binder: undelivered TRANSACTION_ERROR: 29189
QAT: Invalid ioctl

============================================
WARNING: possible recursive locking detected
4.15.0+ #291 Not tainted
--------------------------------------------
syz-executor0/23366 is trying to acquire lock:
 (&mm->mmap_sem){++++}, at: [<00000000163f4292>] __get_user_pages_locked mm/gup.c:909 [inline]
 (&mm->mmap_sem){++++}, at: [<00000000163f4292>] get_user_pages_unlocked+0x218/0x4f0 mm/gup.c:990

but task is already holding lock:
 (&mm->mmap_sem){++++}, at: [<0000000000152da6>] get_user_pages_unlocked+0xff/0x4f0 mm/gup.c:989

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&mm->mmap_sem);
  lock(&mm->mmap_sem);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor0/23366:
 #0:  (&vcpu->mutex){+.+.}, at: [<00000000c87d1e64>] vcpu_load+0x1c/0x70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:158
 #1:  (&kvm->srcu){....}, at: [<0000000095f8ed2b>] vcpu_enter_guest arch/x86/kvm/x86.c:7064 [inline]
 #1:  (&kvm->srcu){....}, at: [<0000000095f8ed2b>] vcpu_run arch/x86/kvm/x86.c:7143 [inline]
 #1:  (&kvm->srcu){....}, at: [<0000000095f8ed2b>] kvm_arch_vcpu_ioctl_run+0x1b11/0x5bf0 arch/x86/kvm/x86.c:7310
 #2:  (&mm->mmap_sem){++++}, at: [<0000000000152da6>] get_user_pages_unlocked+0xff/0x4f0 mm/gup.c:989

stack backtrace:
CPU: 0 PID: 23366 Comm: syz-executor0 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_deadlock_bug kernel/locking/lockdep.c:1761 [inline]
 check_deadlock kernel/locking/lockdep.c:1805 [inline]
 validate_chain kernel/locking/lockdep.c:2401 [inline]
 __lock_acquire+0xe8f/0x3e00 kernel/locking/lockdep.c:3431
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
 down_read+0x96/0x150 kernel/locking/rwsem.c:24
 __get_user_pages_locked mm/gup.c:909 [inline]
 get_user_pages_unlocked+0x218/0x4f0 mm/gup.c:990
 hva_to_pfn_slow arch/x86/kvm/../../../virt/kvm/kvm_main.c:1388 [inline]
 hva_to_pfn arch/x86/kvm/../../../virt/kvm/kvm_main.c:1493 [inline]
 __gfn_to_pfn_memslot+0x386/0xf80 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1549
 try_async_pf+0x13b/0xc40 arch/x86/kvm/mmu.c:3802
 tdp_page_fault+0x40a/0xa70 arch/x86/kvm/mmu.c:3898
 kvm_mmu_page_fault+0x10d/0x2f0 arch/x86/kvm/mmu.c:4928
 handle_ept_violation+0x198/0x550 arch/x86/kvm/vmx.c:6550
 vmx_handle_exit+0x25d/0x1ce0 arch/x86/kvm/vmx.c:8893
 vcpu_enter_guest arch/x86/kvm/x86.c:7081 [inline]
 vcpu_run arch/x86/kvm/x86.c:7143 [inline]
 kvm_arch_vcpu_ioctl_run+0x1c69/0x5bf0 arch/x86/kvm/x86.c:7310
 kvm_vcpu_ioctl+0x64c/0x1010 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2564
 vfs_ioctl fs/ioctl.c:46 [inline]
 do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f1dfbf29c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1dfbf284d0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000018
RBP: 0000000020844800 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 000000000000001b
R13: 0000000020841000 R14: 00007f1dfbf2a6d4 R15: 0000000000000018
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2127 sclass=netlink_route_socket pig=23402 comm=syz-executor3
rfkill: input handler disabled
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2127 sclass=netlink_route_socket pig=23412 comm=syz-executor3
rfkill: input handler enabled
netlink: 'syz-executor6': attribute type 1 has an invalid length.
netlink: 'syz-executor6': attribute type 1 has an invalid length.
netlink: 'syz-executor6': attribute type 1 has an invalid length.
netlink: 'syz-executor6': attribute type 1 has an invalid length.
netlink: 'syz-executor6': attribute type 1 has an invalid length.
netlink: 'syz-executor6': attribute type 1 has an invalid length.
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=40 sclass=netlink_tcpdiag_socket pig=23613 comm=syz-executor3
netlink: 'syz-executor6': attribute type 1 has an invalid length.
netlink: 'syz-executor6': attribute type 1 has an invalid length.
kauditd_printk_skb: 46 callbacks suppressed
audit: type=1326 audit(1517529904.138:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.138:1542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.175:1543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40d591 code=0x7ffc0000
audit: type=1326 audit(1517529904.175:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.176:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=55 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.176:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.177:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.179:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=55 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.179:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000
audit: type=1326 audit(1517529904.179:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23661 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000
binder: 23816:23819 ERROR: BC_REGISTER_LOOPER called without request
binder: 23819 RLIMIT_NICE not set
binder: 23816:23819 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 23983 Comm: syz-executor6 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc_node mm/slab.c:3285 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3628
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046
 __sys_sendmsg+0xe5/0x210 net/socket.c:2080
 SYSC_sendmsg net/socket.c:2091 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2087
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f98cf2dac58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f98cf2daaa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000020005000 RDI: 0000000000000013
RBP: 00007f98cf2daa90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f98cf2dabc8 R14: 00000000004b8096 R15: 0000000000000000
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=32 sclass=netlink_tcpdiag_socket pig=24109 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=32 sclass=netlink_tcpdiag_socket pig=24113 comm=syz-executor6
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 24232 Comm: syz-executor4 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc mm/slab.c:3364 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3538
 create_nsproxy kernel/nsproxy.c:53 [inline]
 create_new_namespaces+0x88/0x880 kernel/nsproxy.c:71
 SYSC_setns kernel/nsproxy.c:254 [inline]
 SyS_setns+0x1b3/0x2d0 kernel/nsproxy.c:237
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fd28c5dfc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000134
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 00000000000004c3 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f62e8
R13: 00000000ffffffff R14: 000000000071bef8 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 24666 Comm: syz-executor3 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc mm/slab.c:3364 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3538
 __split_vma+0x10b/0x7b0 mm/mmap.c:2564
 split_vma+0x8f/0xc0 mm/mmap.c:2627
 mprotect_fixup+0x47a/0x640 mm/mprotect.c:353
 do_mprotect_pkey+0x57d/0x900 mm/mprotect.c:497
 SYSC_mprotect mm/mprotect.c:522 [inline]
 SyS_mprotect+0x2a/0x40 mm/mprotect.c:519
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f253d52ac58 EFLAGS: 00000212 ORIG_RAX: 000000000000000a
RAX: ffffffffffffffda RBX: 00007f253d52aaa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000020268000
RBP: 00007f253d52aa90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f253d52abc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 24694 Comm: syz-executor3 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc mm/slab.c:3364 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3538
 __split_vma+0x10b/0x7b0 mm/mmap.c:2564
 split_vma+0x8f/0xc0 mm/mmap.c:2627
 mprotect_fixup+0x3f5/0x640 mm/mprotect.c:359
 do_mprotect_pkey+0x57d/0x900 mm/mprotect.c:497
 SYSC_mprotect mm/mprotect.c:522 [inline]
 SyS_mprotect+0x2a/0x40 mm/mprotect.c:519
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f253d52ac58 EFLAGS: 00000212 ORIG_RAX: 000000000000000a
RAX: ffffffffffffffda RBX: 00007f253d52aaa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000020268000
RBP: 00007f253d52aa90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f253d52abc8 R14: 00000000004b8096 R15: 0000000000000000
handle_userfault: 80 callbacks suppressed
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 24925 Comm: syz-executor0 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
FAULT_FLAG_ALLOW_RETRY missing 30
 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430
 do_anonymous_page mm/memory.c:3153 [inline]
 handle_pte_fault mm/memory.c:3967 [inline]
 __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093
 handle_mm_fault+0x38f/0x930 mm/memory.c:4130
 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426
 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501
 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1261
RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline]
RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421
RSP: 0018:ffff8801be807928 EFLAGS: 00010246
RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff825adc81
RDX: 00000000000000c3 RSI: ffffc900023cb000 RDI: ffff8801be807d28
RBP: ffff8801be807a08 R08: 1ffff10037f934f2 R09: 1ffff10037d00f1a
R10: ffff8801be807858 R11: ffffffff88147088 R12: 1ffff10037d00f28
R13: ffff8801be8079e0 R14: 0000000000000000 R15: ffff8801be807d20
 generic_perform_write+0x200/0x600 mm/filemap.c:3128
 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263
 generic_file_write_iter+0x399/0x790 mm/filemap.c:3291
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f1dfbf6cc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f1dfbf6d700 RCX: 0000000000453299
RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a2f33f R14: 00007f1dfbf6d9c0 R15: 0000000000000000
CPU: 0 PID: 24930 Comm: syz-executor1 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430
FAULT_FLAG_ALLOW_RETRY missing 30
 do_anonymous_page mm/memory.c:3153 [inline]
 handle_pte_fault mm/memory.c:3967 [inline]
 __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093
 handle_mm_fault+0x38f/0x930 mm/memory.c:4130
 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426
 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501
 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1261
RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline]
RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421
RSP: 0018:ffff8801cdc6f928 EFLAGS: 00010246
RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff825adc81
RDX: 0000000000000100 RSI: ffffc90003166000 RDI: ffff8801cdc6fd28
RBP: ffff8801cdc6fa08 R08: 0000000000000000 R09: 1ffff10039b8ded1
R10: ffff8801cdc6f858 R11: ffff8801afb6e6d0 R12: 1ffff10039b8df28
R13: ffff8801cdc6f9e0 R14: 0000000000000000 R15: ffff8801cdc6fd20
 generic_perform_write+0x200/0x600 mm/filemap.c:3128
 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263
 generic_file_write_iter+0x399/0x790 mm/filemap.c:3291
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f967c35ac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015
RBP: 00000000000003d6 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4cb0
R13: 00000000ffffffff R14: 00007f967c35b6d4 R15: 0000000000000000
CPU: 1 PID: 24965 Comm: syz-executor0 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430
FAULT_FLAG_ALLOW_RETRY missing 30
 do_anonymous_page mm/memory.c:3153 [inline]
 handle_pte_fault mm/memory.c:3967 [inline]
 __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093
 handle_mm_fault+0x38f/0x930 mm/memory.c:4130
 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426
 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501
 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1261
RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline]
RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421
RSP: 0018:ffff8801c2027928 EFLAGS: 00010246
RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff825adc81
RDX: 00000000000000c3 RSI: ffffc900023cb000 RDI: ffff8801c2027d28
RBP: ffff8801c2027a08 R08: 1ffff10037f934f2 R09: 1ffff10038404f1a
R10: ffff8801c2027858 R11: ffffffff88147088 R12: 1ffff10038404f28
R13: ffff8801c20279e0 R14: 0000000000000000 R15: ffff8801c2027d20
 generic_perform_write+0x200/0x600 mm/filemap.c:3128
 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263
 generic_file_write_iter+0x399/0x790 mm/filemap.c:3291
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f1dfbf6cc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014
RBP: 0000000000000069 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006efa78
R13: 00000000ffffffff R14: 00007f1dfbf6d6d4 R15: 0000000000000000
CPU: 0 PID: 24966 Comm: syz-executor5 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430
 do_anonymous_page mm/memory.c:3153 [inline]
 handle_pte_fault mm/memory.c:3967 [inline]
 __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093
 handle_mm_fault+0x38f/0x930 mm/memory.c:4130
 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426
 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501
 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1261
RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline]
RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421
RSP: 0018:ffff8801ce69f928 EFLAGS: 00010246
RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff825adc81
RDX: 00000000000000c3 RSI: ffffc90004111000 RDI: ffff8801ce69fd28
RBP: ffff8801ce69fa08 R08: 1ffff10036f75d4a R09: 1ffff10039cd3f1a
R10: ffff8801ce69f858 R11: ffffffff88147088 R12: 1ffff10039cd3f28
R13: ffff8801ce69f9e0 R14: 0000000000000000 R15: ffff8801ce69fd20
 generic_perform_write+0x200/0x600 mm/filemap.c:3128
 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263
 generic_file_write_iter+0x399/0x790 mm/filemap.c:3291
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f548b60ac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015
RBP: 0000000000000069 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006efa78
R13: 00000000ffffffff R14: 00007f548b60b6d4 R15: 0000000000000000
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 24995 Comm: syz-executor2 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430
 do_anonymous_page mm/memory.c:3153 [inline]
 handle_pte_fault mm/memory.c:3967 [inline]
 __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093
 handle_mm_fault+0x38f/0x930 mm/memory.c:4130
 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426
 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501
 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1261
RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline]
RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421
RSP: 0018:ffff8801ce69f928 EFLAGS: 00010246
RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff825adc81
RDX: 00000000000000c3 RSI: ffffc90001456000 RDI: ffff8801ce69fd28
RBP: ffff8801ce69fa08 R08: 1ffff100362ee55a R09: 1ffff10039cd3f1a
R10: ffff8801ce69f858 R11: ffffffff88147088 R12: 1ffff10039cd3f28
R13: ffff8801ce69f9e0 R14: 0000000000000000 R15: ffff8801ce69fd20
 generic_perform_write+0x200/0x600 mm/filemap.c:3128
 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263
 generic_file_write_iter+0x399/0x790 mm/filemap.c:3291
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fc3579f6c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014
RBP: 0000000000000069 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006efa78
R13: 00000000ffffffff R14: 00007fc3579f76d4 R15: 0000000000000000
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 25003 Comm: syz-executor0 Not tainted 4.15.0+ #291
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430
FAULT_FLAG_ALLOW_RETRY missing 30
 do_anonymous_page mm/memory.c:3153 [inline]
 handle_pte_fault mm/memory.c:3967 [inline]
 __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093