491.079191] ? fput+0xd2/0x140 [ 491.082363] ? security_file_ioctl+0x89/0xb0 [ 491.086747] SyS_ioctl+0x8f/0xc0 [ 491.090092] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 491.094818] RIP: 0033:0x452e39 [ 491.097983] RSP: 002b:00007efe3e5a6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 491.105666] RAX: ffffffffffffffda RBX: 00007efe3e5a6aa0 RCX: 0000000000452e39 [ 491.112911] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000013 [ 491.120157] RBP: 00007efe3e5a6a90 R08: 0000000000000000 R09: 0000000000000000 [ 491.127402] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7bb6 [ 491.134647] R13: 00007efe3e5a6bc8 R14: 00000000004b7bb6 R15: 0000000000000000 2018/01/17 19:08:03 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:03 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000e48000)={0xc, 0x0, &(0x7f0000d13000)=[@dead_binder_done={0x40086310, 0x2}], 0x1000, 0x0, &(0x7f000064b000-0x1000)="8e59f6c1c7c759a5de76af67261f58cded3a8e8435f3884a9a6997996090b2bef542c5f1596de01d8133de296b220fc660d4d630dbf77773b03b0fe485be60230f5828109688e9455a713ab9d557a18fe5155881bf456369824475e074bbb1662681eb716a54d65b5c99b3b9ece1d756cff73e705d4aa5e0dd453effe57d184e5fc0cda9387720ed1b289f82243032974830eb1f1bd338dcf8ade485a5b7b3935ec9ea8c1181211783970936118cae12e9dae12908545c66f44383cb16897264f9ed174cc199b92dff0f0b698db2e47340b53f971da6132670c4c5269bee900418484ba629bf7a66faaa51b981af10c4688d286f701074b92111115cffb085a6ed0d33d645fb7896339df22a4860002132980d71286a71c323a3efa677ac7f4bb58bfc5cedbb33358f328e420518c78bdb440a57dbc5e92ebf70bca5bda5d86867a6c61a9adff07faddd6e2de3c7845e067a9ab1c122155588f10159d48afe1cabb6dfed06e59b46c5f3d002e5ab291bb6c64fb144e64fdaf9d7fbf3f6c119f61698253a54fb049556da46ad2b60d5275f0f2099603134f10b034d681871000463df6b62a0c04ad3e377e24d7ad29a4965275e56cc6c43e4bcd3e38e17b33552bbe0dca42f977956de20bac5853e6d5865468fdd14c160b5590581ed6e721dcc302a9886d7499bfffaad35debaa28d22f94d59ac4b7ed6dab8537d590df355a25aa96d1a2fcef324ee59196f8ac7f2a55a9054523168ec1c2560a09615333a936cf0b5fd79285d45e07dba4d7a7c657db9889c642998f9aca60aa8141f9a616c9749b2588777849232748259c86c159d5d1261aa43a669a99573ab2aa1883112b7fc3c61781bc8f4cc385928782c58ec563a3a15e18f3035af5c8d3193976a1e5e7cb8a91f2503d10ed700671505877acaecc80132cb6eb5d165becc6c8c83e4808820b62249768e6245bd22bfba00e619bb612ba70429cd17585857082b38c0ca5198c9aaa3c79f7e6f8ccf70ee0a054afa503aefd578579c1d20a0439d8dcc1833f0c75534ae7bdef887a51da00966fc1b49b3590f2593addf33da966d35ebebe3d96a2e6d955971c2898fe5bc053e7c3cd2766e8c34e76771242ff8fc2cec9371dc16ebeb96ec2c30c92d49faa67b49ac87d2a48d4ecd0aa6a3553b0b817ec5052ec523a3fef357f8c329c32f5ecaf9bfb82369fc30a5a344d1810a4d1303ab90e8a6a5bc3d9d46879df48aa1aa63abc46d65cbeadeec97bbded0d4f8770d78539628d114c5bf673d9f93495a23456368d3946f0953c341cb7dbe0ced6eef21910762e0234b1c934093a293f0eb895f1a39e2d9389eff80639e91adbdd6ab9df9a86810434aeec0e85b3d033147ef871903ddb0fa7ec0777a62839089e4209d7034a535f46bce32e2ca4c0018c5ecdc39cd50f88925b97f2b61a0161ea56d45687ee974a4e2090b902caead30b69b124a3aa6d67152512d5450a1421b0ec11e59e1020de8e313082237a96d66559132224ff0d74ba1f0f2ad1d37a066c6d7a5e1325f1c3f8d497b3f855df8c92e7acb1eb17a44f97db747d551d11d18d2b97366dae8f25c201efebdb35b48fdf36d93ffe31a0f92d962fde71db227c535175460c2e78d2930bf695208594d3a75319514b7bfc0cac16bca1052be2daac7ba8f16c15b0bf39b8538c325452a228bcb01823b4b094acce08f3e6b352ac503a2859c7bb2fda22c6a37da8c17bd05aa2de6d70f8af74079f94b4e19eed56e50a66b40c32202b4cb8d9877e178891804af0d65716670a4a93d34f0af37d884fd4575fdf0ef996f1887ff3c4e205b1605bf28a79325ed9e71fa6163e834d9e6f180ecab13e5499e10d0c1b924c18f4d2058bb6f93d0d8863f7f3029c27a47fa336dc522eaa42485c77fe979523bd8aaccc3f3ee958b6e42d33a28af1a1ccb2db4195ea588dfe8d952ef79d064368d23574ff646dd49752744889023ecac5874e986df7016cf05a67f0592c71566acce417fc3dc336675dcf63a660ca74465ceb93a36c4dadb63bfbe19638d3916ee8b74c17a47392b573b993fca09452f933d25375bea28e10846e813682c33f5d6d428ae67f301479cdc8ec42615aa610f351222807d00e09ebd00e037ebe16249f8b4b40e3ed5322c55770d581535ee66f708254014c85289bcc03d7dc8934227c40e5d60afdfc927386e99eb9ecdfcde31c2a2b9d10fa368388d32e2bca1eb6621d6799af088c4e0c85e874a233db54b746ebdc8f014c9c444557162fb75c3920de70fa79272e22d493f46ab4a1a695a7e17122b71d80a30514bdeca555dc84c81c9c764994c5f513a2b7f43ca71a7529be575a8d749ea31583a4daac7cd5a12ad061ca92e60ed1ba69671b3b0feb5cd73a6e661f53b4fa60226727aeb6aa00d93498559e83f1fd5e17705eeb45e572fc145e82854302b88775a97fc7e658e2d86abb9363f053874e1a9e6fa86df5bbb0cec7d0f29db8f70cc9bf8162e6ef89c8566a837383cc0aa6028caf18aa90e0d11b343cbd09ae026c8dbb0d17e5b6010f2c20aa77c60d29d569d507ce8fdbd072b6693f9db61dc6c54a3a57377b68b01885fa97ac85b07e4e132d980fbab775ab7c741b95d138a78ac55f7ff2b9bc6ce4f237b233a57856e6e828a6211324e4890535d0d97820c5246d13f82f96a7580603d40babe97c6a8a24bac42b38a37af3e02b572787f96fd610aec39678c01f573f4a0e53ca8217170d76b766d411455451bcb3f93d28573e2267feb06ecd75f99369ad5f681a992793d4f21950835cdc2ada82be1c827f827d0f0d653ebeb7a86103b2f059ea552ccffeabbe92abd02160c8a294d0e0bdef3e73bad10ed8c2afc8baf59428f506b67070205be73d4c755bf9c6d1213a08068798b582aa0989a81d22d8b04fbf11cbf07a5b916aeee9d36291ef4d05d68198569057dafded49230d9cd87fa23feb9fa18c9bb1ed9c5c014aadf267aa9fac4e5c269c4615df46f0e6cd6808f903fe0efbaae0d341a02bdd6756390ec8ce1412facff52f5535a1256edb30cec61aa44c1dfbcdd50f549a74203f611ca6200fe35d42d69e39ef05885b79ca6fb3c605e5be9550f761dd7756330bd91fa056d66c6e23967eb30d4223d55c25eb27600cfb329d1ca066f475576ac620cae00b2fadd5808a47e5d55b6968911427740196123a713bb48fb3e8760fcb81378efcffd8d19aab188433d6b0933b6b98a3a29b275659becacc6baffd0e3eda59492365392d981ee6f5e806710db1884ac31e881f76e6740b782cf59df6afa82bb308369775704241fa4db7449f0605efa09d149c26b648b5c0a9ae17eade8f6628a93ca54f32ef82a16754b26bde218633b535aedafb4f36e6f6b05235137a71a6fb607bca08b2c68942af480e01de0f0be2a38df7f28e850b35b8578e9e68f6ec9cdfee767533493dbf7d106ec7dbf6dd247e2300e5428145af9a820c771fab986b40cb353e881ab3deb2798de54f8e88074dce850444a99397965759a6359e0bec847a0f2abcb347befa893b66621a375a954468a9abb2eb60d93b84cfc89c10d3d7b6c10e17b4749f0b17c00e2f4bb9a6140d4f88f17f39c998386d572498b0fae0cd8f551a1d9842554356bb8e4263d24b090e1fb16f6a42c4214b906fa4cd4291051e844ba2ca3fd566a1a99ff21608350696112ed4fdca7f281d319ad6c05e8c531fe197578e834976d2e062b86b3f6fad257f8ec6bfedeca0ac22af42b03bbbcd37908de940609edd750dd3ca20c8c760f6259a2db5732611d9fd5ee3e58d7afa1e4fcd8c724468b5f4671e1b26c82c816b122710d599b0c7ce612f86867972ca59ad2b68609ca0714f648008af867a3c661601d9badfbc29cfc6f4185cac2a388e8a33a9ef44ccf5229a74fba8a0389275dcffcc17e2332ab8ac83083a373de2873f47e5a1f0e924b55f3f7c5216b9964c11f58981ebf53e23a92ddfa290027220e5f7b48c8bed6d9493325bf8cde6135aabf571120da9c00977767e4d838020898867a744b5bc3cc25fb7d3b66354db864a38cb66a2b5d52222e12eff05d116a13139a318d47b125378ca4e795b75d2bcceac63b33e7057a5ad39bbdbd0688d45345674bec66eea52347d7251484b22b3abac0616460e957d2d3986d267503cd13867947b6cc7b517dfdd0f710a2991b067059e26105c439483dd36c4537d7bb45a94d8882a4c1c95efe7534bcc184dc598e4026f10fee594b9d637041002343528ec8b2c5a27ba2badd5fffaf02a123b0d1f3edf97ac5b939b815198888ebf17a9263d7b94f291e294a3502cb86a4ed7d9c08d953c72e5abd4fac7e792e1fec4d42cb968446583236337a5d6f05e9786758f9b5c12d34713ca213e488d47f53e176f4d301c86d5366b81adc8e2c7e8da254b43081de1410c8aebc8b79e1a25d9ae0ebd6a61ca85d3517e9ac5031320afa2b0737ca10ce86988118b395a190537c6dc44a60871d70333efad8e16d9769cf6a3b0c772f7aa7ac1e94ab4f24d59a6ff5e6635ebaca04f1d1f4f8f076de65df00d556efa84e4f6b2a6ad5dfd5d397357ce94117f872f34073c4866240092eb332144c664daf84f4522a79ef7994fde438224730dee63f3687406ffdb70f859df46920e427bf1b78a81bb8d75fa485208898173385d90b2a1b6b829c509f9c14eca0bd73c5cc103121b29d99f72b3fbf342212a45bdc25a2bedaa5e51df5814c6ade799146e254a277b8451f128dd21ba1f6ee0190805d198c5d9ee712fbdc23dd3772f63374f81b973cbe4f6c55f28120aed43e142a6a03c073def71245647df2780a95fafee3f0121212ad7854406a7573d0f6a1ea17b9bd41a592f7d73a12d47ee524fd87b4e89a23d311e47530ef49de87683bfb9fa22a59fae19cdd3a3efcab518fbb0ded3203c0e55602e0f1797a32629ea0ce86db0f12008d3d01a082fbb71c291d73ccc6db30818dea145c741b7d01b255f3d3cccc783efda2a4cfb8a59986a71936b912cff566e40084220b173c20ec60783d1948a02b5a717baaf6796bfa1df8be2148fe87b0b9730be44661742362358f2a0fa7556f5e1ed384cd005a142192b527c3052e1ba50961470f151ca41b0ce89c3101776747c1353ea30e8ef068c64aba162fa6e626d303756f87b5f1c220529d42519a0744f459d28e8afa019b6d6ee7b9af3fed0d17ff93a74988fc50ed2d34166b6f811897f0bb99632a35fd2a1227bacda1c979114ab8b007a77fae9150ee6d0276b10090711884a47960667d4bc44e5fb6d3db83fa771b2ad3526d371942051caf1116880cdb1d80b1fc736c276607f4c3a8a21d907e0e464518a3468ea70ac1b412ee2454e4c7b028f5302cfda0f26078c763d33d14c59f09f741721e278a07c7e6ddc3666423e16d2bc93bafe367831e80012e09b027dfbb83f38febff940c85eaf1c2a2bf165baddb7111ba847d392045e8f31cb8bdf0478bf308d1ecaf03742cd3b48eff3c793601cbdb2861454db94ec7eb4756c73b26c27542d174d581b14236c67017610f4428b68e3083bff4ef33fe70341907b19c9e5d779210a69454250a02984cfd85c21a433342cfacceb08f94a6690b5c8f522cc67e882cb4186b89dc74ee6e95e87a9eb3228a6c86aac1c61e5583f2393278b87490e74e84c23eade621e8786a9434684d6c1a0954182f5d896ac876509050a79e5e84e1244899559f7958a3528c2c69152afb76412e94c6f66454442da53790302ccc9fca4c5b5964410e7c1071f098b24e5f502a4b"}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) socket$unix(0x1, 0x0, 0x0) r1 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f00001f6000-0x17)='/selinux/validatetrans\x00', 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000ec0000-0xc)={0x6, r0, 0xfffffffffffffffe}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000020f000-0x74)=[@in={0x2, 0x1, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6={0xa, 0x0, 0x3ff, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @broadcast=0xffffffff}, 0x0}, @in6={0xa, 0x1, 0x8001, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x3}, @in={0x2, 0x2, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6={0xa, 0x3, 0x2, @loopback={0x0, 0x1}, 0x6}], 0x74) ioctl$KDADDIO(r2, 0x4b34, 0x3cb56ceb) 2018/01/17 19:08:03 executing program 1: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockname$ipx(r0, &(0x7f00008bc000)={0x0, 0x0, 0x0, ""/6, 0x0, 0x0}, &(0x7f0000001000-0x4)=0x10) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) r2 = open(&(0x7f0000385000-0x8)='./file0\x00', 0x2000, 0x20) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000e2000-0x10)=@common='bond0\x00') ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000166000-0x10)={0x7, &(0x7f0000fa4000-0x40c)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, ""/128}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, ""/128}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, ""/128}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, ""/128}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, ""/128}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, ""/128}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, ""/128}]}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00007db000)=@ioapic={0x0, 0x9f, 0x8, 0x4, 0x0, [{0xffff, 0x3, 0x7, [0x0, 0x0, 0x0, 0x0], 0x3}, {0xfff, 0x1, 0xfff, [0x0, 0x0, 0x0, 0x0], 0x1}, {0x1, 0x4841, 0x7, [0x0, 0x0, 0x0, 0x0], 0x9}, {0x2, 0x5cf6, 0x3, [0x0, 0x0, 0x0, 0x0], 0x100}, {0xe23, 0x7, 0x8001, [0x0, 0x0, 0x0, 0x0], 0x10001}, {0x2, 0x80000001, 0x7, [0x0, 0x0, 0x0, 0x0], 0xfffffffffffffffb}, {0x8000, 0x0, 0xd172, [0x0, 0x0, 0x0, 0x0], 0x7}, {0x6f, 0x81, 0x3, [0x0, 0x0, 0x0, 0x0], 0x5}, {0x8, 0x9, 0x1, [0x0, 0x0, 0x0, 0x0], 0x24000000000}, {0x2, 0x5, 0x800, [0x0, 0x0, 0x0, 0x0], 0x10001}, {0x8, 0x1, 0xf8af, [0x0, 0x0, 0x0, 0x0], 0x6}, {0x10000, 0x8, 0xe67, [0x0, 0x0, 0x0, 0x0], 0xfffffffffffff801}, {0x5, 0x100000001, 0x10ca, [0x0, 0x0, 0x0, 0x0], 0x4}, {0x7f, 0x8, 0x9, [0x0, 0x0, 0x0, 0x0], 0x7ff}, {0x80000000, 0x7, 0x68e, [0x0, 0x0, 0x0, 0x0], 0xffff}, {0x400, 0x3, 0x3, [0x0, 0x0, 0x0, 0x0], 0x200}, {0x3, 0x100000000, 0x9, [0x0, 0x0, 0x0, 0x0], 0xc1d}, {0x0, 0x39, 0x80, [0x0, 0x0, 0x0, 0x0], 0x2}, {0x0, 0x8, 0x2, [0x0, 0x0, 0x0, 0x0], 0xfffffffffffffff7}, {0x1, 0x74e9de42, 0x3, [0x0, 0x0, 0x0, 0x0], 0xfde}, {0x1, 0x401, 0x8, [0x0, 0x0, 0x0, 0x0], 0x81}, {0x5, 0x5, 0xccc2, [0x0, 0x0, 0x0, 0x0], 0x401}, {0x765, 0x401, 0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0], 0x2}, {0x0, 0x100000001, 0x7, [0x0, 0x0, 0x0, 0x0], 0x3}]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000eb1000-0x4c)={0x5, 0x2, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r3 = add_key(&(0x7f0000d33000-0x6)='rxrpc\x00', &(0x7f00003fe000-0x5)={0x73, 0x79, 0x7a, 0x2, 0x0}, &(0x7f0000e4e000)="", 0x0, 0xfffffffffffffffe) r4 = add_key$keyring(&(0x7f0000f09000-0x8)='keyring\x00', &(0x7f00006f2000)={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x0, 0x0, 0x0) ioctl$sock_netrom_TIOCOUTQ(r2, 0x5411, &(0x7f00005ce000-0x4)=0x0) keyctl$link(0x8, r3, r4) 2018/01/17 19:08:03 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:08:03 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r0 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:03 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:08:03 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00005c8000-0x9)='/dev/dsp\x00', 0x0, 0x0) getsockname$inet6(r0, &(0x7f0000b29000)={0x0, 0xffffffffffffffff, 0x0, @local={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0x0}, &(0x7f00005d5000)=0x1c) socket$nfc_raw(0x27, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) 2018/01/17 19:08:03 executing program 2 (fault-call:2 fault-nth:0): mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:03 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r0 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:03 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:03 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:03 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00004dc000-0x12)='/dev/loop-control\x00', 0x18bc3f, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000d97000-0x10)={0x1, 0x28, &(0x7f00007fd000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000122000)={r1, 0x8, 0x8}, 0xc) pipe(&(0x7f00009a6000)={0x0, 0x0}) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000e38000)=0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 2018/01/17 19:08:03 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000d59000-0xb)='/dev/audio\x00', 0x80003, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f000096e000)=""/26) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c81, r2) accept$llc(r1, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000019d000-0x4)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) eventfd(0x3) 2018/01/17 19:08:03 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0x3, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000f27000-0xe)='/selinux/load\x00', 0x2, 0x0) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00002db000+0xa19)=0x7, &(0x7f0000ab9000)=0x2) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f000011e000-0x4)=0x0) 2018/01/17 19:08:03 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeb000-0xa)='/dev/ptmx\x00', 0x840000000000801, 0x0) sendfile(r1, r0, &(0x7f00000d1000-0x8)=0x0, 0x8000fffffffe) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 2018/01/17 19:08:03 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x40002, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:03 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$nfc_raw(0x27, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_extract_tcp_res$synack(&(0x7f0000df6000)={0x0, 0x0}, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000771000-0x8)={0x0, 0x0}, &(0x7f0000c40000)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000918000)={r2, @in={{0x2, 0x2, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, &(0x7f0000a1e000)=0x8c) 2018/01/17 19:08:03 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:03 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c81, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f00003b4000-0xe)='/selinux/user\x00', 0x2, 0x0) syz_open_dev$loop(&(0x7f00007d3000)='/dev/loop#\x00', 0x0, 0x0) r0 = syz_open_dev$admmidi(&(0x7f000032e000+0xe52)='/dev/admmidi#\x00', 0xffff, 0x105400) bpf$MAP_CREATE(0x0, &(0x7f0000163000)={0x2000000, 0x0, 0x0, 0x0, 0x1, r0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1f) 2018/01/17 19:08:03 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000b21000)={@generic="82d52ad0503d65f3d19100e265238cf6", @ifru_addrs={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) accept$llc(0xffffffffffffffff, &(0x7f0000dd7000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f000061a000)=0x10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) 2018/01/17 19:08:03 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x0, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000184000)='./file0\x00', &(0x7f000053a000-0x14)=@known='security.capability\x00') clone(0x200, &(0x7f0000f4b000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f00000d5000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00003c9000)='./file0\x00', &(0x7f0000eeb000)=[], &(0x7f00006fd000-0x10)=[]) r0 = syz_open_procfs(0x0, &(0x7f0000889000-0x8)='syscall\x00') sendfile(r0, r0, &(0x7f000079c000)=0x0, 0x7ff) open$dir(&(0x7f00003e9000-0x8)='./file0\x00', 0x1, 0x0) 2018/01/17 19:08:03 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004000)={0x0, 0x0, &(0x7f000002a000)=[], 0x0, 0x0, &(0x7f0000005000)=""}) fstat(0xffffffffffffffff, &(0x7f0000919000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000389000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f000030a000)='/selinux/status\x00', 0x0, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r2, 0x111, 0x5, 0x7, 0x4) setsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f00008b7000-0x2)=0x0, 0x2) setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f00009bb000-0x88)={0x1800000000000000, {{0xa, 0x1, 0xffffffff, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0xffffffff}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x88) bind$llc(r2, &(0x7f0000fa0000)={0x1a, 0xc, 0x8001, 0x7, 0x0, 0x3ff, @random="598243be47f2", [0x0, 0x0]}, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r2, 0xc08c5334, &(0x7f000053c000-0x8c)={0x10001, 0x5, 0x2, 'queue1\x00', 0x8001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f00006ac000-0x8)={0x6, 0x3}) setsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000186000)=0x3, 0x1) [ 491.417076] ================================================================== [ 491.425388] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 491.432131] Read of size 8 at addr ffff8801bbb43340 by task blkid/24268 [ 491.438868] [ 491.440495] CPU: 0 PID: 24268 Comm: blkid Not tainted 4.15.0-rc8+ #265 [ 491.447147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.456495] Call Trace: [ 491.459075] dump_stack+0x194/0x257 [ 491.462711] ? arch_local_irq_restore+0x53/0x53 [ 491.467368] ? show_regs_print_info+0x18/0x18 [ 491.471842] ? kfree_const+0x31/0x40 [ 491.475532] ? disk_unblock_events+0x51/0x60 [ 491.479916] print_address_description+0x73/0x250 [ 491.485339] ? disk_unblock_events+0x51/0x60 [ 491.490853] kasan_report+0x25b/0x340 [ 491.494628] __asan_report_load8_noabort+0x14/0x20 [ 491.499531] disk_unblock_events+0x51/0x60 [ 491.503742] __blkdev_get+0x869/0x10e0 [ 491.507612] ? __blkdev_put+0x7f0/0x7f0 [ 491.511568] blkdev_get+0x3a1/0xad0 [ 491.515174] ? bd_link_disk_holder+0x8b0/0x8b0 [ 491.519729] ? do_raw_spin_trylock+0x190/0x190 [ 491.524286] ? errseq_sample+0xee/0x140 [ 491.528234] ? _copy_to_user+0xc0/0xc0 [ 491.532101] ? _raw_spin_unlock+0x22/0x30 [ 491.536227] blkdev_open+0x1c9/0x250 [ 491.539913] ? security_file_open+0x89/0x190 [ 491.544296] do_dentry_open+0x667/0xd40 [ 491.548244] ? bd_acquire+0x2c0/0x2c0 [ 491.552033] vfs_open+0x107/0x220 [ 491.555472] path_openat+0x1151/0x3530 [ 491.559346] ? path_lookupat+0xba0/0xba0 [ 491.563382] ? lock_downgrade+0x980/0x980 [ 491.567502] ? do_sys_open+0x2e7/0x6d0 [ 491.571373] ? find_held_lock+0x35/0x1d0 [ 491.575406] ? do_raw_spin_trylock+0x190/0x190 [ 491.579962] ? __lock_is_held+0xb6/0x140 [ 491.584002] ? _find_next_bit+0xee/0x120 [ 491.588051] ? _raw_spin_unlock+0x22/0x30 [ 491.592175] ? __alloc_fd+0x29b/0x750 [ 491.596050] do_filp_open+0x25b/0x3b0 [ 491.600520] ? may_open_dev+0xe0/0xe0 [ 491.604314] ? mpi_resize+0x200/0x200 [ 491.608093] ? get_unused_fd_flags+0x121/0x190 [ 491.612650] ? getname_flags+0x256/0x580 [ 491.617047] do_sys_open+0x502/0x6d0 [ 491.621425] ? do_sys_open+0x502/0x6d0 [ 491.625290] ? filp_open+0x70/0x70 [ 491.628803] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 491.633624] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 491.638634] SyS_open+0x2d/0x40 [ 491.641888] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 491.646618] RIP: 0033:0x7fe8196b7120 [ 491.650306] RSP: 002b:00007fff5aee5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 491.657988] RAX: ffffffffffffffda RBX: 00007fe819b9887c RCX: 00007fe8196b7120 [ 491.665232] RDX: 00007fff5aee7f43 RSI: 0000000000000000 RDI: 00007fff5aee7f43 [ 491.672478] RBP: 00007fff5aee7f3b R08: 0000000000000078 R09: 0000000000000000 [ 491.679718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403738 [ 491.686961] R13: 0000000000000001 R14: 0000000000000000 R15: 00007fe81998da20 [ 491.694219] [ 491.695818] Allocated by task 24259: [ 491.699508] save_stack+0x43/0xd0 [ 491.702935] kasan_kmalloc+0xad/0xe0 [ 491.706625] kmem_cache_alloc_node_trace+0x150/0x750 [ 491.711708] __alloc_disk_node+0xb4/0x4e0 [ 491.715824] loop_add+0x44c/0xa70 [ 491.719250] loop_control_ioctl+0x129/0x490 [ 491.723550] do_vfs_ioctl+0x1b1/0x1520 [ 491.727409] SyS_ioctl+0x8f/0xc0 [ 491.730748] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 491.735473] [ 491.737080] Freed by task 24268: [ 491.740416] save_stack+0x43/0xd0 [ 491.743838] kasan_slab_free+0x71/0xc0 [ 491.747693] kfree+0xd6/0x260 [ 491.750779] disk_release+0x327/0x410 [ 491.754551] device_release+0x7c/0x210 [ 491.758407] kobject_put+0x14c/0x250 [ 491.762090] put_disk+0x23/0x30 [ 491.765343] __blkdev_get+0x7c9/0x10e0 [ 491.769199] blkdev_get+0x3a1/0xad0 [ 491.772798] blkdev_open+0x1c9/0x250 [ 491.776482] do_dentry_open+0x667/0xd40 [ 491.780428] vfs_open+0x107/0x220 [ 491.783853] path_openat+0x1151/0x3530 [ 491.787711] do_filp_open+0x25b/0x3b0 [ 491.791481] do_sys_open+0x502/0x6d0 [ 491.795169] SyS_open+0x2d/0x40 [ 491.798424] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 491.803146] [ 491.804749] The buggy address belongs to the object at ffff8801bbb42dc0 [ 491.804749] which belongs to the cache kmalloc-2048 of size 2048 [ 491.817549] The buggy address is located 1408 bytes inside of [ 491.817549] 2048-byte region [ffff8801bbb42dc0, ffff8801bbb435c0) [ 491.829563] The buggy address belongs to the page: [ 491.834464] page:ffffea0006eed080 count:1 mapcount:0 mapping:ffff8801bbb42540 index:0xffff8801bbb42540 compound_mapcount: 0 [ 491.845704] flags: 0x2fffc0000008100(slab|head) [ 491.850343] raw: 02fffc0000008100 ffff8801bbb42540 ffff8801bbb42540 0000000100000002 [ 491.858195] raw: ffffea00070544a0 ffffea0007511d20 ffff8801dac00c40 0000000000000000 [ 491.866046] page dumped because: kasan: bad access detected [ 491.873752] [ 491.875956] Memory state around the buggy address: [ 491.882071] ffff8801bbb43200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 491.889401] ffff8801bbb43280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 491.896731] >ffff8801bbb43300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 491.904058] ^ [ 491.909476] ffff8801bbb43380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 491.916815] ffff8801bbb43400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 491.924160] ================================================================== [ 491.931502] Disabling lock debugging due to kernel taint [ 491.937055] Kernel panic - not syncing: panic_on_warn set ... [ 491.937055] [ 491.944933] CPU: 0 PID: 24268 Comm: blkid Tainted: G B 4.15.0-rc8+ #265 [ 491.955940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.966691] Call Trace: [ 491.969273] dump_stack+0x194/0x257 [ 491.972907] ? arch_local_irq_restore+0x53/0x53 [ 491.977560] ? kasan_end_report+0x32/0x50 [ 491.981698] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 491.986450] ? vsnprintf+0x1ed/0x1900 [ 491.990246] ? del_gendisk+0xa40/0xa40 [ 491.994132] panic+0x1e4/0x41c [ 491.997323] ? refcount_error_report+0x214/0x214 [ 492.002069] ? add_taint+0x1c/0x50 [ 492.005601] ? add_taint+0x1c/0x50 [ 492.009142] ? disk_unblock_events+0x51/0x60 [ 492.013548] kasan_end_report+0x50/0x50 [ 492.017512] kasan_report+0x144/0x340 [ 492.021306] __asan_report_load8_noabort+0x14/0x20 [ 492.026224] disk_unblock_events+0x51/0x60 [ 492.030450] __blkdev_get+0x869/0x10e0 [ 492.034340] ? __blkdev_put+0x7f0/0x7f0 [ 492.038321] blkdev_get+0x3a1/0xad0 [ 492.041942] ? bd_link_disk_holder+0x8b0/0x8b0 [ 492.046509] ? do_raw_spin_trylock+0x190/0x190 [ 492.051075] ? errseq_sample+0xee/0x140 [ 492.055036] ? _copy_to_user+0xc0/0xc0 [ 492.058913] ? _raw_spin_unlock+0x22/0x30 [ 492.063047] blkdev_open+0x1c9/0x250 [ 492.066749] ? security_file_open+0x89/0x190 [ 492.071147] do_dentry_open+0x667/0xd40 [ 492.075106] ? bd_acquire+0x2c0/0x2c0 [ 492.078911] vfs_open+0x107/0x220 [ 492.082366] path_openat+0x1151/0x3530 [ 492.086255] ? path_lookupat+0xba0/0xba0 [ 492.090305] ? lock_downgrade+0x980/0x980 [ 492.094457] ? do_sys_open+0x2e7/0x6d0 [ 492.098348] ? find_held_lock+0x35/0x1d0 [ 492.102404] ? do_raw_spin_trylock+0x190/0x190 [ 492.106981] ? __lock_is_held+0xb6/0x140 [ 492.111034] ? _find_next_bit+0xee/0x120 [ 492.115091] ? _raw_spin_unlock+0x22/0x30 [ 492.119227] ? __alloc_fd+0x29b/0x750 [ 492.123024] do_filp_open+0x25b/0x3b0 [ 492.126816] ? may_open_dev+0xe0/0xe0 [ 492.130619] ? mpi_resize+0x200/0x200 [ 492.134416] ? get_unused_fd_flags+0x121/0x190 [ 492.141079] ? getname_flags+0x256/0x580 [ 492.145136] do_sys_open+0x502/0x6d0 [ 492.148850] ? do_sys_open+0x502/0x6d0 [ 492.152741] ? filp_open+0x70/0x70 [ 492.156271] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 492.161120] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 492.166140] SyS_open+0x2d/0x40 [ 492.170144] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 492.174902] RIP: 0033:0x7fe8196b7120 [ 492.178610] RSP: 002b:00007fff5aee5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 492.186313] RAX: ffffffffffffffda RBX: 00007fe819b9887c RCX: 00007fe8196b7120 [ 492.193572] RDX: 00007fff5aee7f43 RSI: 0000000000000000 RDI: 00007fff5aee7f43 [ 492.200832] RBP: 00007fff5aee7f3b R08: 0000000000000078 R09: 0000000000000000 [ 492.208089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403738 [ 492.215352] R13: 0000000000000001 R14: 0000000000000000 R15: 00007fe81998da20 [ 492.223089] Dumping ftrace buffer: [ 492.226608] (ftrace buffer empty) [ 492.230289] Kernel Offset: disabled [ 492.233885] Rebooting in 86400 seconds..