llocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0), 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1019.600824][ T26] audit: type=1804 audit(1568179855.073:2568): pid=20247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/331/file0" dev="sda1" ino=16783 res=1 [ 1019.675178][ T26] audit: type=1800 audit(1568179855.073:2569): pid=20247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16783 res=0 05:30:55 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:30:55 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:30:55 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:30:55 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000240)={r0}) read$char_usb(r0, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) getsockopt(r2, 0x400, 0x20, &(0x7f0000000100)=""/192, &(0x7f00000003c0)=0xc0) 05:30:55 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(0xffffffffffffffff, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1020.549113][T20265] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 05:30:56 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(0xffffffffffffffff, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1020.617596][T20265] CPU: 0 PID: 20265 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1020.626838][T20265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.636996][T20265] Call Trace: [ 1020.640303][T20265] dump_stack+0x172/0x1f0 [ 1020.645088][T20265] dump_header+0x177/0x1152 [ 1020.649607][T20265] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1020.656426][T20265] ? ___ratelimit+0x2c8/0x595 [ 1020.661121][T20265] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1020.666969][T20265] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1020.672274][T20265] ? trace_hardirqs_on+0x67/0x240 [ 1020.677313][T20265] ? pagefault_out_of_memory+0x11c/0x11c [ 1020.682962][T20265] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1020.690275][T20265] ? ___ratelimit+0x60/0x595 [ 1020.694880][T20265] ? do_raw_spin_unlock+0x57/0x270 [ 1020.700184][T20265] oom_kill_process.cold+0x10/0x15 [ 1020.705317][T20265] out_of_memory+0x334/0x1340 [ 1020.710018][T20265] ? lock_downgrade+0x920/0x920 [ 1020.715672][T20265] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1020.722395][T20265] ? oom_killer_disable+0x280/0x280 [ 1020.727623][T20265] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1020.733824][T20265] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1020.739924][T20265] ? do_raw_spin_unlock+0x57/0x270 [ 1020.745050][T20265] ? _raw_spin_unlock+0x2d/0x50 [ 1020.750181][T20265] try_charge+0xf4b/0x1440 [ 1020.754704][T20265] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1020.760351][T20265] ? find_held_lock+0x35/0x130 [ 1020.765772][T20265] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1020.771338][T20265] ? lock_downgrade+0x920/0x920 [ 1020.776204][T20265] ? percpu_ref_tryget_live+0x111/0x290 [ 1020.784142][T20265] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1020.790755][T20265] ? memcg_kmem_put_cache+0x50/0x50 [ 1020.796238][T20265] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1020.801894][T20265] __memcg_kmem_charge+0x13a/0x3a0 [ 1020.807024][T20265] __alloc_pages_nodemask+0x4f7/0x900 [ 1020.812423][T20265] ? stack_trace_consume_entry+0x190/0x190 [ 1020.818346][T20265] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1020.824092][T20265] ? copy_page_range+0xef4/0x1ed0 [ 1020.829164][T20265] ? copy_page_range+0xef4/0x1ed0 [ 1020.834207][T20265] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1020.840550][T20265] alloc_pages_current+0x107/0x210 [ 1020.846309][T20265] pte_alloc_one+0x1b/0x1a0 [ 1020.852396][T20265] __pte_alloc+0x20/0x310 [ 1020.856738][T20265] copy_page_range+0x14da/0x1ed0 [ 1020.861713][T20265] ? pmd_alloc+0x180/0x180 [ 1020.866234][T20265] ? __rb_insert_augmented+0x20c/0xd90 [ 1020.871708][T20265] ? validate_mm_rb+0xa3/0xc0 [ 1020.887538][T20265] ? __vma_link_rb+0x5ad/0x770 [ 1020.892328][T20265] dup_mm+0xa67/0x1430 [ 1020.896434][T20265] ? vm_area_dup+0x170/0x170 [ 1020.901225][T20265] ? debug_mutex_init+0x2d/0x60 [ 1020.906182][T20265] copy_process+0x2671/0x6830 [ 1020.912548][T20265] ? __cleanup_sighand+0x60/0x60 [ 1020.917678][T20265] ? __might_fault+0x12b/0x1e0 [ 1020.922461][T20265] ? __might_fault+0x12b/0x1e0 [ 1020.927337][T20265] _do_fork+0x146/0xfa0 [ 1020.931542][T20265] ? copy_init_mm+0x20/0x20 [ 1020.936066][T20265] ? __kasan_check_read+0x11/0x20 [ 1020.941103][T20265] ? _copy_to_user+0x118/0x160 [ 1020.945888][T20265] __x64_sys_clone+0x1ab/0x270 [ 1020.950799][T20265] ? __ia32_sys_vfork+0xd0/0xd0 [ 1020.955796][T20265] ? do_syscall_64+0x26/0x760 [ 1020.961886][T20265] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1020.967216][T20265] ? trace_hardirqs_on+0x67/0x240 [ 1020.972256][T20265] do_syscall_64+0xfa/0x760 [ 1020.976779][T20265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1020.983369][T20265] RIP: 0033:0x4598e9 [ 1020.987275][T20265] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1021.007152][T20265] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 05:30:56 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(0xffffffffffffffff, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1021.015576][T20265] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1021.023736][T20265] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1021.031723][T20265] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1021.040615][T20265] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1021.049471][T20265] R13: 00000000004bfd7f R14: 00000000004d1b78 R15: 00000000ffffffff 05:30:56 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1021.525707][T20265] memory: usage 307200kB, limit 307200kB, failcnt 45722 [ 1021.533157][T20265] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1021.541995][T20265] Memory cgroup stats for /syz1: [ 1021.542122][T20265] anon 287432704 [ 1021.542122][T20265] file 16707584 [ 1021.542122][T20265] kernel_stack 917504 [ 1021.542122][T20265] slab 5292032 [ 1021.542122][T20265] sock 0 [ 1021.542122][T20265] shmem 0 [ 1021.542122][T20265] file_mapped 16760832 [ 1021.542122][T20265] file_dirty 0 [ 1021.542122][T20265] file_writeback 0 [ 1021.542122][T20265] anon_thp 136314880 [ 1021.542122][T20265] inactive_anon 250650624 [ 1021.542122][T20265] active_anon 1634304 [ 1021.542122][T20265] inactive_file 122880 [ 1021.542122][T20265] active_file 0 [ 1021.542122][T20265] unevictable 52006912 [ 1021.542122][T20265] slab_reclaimable 2027520 [ 1021.542122][T20265] slab_unreclaimable 3264512 [ 1021.542122][T20265] pgfault 928224 [ 1021.542122][T20265] pgmajfault 264 [ 1021.542122][T20265] workingset_refault 72996 [ 1021.542122][T20265] workingset_activate 1848 [ 1021.542122][T20265] workingset_nodereclaim 0 [ 1021.542122][T20265] pgrefill 80715 [ 1021.542122][T20265] pgscan 114377 [ 1021.542122][T20265] pgsteal 80262 [ 1021.830412][T20265] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20246,uid=0 [ 1021.873426][T20265] Memory cgroup out of memory: Killed process 20246 (syz-executor.1) total-vm:72708kB, anon-rss:18016kB, file-rss:53368kB, shmem-rss:0kB, UID:0 pgtables:204800kB oom_score_adj:1000 [ 1021.922643][ T1065] oom_reaper: reaped process 20246 (syz-executor.1), now anon-rss:18224kB, file-rss:54332kB, shmem-rss:0kB 05:30:57 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000240)={r0}) read$char_usb(r0, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) getsockopt(r2, 0x400, 0x20, &(0x7f0000000100)=""/192, &(0x7f00000003c0)=0xc0) 05:30:57 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0), 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:30:57 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:30:57 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:30:57 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:30:57 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:30:58 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:30:58 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:30:58 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1023.183967][T20320] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1023.258597][T20320] CPU: 1 PID: 20320 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1023.267766][T20320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1023.277852][T20320] Call Trace: [ 1023.281167][T20320] dump_stack+0x172/0x1f0 [ 1023.285516][T20320] dump_header+0x177/0x1152 [ 1023.290041][T20320] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1023.299596][T20320] ? ___ratelimit+0x2c8/0x595 [ 1023.304402][T20320] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1023.310316][T20320] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1023.315614][T20320] ? trace_hardirqs_on+0x67/0x240 [ 1023.320684][T20320] ? pagefault_out_of_memory+0x11c/0x11c [ 1023.326361][T20320] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1023.332195][T20320] ? ___ratelimit+0x60/0x595 [ 1023.336808][T20320] ? do_raw_spin_unlock+0x57/0x270 [ 1023.341965][T20320] oom_kill_process.cold+0x10/0x15 [ 1023.347095][T20320] out_of_memory+0x334/0x1340 [ 1023.351788][T20320] ? lock_downgrade+0x920/0x920 [ 1023.356655][T20320] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1023.362469][T20320] ? oom_killer_disable+0x280/0x280 [ 1023.367683][T20320] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1023.373232][T20320] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1023.378873][T20320] ? do_raw_spin_unlock+0x57/0x270 [ 1023.384251][T20320] ? _raw_spin_unlock+0x2d/0x50 [ 1023.389116][T20320] try_charge+0xf4b/0x1440 [ 1023.393545][T20320] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1023.399099][T20320] ? find_held_lock+0x35/0x130 [ 1023.403872][T20320] ? get_mem_cgroup_from_mm+0x139/0x320 05:30:58 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x2, "0afe"}, 0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1023.409432][T20320] ? lock_downgrade+0x920/0x920 [ 1023.414291][T20320] ? percpu_ref_tryget_live+0x111/0x290 [ 1023.419846][T20320] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1023.425307][T20320] ? memcg_kmem_put_cache+0x50/0x50 [ 1023.430512][T20320] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1023.436348][T20320] __memcg_kmem_charge+0x13a/0x3a0 [ 1023.441469][T20320] __alloc_pages_nodemask+0x4f7/0x900 [ 1023.446884][T20320] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1023.453332][T20320] ? mmu_notifier_invalidate_range_start+0x95/0x110 [ 1023.459945][T20320] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1023.466198][T20320] alloc_pages_current+0x107/0x210 [ 1023.471331][T20320] get_zeroed_page+0x14/0x50 [ 1023.471347][T20320] __pud_alloc+0x3b/0x250 [ 1023.471362][T20320] pud_alloc+0xde/0x150 [ 1023.471378][T20320] copy_page_range+0x37a/0x1ed0 [ 1023.471399][T20320] ? anon_vma_fork+0x371/0x4a0 [ 1023.494050][T20320] ? lock_downgrade+0x920/0x920 [ 1023.498924][T20320] ? pmd_alloc+0x180/0x180 [ 1023.503359][T20320] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1023.509096][T20320] ? vma_compute_subtree_gap+0x158/0x230 [ 1023.514752][T20320] ? validate_mm_rb+0xa3/0xc0 [ 1023.519459][T20320] ? __vma_link_rb+0x5ad/0x770 [ 1023.524240][T20320] ? anon_vma_fork+0xd4/0x4a0 [ 1023.528958][T20320] dup_mm+0xa67/0x1430 [ 1023.533060][T20320] ? vm_area_dup+0x170/0x170 [ 1023.537664][T20320] ? debug_mutex_init+0x2d/0x60 [ 1023.542544][T20320] copy_process+0x2671/0x6830 [ 1023.547256][T20320] ? __cleanup_sighand+0x60/0x60 [ 1023.552204][T20320] ? __might_fault+0x12b/0x1e0 [ 1023.556980][T20320] ? __might_fault+0x12b/0x1e0 [ 1023.561758][T20320] _do_fork+0x146/0xfa0 [ 1023.565923][T20320] ? copy_init_mm+0x20/0x20 [ 1023.570458][T20320] ? __kasan_check_read+0x11/0x20 [ 1023.575484][T20320] ? _copy_to_user+0x118/0x160 [ 1023.580279][T20320] __x64_sys_clone+0x1ab/0x270 [ 1023.585053][T20320] ? __ia32_sys_vfork+0xd0/0xd0 [ 1023.589922][T20320] ? do_syscall_64+0x26/0x760 [ 1023.594622][T20320] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1023.599939][T20320] ? trace_hardirqs_on+0x67/0x240 [ 1023.604977][T20320] do_syscall_64+0xfa/0x760 [ 1023.609522][T20320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1023.615418][T20320] RIP: 0033:0x4598e9 [ 1023.619317][T20320] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1023.639097][T20320] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1023.647606][T20320] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 05:30:59 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1023.655587][T20320] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1023.663571][T20320] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1023.671553][T20320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1023.679532][T20320] R13: 00000000004bfd7f R14: 00000000004d1b78 R15: 00000000ffffffff 05:30:59 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1023.943504][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 1023.943520][ T26] audit: type=1804 audit(1568179859.413:2588): pid=20330 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/342/file0" dev="sda1" ino=16680 res=1 [ 1024.087077][ T26] audit: type=1800 audit(1568179859.453:2589): pid=20330 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16680 res=0 [ 1024.157473][T20320] memory: usage 307092kB, limit 307200kB, failcnt 45774 [ 1024.172913][T20320] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1024.210103][T20320] Memory cgroup stats for /syz1: [ 1024.210231][T20320] anon 287354880 [ 1024.210231][T20320] file 16707584 [ 1024.210231][T20320] kernel_stack 917504 [ 1024.210231][T20320] slab 5292032 [ 1024.210231][T20320] sock 0 [ 1024.210231][T20320] shmem 0 [ 1024.210231][T20320] file_mapped 16760832 [ 1024.210231][T20320] file_dirty 0 [ 1024.210231][T20320] file_writeback 0 [ 1024.210231][T20320] anon_thp 132120576 [ 1024.210231][T20320] inactive_anon 250671104 [ 1024.210231][T20320] active_anon 1499136 [ 1024.210231][T20320] inactive_file 122880 [ 1024.210231][T20320] active_file 73728 [ 1024.210231][T20320] unevictable 52166656 [ 1024.210231][T20320] slab_reclaimable 2027520 [ 1024.210231][T20320] slab_unreclaimable 3264512 [ 1024.210231][T20320] pgfault 933108 [ 1024.210231][T20320] pgmajfault 264 [ 1024.210231][T20320] workingset_refault 72996 [ 1024.210231][T20320] workingset_activate 1848 [ 1024.210231][T20320] workingset_nodereclaim 0 [ 1024.210231][T20320] pgrefill 80715 [ 1024.210231][T20320] pgscan 114377 [ 1024.214878][ T26] audit: type=1804 audit(1568179859.553:2590): pid=20323 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/374/bus" dev="sda1" ino=16706 res=1 [ 1024.236426][T20320] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20296,uid=0 [ 1024.528868][ T26] audit: type=1804 audit(1568179859.613:2591): pid=20310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/531/bus" dev="sda1" ino=16692 res=1 [ 1024.569807][T20320] Memory cgroup out of memory: Killed process 20296 (syz-executor.1) total-vm:72708kB, anon-rss:18160kB, file-rss:53368kB, shmem-rss:0kB, UID:0 pgtables:204800kB oom_score_adj:1000 [ 1024.626372][ T26] audit: type=1800 audit(1568179859.613:2592): pid=20310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16692 res=0 [ 1024.716610][ T26] audit: type=1804 audit(1568179860.163:2593): pid=20329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/340/bus" dev="sda1" ino=16629 res=1 [ 1024.727437][ T1065] oom_reaper: reaped process 20296 (syz-executor.1), now anon-rss:18204kB, file-rss:54328kB, shmem-rss:0kB [ 1024.827542][ T26] audit: type=1800 audit(1568179860.163:2594): pid=20329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16629 res=0 05:31:00 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000240)={r0}) read$char_usb(r0, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) getsockopt(r2, 0x400, 0x20, &(0x7f0000000100)=""/192, &(0x7f00000003c0)=0xc0) 05:31:00 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:00 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x2, "0afe"}, 0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:00 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:00 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1025.249610][ T26] audit: type=1804 audit(1568179860.723:2595): pid=20349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/343/file0" dev="sda1" ino=16755 res=1 05:31:00 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1025.323910][ T26] audit: type=1800 audit(1568179860.763:2596): pid=20349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16755 res=0 05:31:01 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1025.806538][ T26] audit: type=1804 audit(1568179861.273:2597): pid=20343 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/375/bus" dev="sda1" ino=16755 res=1 05:31:01 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:01 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r0, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:02 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x2, "0afe"}, 0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:02 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r0, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1026.852972][T20351] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1026.901261][T20351] CPU: 1 PID: 20351 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1026.910419][T20351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1026.920497][T20351] Call Trace: [ 1026.923812][T20351] dump_stack+0x172/0x1f0 [ 1026.928170][T20351] dump_header+0x177/0x1152 [ 1026.932707][T20351] ? pagefault_out_of_memory+0x11c/0x11c [ 1026.938350][T20351] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1026.944164][T20351] ? ___ratelimit+0x60/0x595 [ 1026.948761][T20351] ? do_raw_spin_unlock+0x57/0x270 [ 1026.953887][T20351] oom_kill_process.cold+0x10/0x15 [ 1026.959012][T20351] out_of_memory+0x334/0x1340 [ 1026.964308][T20351] ? lock_downgrade+0x920/0x920 [ 1026.969170][T20351] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1026.974984][T20351] ? oom_killer_disable+0x280/0x280 [ 1026.980203][T20351] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1026.985752][T20351] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1026.991413][T20351] ? do_raw_spin_unlock+0x57/0x270 [ 1026.996538][T20351] ? _raw_spin_unlock+0x2d/0x50 [ 1027.001484][T20351] try_charge+0xf4b/0x1440 [ 1027.005919][T20351] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1027.011469][T20351] ? percpu_ref_tryget_live+0x111/0x290 [ 1027.017035][T20351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1027.023291][T20351] ? __kasan_check_read+0x11/0x20 [ 1027.028326][T20351] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1027.033882][T20351] mem_cgroup_try_charge+0x136/0x590 [ 1027.039181][T20351] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1027.045434][T20351] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1027.051111][T20351] __handle_mm_fault+0x1e34/0x3f20 [ 1027.056236][T20351] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1027.061806][T20351] ? __kasan_check_read+0x11/0x20 [ 1027.066860][T20351] handle_mm_fault+0x1b5/0x6c0 [ 1027.071640][T20351] __get_user_pages+0x7d4/0x1b30 [ 1027.076864][T20351] ? follow_page_mask+0x1cf0/0x1cf0 [ 1027.082080][T20351] ? retint_kernel+0x2b/0x2b [ 1027.086691][T20351] populate_vma_page_range+0x20d/0x2a0 [ 1027.092168][T20351] __mm_populate+0x204/0x380 [ 1027.096769][T20351] ? populate_vma_page_range+0x2a0/0x2a0 [ 1027.102408][T20351] ? up_write+0x1c8/0x490 [ 1027.106750][T20351] __x64_sys_mremap+0x7dc/0xb80 [ 1027.111611][T20351] ? retint_kernel+0x2b/0x2b [ 1027.116209][T20351] ? mremap_to+0x750/0x750 [ 1027.120631][T20351] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1027.126276][T20351] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1027.131785][T20351] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1027.137264][T20351] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1027.143424][T20351] ? do_syscall_64+0x26/0x760 [ 1027.148111][T20351] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1027.153402][T20351] ? trace_hardirqs_on+0x67/0x240 [ 1027.158435][T20351] do_syscall_64+0xfa/0x760 [ 1027.162956][T20351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1027.168850][T20351] RIP: 0033:0x4598e9 [ 1027.172754][T20351] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1027.192365][T20351] RSP: 002b:00007f7c59502c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1027.200786][T20351] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1027.208765][T20351] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1027.216740][T20351] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1027.224717][T20351] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7c595036d4 [ 1027.232694][T20351] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1027.289642][T20351] memory: usage 307200kB, limit 307200kB, failcnt 45803 [ 1027.315891][T20351] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1027.330959][T20351] Memory cgroup stats for /syz1: [ 1027.332218][T20351] anon 287485952 [ 1027.332218][T20351] file 16707584 [ 1027.332218][T20351] kernel_stack 917504 [ 1027.332218][T20351] slab 5292032 [ 1027.332218][T20351] sock 0 [ 1027.332218][T20351] shmem 0 [ 1027.332218][T20351] file_mapped 16625664 [ 1027.332218][T20351] file_dirty 0 [ 1027.332218][T20351] file_writeback 0 [ 1027.332218][T20351] anon_thp 134217728 [ 1027.332218][T20351] inactive_anon 258842624 [ 1027.332218][T20351] active_anon 1499136 [ 1027.332218][T20351] inactive_file 122880 [ 1027.332218][T20351] active_file 208896 05:31:02 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r0, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1027.332218][T20351] unevictable 43929600 [ 1027.332218][T20351] slab_reclaimable 2027520 [ 1027.332218][T20351] slab_unreclaimable 3264512 [ 1027.332218][T20351] pgfault 937563 [ 1027.332218][T20351] pgmajfault 264 [ 1027.332218][T20351] workingset_refault 72996 [ 1027.332218][T20351] workingset_activate 1848 [ 1027.332218][T20351] workingset_nodereclaim 0 [ 1027.332218][T20351] pgrefill 80715 [ 1027.332218][T20351] pgscan 114377 [ 1027.587548][T20351] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20350,uid=0 [ 1027.742217][T20351] Memory cgroup out of memory: Killed process 20350 (syz-executor.1) total-vm:72700kB, anon-rss:10040kB, file-rss:54336kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1027.820329][ T1065] oom_reaper: reaped process 20350 (syz-executor.1), now anon-rss:10032kB, file-rss:54332kB, shmem-rss:0kB 05:31:04 executing program 1: r0 = socket(0x11, 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r1, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r1, r2, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r3 = socket(0xa, 0x1, 0x0) close(r3) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000000), 0x10) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x2, 0xe98d, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80000000, 0x0, 0x4000000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb0df3f47fdbc870b, @perf_config_ext, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x891b, &(0x7f0000000040)={'bond0\x00\x05H\a\x00`\x00\x06\x00z\x03'}) 05:31:04 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:04 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:04 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r1}) read$char_usb(r1, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) getsockopt(r3, 0x400, 0x20, &(0x7f0000000100)=""/192, &(0x7f00000003c0)=0xc0) 05:31:04 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:04 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1029.022260][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 1029.022275][ T26] audit: type=1804 audit(1568179864.493:2614): pid=20405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/326/bus" dev="sda1" ino=16820 res=1 05:31:04 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1029.150034][ T26] audit: type=1800 audit(1568179864.523:2615): pid=20405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16820 res=0 [ 1029.236865][ T26] audit: type=1804 audit(1568179864.533:2616): pid=20406 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/349/file0" dev="sda1" ino=16821 res=1 [ 1029.342554][ T26] audit: type=1800 audit(1568179864.533:2617): pid=20406 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16821 res=0 05:31:04 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1029.425528][ T26] audit: type=1804 audit(1568179864.843:2618): pid=20411 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/350/file0" dev="sda1" ino=16821 res=1 05:31:04 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1029.546737][ T26] audit: type=1800 audit(1568179864.843:2619): pid=20411 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16821 res=0 [ 1029.709036][ T26] audit: type=1804 audit(1568179865.183:2620): pid=20419 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/351/file0" dev="sda1" ino=16829 res=1 05:31:05 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1029.796334][ T26] audit: type=1804 audit(1568179865.183:2621): pid=20414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/327/file0" dev="sda1" ino=16828 res=1 05:31:05 executing program 1: r0 = socket(0x11, 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r1, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r1, r2, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r3 = socket(0xa, 0x1, 0x0) close(r3) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000000), 0x10) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x2, 0xe98d, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80000000, 0x0, 0x4000000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb0df3f47fdbc870b, @perf_config_ext, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x891b, &(0x7f0000000040)={'bond0\x00\x05H\a\x00`\x00\x06\x00z\x03'}) [ 1029.957065][ T26] audit: type=1800 audit(1568179865.193:2622): pid=20414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16828 res=0 [ 1030.044260][ T26] audit: type=1800 audit(1568179865.213:2623): pid=20419 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16829 res=0 05:31:05 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:05 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:06 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:06 executing program 1: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/202, 0x1b7) [ 1031.063469][T20446] bridge0: port 2(bridge_slave_1) entered disabled state [ 1031.070791][T20446] bridge0: port 1(bridge_slave_0) entered disabled state [ 1031.086138][T20446] device bridge0 left promiscuous mode [ 1031.218241][T20446] bridge0: port 2(bridge_slave_1) entered blocking state [ 1031.225410][T20446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1031.232900][T20446] bridge0: port 1(bridge_slave_0) entered blocking state [ 1031.240044][T20446] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1031.244461][T20420] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1031.259053][T20420] CPU: 1 PID: 20420 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1031.268179][T20420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.278242][T20420] Call Trace: [ 1031.281547][T20420] dump_stack+0x172/0x1f0 [ 1031.285889][T20420] dump_header+0x177/0x1152 [ 1031.287665][T20446] device bridge0 entered promiscuous mode [ 1031.290395][T20420] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1031.290408][T20420] ? ___ratelimit+0x2c8/0x595 [ 1031.290421][T20420] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1031.290446][T20420] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1031.317766][T20420] ? trace_hardirqs_on+0x67/0x240 [ 1031.322800][T20420] ? pagefault_out_of_memory+0x11c/0x11c [ 1031.328442][T20420] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1031.334248][T20420] ? ___ratelimit+0x60/0x595 [ 1031.338931][T20420] ? do_raw_spin_unlock+0x57/0x270 [ 1031.344071][T20420] oom_kill_process.cold+0x10/0x15 [ 1031.349203][T20420] out_of_memory+0x334/0x1340 [ 1031.353883][T20420] ? lock_downgrade+0x920/0x920 [ 1031.358741][T20420] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1031.364646][T20420] ? oom_killer_disable+0x280/0x280 [ 1031.369869][T20420] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1031.375429][T20420] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1031.381080][T20420] ? do_raw_spin_unlock+0x57/0x270 [ 1031.386205][T20420] ? _raw_spin_unlock+0x2d/0x50 [ 1031.391060][T20420] try_charge+0xf4b/0x1440 [ 1031.395498][T20420] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1031.401138][T20420] ? percpu_ref_tryget_live+0x111/0x290 [ 1031.406694][T20420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1031.412939][T20420] ? __kasan_check_read+0x11/0x20 [ 1031.412959][T20420] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1031.412975][T20420] mem_cgroup_try_charge+0x136/0x590 [ 1031.412989][T20420] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1031.413005][T20420] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1031.413027][T20420] __handle_mm_fault+0x1e34/0x3f20 [ 1031.446060][T20420] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1031.451636][T20420] ? __kasan_check_read+0x11/0x20 [ 1031.456673][T20420] handle_mm_fault+0x1b5/0x6c0 [ 1031.461434][T20420] __get_user_pages+0x7d4/0x1b30 [ 1031.466370][T20420] ? mark_held_locks+0xf0/0xf0 [ 1031.471157][T20420] ? follow_page_mask+0x1cf0/0x1cf0 [ 1031.476361][T20420] ? __mm_populate+0x270/0x380 [ 1031.481144][T20420] ? memset+0x32/0x40 [ 1031.485148][T20420] populate_vma_page_range+0x20d/0x2a0 [ 1031.490624][T20420] __mm_populate+0x204/0x380 [ 1031.495226][T20420] ? populate_vma_page_range+0x2a0/0x2a0 [ 1031.500891][T20420] ? up_write+0x1c8/0x490 [ 1031.505317][T20420] __x64_sys_mremap+0x7dc/0xb80 [ 1031.510211][T20420] ? mremap_to+0x750/0x750 [ 1031.514641][T20420] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1031.520111][T20420] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1031.525583][T20420] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1031.531659][T20420] ? do_syscall_64+0x26/0x760 [ 1031.536348][T20420] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1031.541667][T20420] ? trace_hardirqs_on+0x67/0x240 [ 1031.541689][T20420] do_syscall_64+0xfa/0x760 [ 1031.541715][T20420] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1031.541727][T20420] RIP: 0033:0x4598e9 [ 1031.541744][T20420] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1031.541752][T20420] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1031.541767][T20420] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1031.541775][T20420] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1031.541784][T20420] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1031.541792][T20420] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb972f886d4 [ 1031.541801][T20420] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1031.549164][T20420] memory: usage 307200kB, limit 307200kB, failcnt 8727 [ 1031.549248][T20420] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1031.549324][T20420] Memory cgroup stats for /syz0: [ 1031.549991][T20420] anon 284168192 [ 1031.549991][T20420] file 18890752 [ 1031.549991][T20420] kernel_stack 851968 [ 1031.549991][T20420] slab 7176192 [ 1031.549991][T20420] sock 0 [ 1031.549991][T20420] shmem 0 [ 1031.549991][T20420] file_mapped 18653184 [ 1031.549991][T20420] file_dirty 0 [ 1031.549991][T20420] file_writeback 0 [ 1031.549991][T20420] anon_thp 48234496 [ 1031.549991][T20420] inactive_anon 260407296 [ 1031.549991][T20420] active_anon 1179648 [ 1031.549991][T20420] inactive_file 32768 [ 1031.549991][T20420] active_file 114688 [ 1031.549991][T20420] unevictable 41144320 [ 1031.549991][T20420] slab_reclaimable 2433024 [ 1031.549991][T20420] slab_unreclaimable 4743168 [ 1031.549991][T20420] pgfault 999405 [ 1031.549991][T20420] pgmajfault 99 [ 1031.549991][T20420] workingset_refault 15477 [ 1031.549991][T20420] workingset_activate 1881 [ 1031.549991][T20420] workingset_nodereclaim 0 [ 1031.549991][T20420] pgrefill 16545 [ 1031.549991][T20420] pgscan 31074 [ 1031.549991][T20420] pgsteal 18255 05:31:07 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r1}) read$char_usb(r1, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) getsockopt(r3, 0x400, 0x20, &(0x7f0000000100)=""/192, &(0x7f00000003c0)=0xc0) 05:31:07 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:07 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:07 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:07 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1031.550046][T20420] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20394,uid=0 [ 1031.550521][T20420] Memory cgroup out of memory: Killed process 20394 (syz-executor.0) total-vm:72832kB, anon-rss:13732kB, file-rss:54336kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 05:31:07 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1031.555090][ T1065] oom_reaper: reaped process 20394 (syz-executor.0), now anon-rss:13920kB, file-rss:54332kB, shmem-rss:0kB [ 1032.134581][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:31:07 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:08 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:08 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:08 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:08 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:08 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1033.602759][T20465] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1033.798553][T20465] CPU: 0 PID: 20465 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1033.807705][T20465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.817775][T20465] Call Trace: [ 1033.821196][T20465] dump_stack+0x172/0x1f0 [ 1033.825567][T20465] dump_header+0x177/0x1152 [ 1033.830098][T20465] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1033.836054][T20465] ? ___ratelimit+0x2c8/0x595 [ 1033.840756][T20465] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1033.846587][T20465] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1033.851889][T20465] ? trace_hardirqs_on+0x67/0x240 [ 1033.856933][T20465] ? pagefault_out_of_memory+0x11c/0x11c [ 1033.862595][T20465] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1033.868407][T20465] ? ___ratelimit+0x60/0x595 [ 1033.873051][T20465] ? do_raw_spin_unlock+0x57/0x270 [ 1033.878180][T20465] oom_kill_process.cold+0x10/0x15 [ 1033.883289][T20465] out_of_memory+0x334/0x1340 [ 1033.887956][T20465] ? lock_downgrade+0x920/0x920 [ 1033.892811][T20465] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1033.898608][T20465] ? oom_killer_disable+0x280/0x280 [ 1033.903800][T20465] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1033.909418][T20465] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1033.915038][T20465] ? do_raw_spin_unlock+0x57/0x270 [ 1033.920141][T20465] ? _raw_spin_unlock+0x2d/0x50 [ 1033.924980][T20465] try_charge+0xf4b/0x1440 [ 1033.929397][T20465] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1033.934935][T20465] ? find_held_lock+0x35/0x130 [ 1033.939684][T20465] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1033.945220][T20465] ? lock_downgrade+0x920/0x920 [ 1033.950145][T20465] ? percpu_ref_tryget_live+0x111/0x290 [ 1033.955676][T20465] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1033.961119][T20465] ? memcg_kmem_put_cache+0x50/0x50 [ 1033.966311][T20465] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1033.971840][T20465] __memcg_kmem_charge+0x13a/0x3a0 [ 1033.976964][T20465] __alloc_pages_nodemask+0x4f7/0x900 [ 1033.982322][T20465] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1033.988214][T20465] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1033.993916][T20465] ? percpu_ref_put_many+0xb6/0x190 [ 1033.999105][T20465] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1034.004412][T20465] ? trace_hardirqs_on+0x67/0x240 [ 1034.009426][T20465] ? __kasan_check_read+0x11/0x20 [ 1034.014437][T20465] copy_process+0x3f8/0x6830 [ 1034.019009][T20465] ? psi_memstall_leave+0x12e/0x180 [ 1034.024199][T20465] ? __cleanup_sighand+0x60/0x60 [ 1034.029122][T20465] ? __kasan_check_read+0x11/0x20 [ 1034.034738][T20465] ? __lock_acquire+0x8a0/0x4a00 [ 1034.039661][T20465] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1034.044848][T20465] _do_fork+0x146/0xfa0 [ 1034.048993][T20465] ? copy_init_mm+0x20/0x20 [ 1034.053572][T20465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.059796][T20465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.066022][T20465] ? debug_smp_processor_id+0x3c/0x214 [ 1034.071471][T20465] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1034.077616][T20465] __x64_sys_clone+0x1ab/0x270 [ 1034.082371][T20465] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1034.088337][T20465] ? __ia32_sys_vfork+0xd0/0xd0 [ 1034.093182][T20465] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1034.099412][T20465] ? do_syscall_64+0x26/0x760 [ 1034.104157][T20465] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1034.109433][T20465] ? trace_hardirqs_on+0x67/0x240 [ 1034.114443][T20465] do_syscall_64+0xfa/0x760 [ 1034.118937][T20465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1034.124813][T20465] RIP: 0033:0x45c2b9 [ 1034.128703][T20465] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1034.148300][T20465] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1034.156709][T20465] RAX: ffffffffffffffda RBX: 00007fb972f46700 RCX: 000000000045c2b9 [ 1034.164677][T20465] RDX: 00007fb972f469d0 RSI: 00007fb972f45db0 RDI: 00000000003d0f00 [ 1034.172642][T20465] RBP: 00007ffc960a1610 R08: 00007fb972f46700 R09: 00007fb972f46700 [ 1034.180598][T20465] R10: 00007fb972f469d0 R11: 0000000000000202 R12: 0000000000000000 [ 1034.188555][T20465] R13: 00007ffc960a14af R14: 00007fb972f469c0 R15: 000000000075c124 [ 1034.282086][T20465] memory: usage 307200kB, limit 307200kB, failcnt 11001 [ 1034.302094][T20465] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1034.316168][T20465] Memory cgroup stats for /syz0: [ 1034.316293][T20465] anon 298577920 [ 1034.316293][T20465] file 4288512 [ 1034.316293][T20465] kernel_stack 917504 [ 1034.316293][T20465] slab 7176192 [ 1034.316293][T20465] sock 0 [ 1034.316293][T20465] shmem 0 [ 1034.316293][T20465] file_mapped 4190208 [ 1034.316293][T20465] file_dirty 0 [ 1034.316293][T20465] file_writeback 0 [ 1034.316293][T20465] anon_thp 48234496 [ 1034.316293][T20465] inactive_anon 279060480 [ 1034.316293][T20465] active_anon 1179648 [ 1034.316293][T20465] inactive_file 0 [ 1034.316293][T20465] active_file 0 [ 1034.316293][T20465] unevictable 22355968 [ 1034.316293][T20465] slab_reclaimable 2433024 [ 1034.316293][T20465] slab_unreclaimable 4743168 [ 1034.316293][T20465] pgfault 1004091 [ 1034.316293][T20465] pgmajfault 99 [ 1034.316293][T20465] workingset_refault 16269 [ 1034.316293][T20465] workingset_activate 1947 [ 1034.316293][T20465] workingset_nodereclaim 0 [ 1034.316293][T20465] pgrefill 22067 [ 1034.316293][T20465] pgscan 37110 [ 1034.316293][T20465] pgsteal 22663 [ 1034.418445][T20465] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20423,uid=0 [ 1034.440282][T20465] Memory cgroup out of memory: Killed process 20423 (syz-executor.0) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 1034.464926][ T1065] oom_reaper: reaped process 20423 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1034.476304][T20476] syz-executor.0 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1034.494819][T20476] CPU: 0 PID: 20476 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1034.504952][T20476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.504982][T20476] Call Trace: [ 1034.505012][T20476] dump_stack+0x172/0x1f0 [ 1034.505042][T20476] dump_header+0x177/0x1152 [ 1034.527250][T20476] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1034.533055][T20476] ? ___ratelimit+0x2c8/0x595 [ 1034.537726][T20476] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1034.543524][T20476] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1034.548794][T20476] ? trace_hardirqs_on+0x67/0x240 [ 1034.553816][T20476] ? pagefault_out_of_memory+0x11c/0x11c [ 1034.559535][T20476] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1034.565322][T20476] ? ___ratelimit+0x60/0x595 [ 1034.569895][T20476] ? do_raw_spin_unlock+0x57/0x270 [ 1034.574990][T20476] oom_kill_process.cold+0x10/0x15 [ 1034.580095][T20476] out_of_memory+0x334/0x1340 [ 1034.584762][T20476] ? lock_downgrade+0x920/0x920 [ 1034.589596][T20476] ? oom_killer_disable+0x280/0x280 [ 1034.594784][T20476] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1034.600320][T20476] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1034.605948][T20476] ? do_raw_spin_unlock+0x57/0x270 [ 1034.611063][T20476] ? _raw_spin_unlock+0x2d/0x50 [ 1034.615912][T20476] try_charge+0xa2d/0x1440 [ 1034.620315][T20476] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1034.625867][T20476] ? percpu_ref_tryget_live+0x111/0x290 [ 1034.631441][T20476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.637715][T20476] ? __kasan_check_read+0x11/0x20 [ 1034.642773][T20476] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1034.648340][T20476] mem_cgroup_try_charge+0x136/0x590 [ 1034.653665][T20476] __add_to_page_cache_locked+0x43f/0xec0 [ 1034.659418][T20476] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1034.665526][T20476] ? __kasan_check_read+0x11/0x20 [ 1034.670662][T20476] ? unaccount_page_cache_page+0xda0/0xda0 [ 1034.676473][T20476] ? __alloc_pages_nodemask+0x658/0x900 [ 1034.682014][T20476] ? xas_descend+0x144/0x370 [ 1034.686602][T20476] ? shadow_lru_isolate+0x430/0x430 [ 1034.691791][T20476] add_to_page_cache_lru+0x1d8/0x790 [ 1034.697065][T20476] ? add_to_page_cache_locked+0x40/0x40 [ 1034.702759][T20476] ? __page_cache_alloc+0x116/0x490 [ 1034.708001][T20476] pagecache_get_page+0x3be/0x900 [ 1034.713046][T20476] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1034.718583][T20476] grab_cache_page_write_begin+0x75/0xb0 [ 1034.724263][T20476] ext4_da_write_begin+0x2ec/0xb80 [ 1034.729374][T20476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.735615][T20476] ? ext4_write_begin+0xd20/0xd20 [ 1034.740655][T20476] ? iov_iter_zero+0xfa0/0xfa0 [ 1034.745419][T20476] generic_perform_write+0x23b/0x540 [ 1034.750711][T20476] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1034.758756][T20476] ? current_time+0x140/0x140 [ 1034.763415][T20476] ? generic_write_check_limits.isra.0+0x270/0x270 [ 1034.769901][T20476] __generic_file_write_iter+0x25e/0x630 [ 1034.775528][T20476] ext4_file_write_iter+0x317/0x13c0 [ 1034.780796][T20476] ? ext4_release_file+0x380/0x380 [ 1034.785895][T20476] ? __kasan_check_read+0x11/0x20 [ 1034.790906][T20476] ? __lock_acquire+0x16f2/0x4a00 [ 1034.795915][T20476] ? __kasan_check_read+0x11/0x20 [ 1034.800936][T20476] ? mark_lock+0xc2/0x1220 [ 1034.805345][T20476] do_iter_readv_writev+0x5f8/0x8f0 [ 1034.810529][T20476] ? no_seek_end_llseek_size+0x70/0x70 [ 1034.815975][T20476] ? apparmor_file_permission+0x25/0x30 [ 1034.821506][T20476] ? rw_verify_area+0x126/0x360 [ 1034.826339][T20476] do_iter_write+0x184/0x610 [ 1034.830911][T20476] ? __kmalloc+0x608/0x770 [ 1034.835314][T20476] vfs_iter_write+0x77/0xb0 [ 1034.839804][T20476] iter_file_splice_write+0x66d/0xbe0 [ 1034.845173][T20476] ? atime_needs_update+0x5f0/0x5f0 [ 1034.850364][T20476] ? page_cache_pipe_buf_release+0x180/0x180 [ 1034.856339][T20476] ? rw_verify_area+0x126/0x360 [ 1034.861172][T20476] ? page_cache_pipe_buf_release+0x180/0x180 [ 1034.867144][T20476] direct_splice_actor+0x123/0x190 [ 1034.872241][T20476] splice_direct_to_actor+0x366/0x970 [ 1034.877621][T20476] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1034.883206][T20476] ? do_splice_to+0x180/0x180 [ 1034.887877][T20476] ? rw_verify_area+0x126/0x360 [ 1034.892739][T20476] do_splice_direct+0x1da/0x2a0 [ 1034.897588][T20476] ? splice_direct_to_actor+0x970/0x970 [ 1034.903125][T20476] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1034.908487][T20476] ? __this_cpu_preempt_check+0x3a/0x210 [ 1034.914107][T20476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.920338][T20476] ? __sb_start_write+0x1e5/0x460 [ 1034.925344][T20476] do_sendfile+0x597/0xd00 [ 1034.929750][T20476] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1034.935017][T20476] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1034.941242][T20476] ? put_timespec64+0xda/0x140 [ 1034.945998][T20476] __x64_sys_sendfile64+0x1dd/0x220 [ 1034.951179][T20476] ? __ia32_sys_sendfile+0x230/0x230 [ 1034.956455][T20476] ? do_syscall_64+0x26/0x760 [ 1034.961118][T20476] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1034.966387][T20476] ? trace_hardirqs_on+0x67/0x240 [ 1034.971412][T20476] do_syscall_64+0xfa/0x760 [ 1034.975905][T20476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1034.981777][T20476] RIP: 0033:0x4598e9 [ 1034.985663][T20476] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.005271][T20476] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1035.013671][T20476] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 1035.021624][T20476] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1035.029579][T20476] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1035.037548][T20476] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb972f886d4 [ 1035.045512][T20476] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff [ 1035.064240][T20476] memory: usage 288816kB, limit 307200kB, failcnt 11001 [ 1035.071425][T20476] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1035.078392][T20476] Memory cgroup stats for /syz0: [ 1035.078519][T20476] anon 280059904 [ 1035.078519][T20476] file 4288512 [ 1035.078519][T20476] kernel_stack 786432 [ 1035.078519][T20476] slab 7176192 [ 1035.078519][T20476] sock 0 [ 1035.078519][T20476] shmem 0 [ 1035.078519][T20476] file_mapped 4190208 [ 1035.078519][T20476] file_dirty 0 [ 1035.078519][T20476] file_writeback 0 [ 1035.078519][T20476] anon_thp 48234496 [ 1035.078519][T20476] inactive_anon 260542464 [ 1035.078519][T20476] active_anon 1179648 [ 1035.078519][T20476] inactive_file 0 [ 1035.078519][T20476] active_file 0 [ 1035.078519][T20476] unevictable 22355968 [ 1035.078519][T20476] slab_reclaimable 2433024 [ 1035.078519][T20476] slab_unreclaimable 4743168 [ 1035.078519][T20476] pgfault 1004124 [ 1035.078519][T20476] pgmajfault 99 [ 1035.078519][T20476] workingset_refault 16269 [ 1035.078519][T20476] workingset_activate 1947 [ 1035.078519][T20476] workingset_nodereclaim 0 [ 1035.078519][T20476] pgrefill 22067 [ 1035.078519][T20476] pgscan 37110 [ 1035.078519][T20476] pgsteal 22663 [ 1035.174427][T20476] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20279,uid=0 [ 1035.190715][T20476] Memory cgroup out of memory: Killed process 20279 (syz-executor.0) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 1035.216257][ T1065] oom_reaper: reaped process 20279 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 05:31:10 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:10 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:10 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:10 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:10 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:10 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1035.374890][ T26] kauditd_printk_skb: 40 callbacks suppressed [ 1035.374906][ T26] audit: type=1804 audit(1568179870.843:2664): pid=20512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/362/file0" dev="sda1" ino=16833 res=1 [ 1035.448889][T20515] bridge0: port 2(bridge_slave_1) entered disabled state [ 1035.456340][T20515] bridge0: port 1(bridge_slave_0) entered disabled state [ 1035.475120][ T26] audit: type=1800 audit(1568179870.893:2665): pid=20512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16833 res=0 05:31:11 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1035.512255][T20515] device bridge0 left promiscuous mode [ 1035.563874][T20517] bridge0: port 2(bridge_slave_1) entered blocking state [ 1035.571082][T20517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1035.578601][T20517] bridge0: port 1(bridge_slave_0) entered blocking state [ 1035.585706][T20517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1035.650010][T20517] device bridge0 entered promiscuous mode [ 1035.666184][ T26] audit: type=1804 audit(1568179871.133:2666): pid=20522 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/363/file0" dev="sda1" ino=16840 res=1 05:31:11 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1035.768342][ T26] audit: type=1800 audit(1568179871.163:2667): pid=20522 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16840 res=0 05:31:11 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1035.976634][ T26] audit: type=1804 audit(1568179871.443:2668): pid=20526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/364/file0" dev="sda1" ino=16834 res=1 05:31:11 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1036.072236][ T26] audit: type=1800 audit(1568179871.473:2669): pid=20526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16834 res=0 [ 1036.096458][T20528] bridge0: port 2(bridge_slave_1) entered disabled state [ 1036.103753][T20528] bridge0: port 1(bridge_slave_0) entered disabled state [ 1036.177845][T20528] device bridge0 left promiscuous mode [ 1036.233937][ T26] audit: type=1804 audit(1568179871.703:2670): pid=20535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/365/file0" dev="sda1" ino=16706 res=1 [ 1036.368729][ T26] audit: type=1800 audit(1568179871.703:2671): pid=20535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16706 res=0 05:31:11 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1036.470875][ T26] audit: type=1804 audit(1568179871.723:2672): pid=20513 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/379/bus" dev="sda1" ino=16738 res=1 [ 1036.583462][ T26] audit: type=1804 audit(1568179871.733:2673): pid=20509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/658/bus" dev="sda1" ino=16754 res=1 05:31:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:12 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1037.035710][T20533] bridge0: port 2(bridge_slave_1) entered blocking state [ 1037.042946][T20533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1037.050464][T20533] bridge0: port 1(bridge_slave_0) entered blocking state [ 1037.057626][T20533] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:12 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1037.097846][T20533] device bridge0 entered promiscuous mode [ 1037.120875][ T8903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:31:12 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:12 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:12 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1037.574160][T20567] bridge0: port 2(bridge_slave_1) entered disabled state [ 1037.581531][T20567] bridge0: port 1(bridge_slave_0) entered disabled state [ 1037.672563][T20567] device bridge0 left promiscuous mode 05:31:13 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:13 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:13 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1038.246800][T20569] bridge0: port 2(bridge_slave_1) entered blocking state [ 1038.254047][T20569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1038.261549][T20569] bridge0: port 1(bridge_slave_0) entered blocking state [ 1038.268756][T20569] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:13 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1038.433141][T20569] device bridge0 entered promiscuous mode 05:31:14 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:14 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) 05:31:14 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1038.933038][T20600] bridge0: port 2(bridge_slave_1) entered disabled state [ 1038.940387][T20600] bridge0: port 1(bridge_slave_0) entered disabled state 05:31:14 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1039.000755][T20600] device bridge0 left promiscuous mode 05:31:14 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1039.746442][T20604] bridge0: port 2(bridge_slave_1) entered blocking state [ 1039.753652][T20604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1039.761126][T20604] bridge0: port 1(bridge_slave_0) entered blocking state [ 1039.768284][T20604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1039.780573][T20604] device bridge0 entered promiscuous mode 05:31:15 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 05:31:15 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:15 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:15 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:15 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) [ 1040.299395][T20631] bridge0: port 2(bridge_slave_1) entered disabled state [ 1040.307508][T20631] bridge0: port 1(bridge_slave_0) entered disabled state [ 1040.332516][T20631] device bridge0 left promiscuous mode 05:31:15 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:15 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:16 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:16 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r0, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:16 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1041.038375][ T26] kauditd_printk_skb: 33 callbacks suppressed [ 1041.038390][ T26] audit: type=1804 audit(1568179876.513:2707): pid=20621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/333/bus" dev="sda1" ino=16847 res=1 [ 1041.120440][T20633] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.127609][T20633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1041.127812][T20633] bridge0: port 1(bridge_slave_0) entered blocking state [ 1041.142133][T20633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1041.192096][ T26] audit: type=1800 audit(1568179876.513:2708): pid=20621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16847 res=0 05:31:16 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r0, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1041.307390][ T26] audit: type=1804 audit(1568179876.563:2709): pid=20625 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/347/bus" dev="sda1" ino=16625 res=1 [ 1041.429791][ T26] audit: type=1800 audit(1568179876.563:2710): pid=20625 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16625 res=0 [ 1041.538695][ T26] audit: type=1804 audit(1568179876.733:2711): pid=20656 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/379/file0" dev="sda1" ino=16706 res=1 [ 1041.607583][T20633] device bridge0 entered promiscuous mode 05:31:17 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r0, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1041.649521][ T26] audit: type=1800 audit(1568179876.733:2712): pid=20656 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16706 res=0 [ 1041.716511][ T26] audit: type=1804 audit(1568179876.983:2713): pid=20641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/382/bus" dev="sda1" ino=16706 res=1 05:31:17 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) 05:31:17 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) 05:31:17 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1041.886130][ T26] audit: type=1804 audit(1568179877.033:2714): pid=20661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/380/file0" dev="sda1" ino=16723 res=1 05:31:17 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, 0x0, 0x0, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1041.989903][T20670] bridge0: port 2(bridge_slave_1) entered disabled state [ 1041.997211][T20670] bridge0: port 1(bridge_slave_0) entered disabled state [ 1041.997381][ T26] audit: type=1800 audit(1568179877.033:2715): pid=20661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16723 res=0 [ 1042.037921][T20670] device bridge0 left promiscuous mode [ 1042.157530][ T26] audit: type=1804 audit(1568179877.073:2716): pid=20659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/380/file0" dev="sda1" ino=16723 res=1 05:31:17 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, 0x0, 0x0, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:17 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:18 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, 0x0, 0x0, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:18 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1042.872606][T20677] bridge0: port 2(bridge_slave_1) entered blocking state [ 1042.879824][T20677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1042.887373][T20677] bridge0: port 1(bridge_slave_0) entered blocking state [ 1042.894930][T20677] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1042.958443][T20677] device bridge0 entered promiscuous mode 05:31:18 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1043.272487][T20701] bridge0: port 2(bridge_slave_1) entered disabled state [ 1043.279777][T20701] bridge0: port 1(bridge_slave_0) entered disabled state [ 1043.290105][T20701] device bridge0 left promiscuous mode 05:31:18 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:18 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:19 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1043.799276][T20702] bridge0: port 2(bridge_slave_1) entered blocking state [ 1043.807226][T20702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1043.814706][T20702] bridge0: port 1(bridge_slave_0) entered blocking state [ 1043.821895][T20702] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:19 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:19 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:19 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1043.907796][T20702] device bridge0 entered promiscuous mode 05:31:19 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:19 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1044.163358][T20726] bridge0: port 2(bridge_slave_1) entered disabled state [ 1044.170726][T20726] bridge0: port 1(bridge_slave_0) entered disabled state 05:31:19 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1044.277868][T20726] device bridge0 left promiscuous mode 05:31:19 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:20 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(0x0, 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:20 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:20 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(0x0, 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:20 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:20 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:21 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:21 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(0x0, 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:21 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:21 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:21 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) 05:31:21 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:21 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:21 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:21 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1046.359321][ T26] kauditd_printk_skb: 35 callbacks suppressed [ 1046.359335][ T26] audit: type=1804 audit(1568179881.833:2752): pid=20758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/663/bus" dev="sda1" ino=16709 res=1 05:31:22 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:22 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/202, 0x1b7) [ 1046.537133][ T26] audit: type=1800 audit(1568179881.883:2753): pid=20758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16709 res=0 [ 1046.659302][ T26] audit: type=1804 audit(1568179881.983:2754): pid=20761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/350/bus" dev="sda1" ino=16656 res=1 [ 1046.688834][T20792] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.696537][T20792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1046.704075][T20792] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.711602][T20792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1046.803781][ T26] audit: type=1800 audit(1568179881.983:2755): pid=20761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16656 res=0 [ 1046.898181][T20792] device bridge0 entered promiscuous mode [ 1046.921926][T20451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1046.967169][ T26] audit: type=1804 audit(1568179882.433:2756): pid=20776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/385/bus" dev="sda1" ino=16635 res=1 05:31:22 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:22 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(0x0, 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:22 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:22 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/202, 0x1b7) [ 1047.379723][T20804] bridge0: port 2(bridge_slave_1) entered disabled state [ 1047.387061][T20804] bridge0: port 1(bridge_slave_0) entered disabled state [ 1047.450595][T20804] device bridge0 left promiscuous mode 05:31:23 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:23 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) 05:31:23 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(0x0, 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:23 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(0x0, 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1048.221592][T20808] bridge0: port 2(bridge_slave_1) entered blocking state [ 1048.229095][T20808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1048.236802][T20808] bridge0: port 1(bridge_slave_0) entered blocking state [ 1048.244023][T20808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1048.281773][ T26] audit: type=1804 audit(1568179883.753:2757): pid=20812 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/664/bus" dev="sda1" ino=16769 res=1 [ 1048.324506][T20808] device bridge0 entered promiscuous mode 05:31:23 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1048.406350][ T26] audit: type=1800 audit(1568179883.753:2758): pid=20812 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16769 res=0 [ 1048.578808][ T26] audit: type=1804 audit(1568179884.053:2759): pid=20832 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/400/file0" dev="sda1" ino=16634 res=1 05:31:24 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:24 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/202, 0x1b7) [ 1048.833370][ T26] audit: type=1804 audit(1568179884.303:2760): pid=20837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/401/file0" dev="sda1" ino=16655 res=1 05:31:24 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1048.891082][T20839] bridge0: port 2(bridge_slave_1) entered disabled state [ 1048.898632][T20839] bridge0: port 1(bridge_slave_0) entered disabled state [ 1048.931510][ T26] audit: type=1804 audit(1568179884.403:2761): pid=20822 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/386/bus" dev="sda1" ino=16695 res=1 [ 1048.981114][T20839] device bridge0 left promiscuous mode [ 1049.708305][T20841] bridge0: port 2(bridge_slave_1) entered blocking state [ 1049.715787][T20841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1049.723657][T20841] bridge0: port 1(bridge_slave_0) entered blocking state [ 1049.730795][T20841] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:25 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:25 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:25 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0) flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:25 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) 05:31:25 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1049.801747][T20841] device bridge0 entered promiscuous mode 05:31:25 executing program 0: inotify_init1(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:25 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0) flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1050.067510][T20866] bridge0: port 2(bridge_slave_1) entered disabled state [ 1050.074764][T20866] bridge0: port 1(bridge_slave_0) entered disabled state [ 1050.164216][T20866] device bridge0 left promiscuous mode 05:31:25 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0) flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:26 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(0xffffffffffffffff, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1050.621972][T20871] bridge0: port 2(bridge_slave_1) entered blocking state [ 1050.629502][T20871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1050.636958][T20871] bridge0: port 1(bridge_slave_0) entered blocking state [ 1050.644166][T20871] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:26 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(0xffffffffffffffff, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1050.847614][T20871] device bridge0 entered promiscuous mode 05:31:26 executing program 0: inotify_init1(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:26 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1051.199138][T20893] bridge0: port 2(bridge_slave_1) entered disabled state [ 1051.206398][T20893] bridge0: port 1(bridge_slave_0) entered disabled state [ 1051.293886][T20893] device bridge0 left promiscuous mode [ 1051.643017][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 1051.643033][ T26] audit: type=1804 audit(1568179887.113:2774): pid=20896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/339/bus" dev="sda1" ino=16649 res=1 [ 1051.698742][T20897] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.705925][T20897] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1051.714247][T20897] bridge0: port 1(bridge_slave_0) entered blocking state [ 1051.721609][T20897] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1051.736082][ T26] audit: type=1800 audit(1568179887.113:2775): pid=20896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16649 res=0 [ 1051.761829][T20897] device bridge0 entered promiscuous mode 05:31:27 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:27 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(0xffffffffffffffff, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:27 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:27 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:27 executing program 0: inotify_init1(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1051.930875][ T26] audit: type=1804 audit(1568179887.403:2776): pid=20910 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/408/file0" dev="sda1" ino=16629 res=1 05:31:27 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1052.031519][ T26] audit: type=1800 audit(1568179887.403:2777): pid=20910 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16629 res=0 [ 1052.059521][T20914] bridge0: port 2(bridge_slave_1) entered disabled state [ 1052.066794][T20914] bridge0: port 1(bridge_slave_0) entered disabled state [ 1052.145035][T20914] device bridge0 left promiscuous mode 05:31:27 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1052.305033][ T26] audit: type=1800 audit(1568179887.773:2778): pid=20920 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16648 res=0 05:31:27 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1052.397360][ T26] audit: type=1804 audit(1568179887.833:2779): pid=20918 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/409/file0" dev="sda1" ino=16648 res=1 [ 1052.623306][T20916] bridge0: port 2(bridge_slave_1) entered blocking state [ 1052.631778][T20916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1052.639316][T20916] bridge0: port 1(bridge_slave_0) entered blocking state [ 1052.646425][T20916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1052.654028][ T26] audit: type=1804 audit(1568179888.093:2780): pid=20927 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/410/file0" dev="sda1" ino=16849 res=1 05:31:28 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1052.757617][T20916] device bridge0 entered promiscuous mode [ 1052.767426][ T26] audit: type=1800 audit(1568179888.093:2781): pid=20927 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16849 res=0 [ 1052.878494][ T26] audit: type=1804 audit(1568179888.303:2782): pid=20908 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/388/bus" dev="sda1" ino=16849 res=1 05:31:28 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0x69c, 0x4) [ 1052.987819][ T26] audit: type=1804 audit(1568179888.333:2783): pid=20933 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/411/file0" dev="sda1" ino=16852 res=1 05:31:28 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1053.248042][T20940] bridge0: port 2(bridge_slave_1) entered disabled state [ 1053.255414][T20940] bridge0: port 1(bridge_slave_0) entered disabled state [ 1053.297715][T20940] device bridge0 left promiscuous mode 05:31:28 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0x69c, 0x4) [ 1053.823118][T20942] bridge0: port 2(bridge_slave_1) entered blocking state [ 1053.830794][T20942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1053.838339][T20942] bridge0: port 1(bridge_slave_0) entered blocking state [ 1053.845930][T20942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1053.908860][T20942] device bridge0 entered promiscuous mode 05:31:29 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:29 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:29 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:29 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0x69c, 0x4) 05:31:29 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:29 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:29 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, 0x0, 0x0) [ 1054.223421][T20968] bridge0: port 2(bridge_slave_1) entered disabled state [ 1054.230757][T20968] bridge0: port 1(bridge_slave_0) entered disabled state 05:31:29 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1054.350944][T20968] device bridge0 left promiscuous mode 05:31:30 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, 0x0, 0x0) 05:31:30 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:30 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, 0x0, 0x0) [ 1054.897570][T20972] bridge0: port 2(bridge_slave_1) entered blocking state [ 1054.904819][T20972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1054.912354][T20972] bridge0: port 1(bridge_slave_0) entered blocking state [ 1054.919512][T20972] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:30 executing program 2: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1055.147378][T20972] device bridge0 entered promiscuous mode 05:31:31 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:31 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040), 0x4) 05:31:31 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:31 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:31 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1055.722561][T21008] bridge0: port 2(bridge_slave_1) entered disabled state [ 1055.730089][T21008] bridge0: port 1(bridge_slave_0) entered disabled state [ 1055.770345][T21008] device bridge0 left promiscuous mode 05:31:31 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040), 0x4) [ 1056.240960][T21011] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.248244][T21011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1056.255677][T21011] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.264111][T21011] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:31 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040), 0x4) [ 1056.411185][T21011] device bridge0 entered promiscuous mode 05:31:32 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:32 executing program 5: [ 1056.669212][ T26] kauditd_printk_skb: 38 callbacks suppressed [ 1056.669226][ T26] audit: type=1804 audit(1568179892.143:2822): pid=21006 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/390/bus" dev="sda1" ino=16648 res=1 [ 1056.740846][T21028] bridge0: port 2(bridge_slave_1) entered disabled state [ 1056.750920][T21028] bridge0: port 1(bridge_slave_0) entered disabled state 05:31:32 executing program 5: [ 1056.780410][ T26] audit: type=1804 audit(1568179892.253:2823): pid=21013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/668/bus" dev="sda1" ino=16706 res=1 [ 1056.814088][ T26] audit: type=1800 audit(1568179892.283:2824): pid=21013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16706 res=0 [ 1056.835965][T21028] device bridge0 left promiscuous mode [ 1056.954345][ T26] audit: type=1804 audit(1568179892.343:2825): pid=21032 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/342/bus" dev="sda1" ino=16664 res=1 05:31:32 executing program 5: 05:31:32 executing program 2: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1057.082097][ T26] audit: type=1800 audit(1568179892.343:2826): pid=21032 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16664 res=0 [ 1057.449852][T21031] bridge0: port 2(bridge_slave_1) entered blocking state [ 1057.457032][T21031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1057.464518][T21031] bridge0: port 1(bridge_slave_0) entered blocking state [ 1057.471658][T21031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1057.517781][T21031] device bridge0 entered promiscuous mode [ 1057.821936][ T26] audit: type=1804 audit(1568179893.293:2827): pid=21040 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/358/bus" dev="sda1" ino=16635 res=1 [ 1057.886896][ T26] audit: type=1800 audit(1568179893.293:2828): pid=21040 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16635 res=0 05:31:33 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:33 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:33 executing program 5: 05:31:33 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) 05:31:33 executing program 0: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:33 executing program 5: [ 1058.240883][T21053] bridge0: port 2(bridge_slave_1) entered disabled state [ 1058.248230][T21053] bridge0: port 1(bridge_slave_0) entered disabled state [ 1058.286354][T21053] device bridge0 left promiscuous mode 05:31:33 executing program 2: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:33 executing program 5: 05:31:34 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1058.715556][T21056] bridge0: port 2(bridge_slave_1) entered blocking state [ 1058.722756][T21056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1058.730272][T21056] bridge0: port 1(bridge_slave_0) entered blocking state [ 1058.737420][T21056] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1058.927511][T21056] device bridge0 entered promiscuous mode 05:31:34 executing program 0: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1059.141188][ T26] audit: type=1804 audit(1568179894.613:2829): pid=21052 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/391/bus" dev="sda1" ino=16708 res=1 [ 1059.172060][T21071] bridge0: port 2(bridge_slave_1) entered disabled state [ 1059.179393][T21071] bridge0: port 1(bridge_slave_0) entered disabled state [ 1059.210654][T21068] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1059.235571][T21071] device bridge0 left promiscuous mode [ 1059.241364][ T26] audit: type=1804 audit(1568179894.663:2830): pid=21055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/669/bus" dev="sda1" ino=16722 res=1 [ 1059.247544][T21068] CPU: 1 PID: 21068 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1059.275145][T21068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1059.285220][T21068] Call Trace: [ 1059.288532][T21068] dump_stack+0x172/0x1f0 [ 1059.292872][T21068] dump_header+0x177/0x1152 [ 1059.297382][T21068] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1059.303190][T21068] ? ___ratelimit+0x2c8/0x595 [ 1059.307860][T21068] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1059.313669][T21068] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1059.318958][T21068] ? trace_hardirqs_on+0x67/0x240 [ 1059.323995][T21068] ? pagefault_out_of_memory+0x11c/0x11c [ 1059.329632][T21068] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1059.335435][T21068] ? ___ratelimit+0x60/0x595 [ 1059.337356][ T26] audit: type=1800 audit(1568179894.673:2831): pid=21055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16722 res=0 [ 1059.340014][T21068] ? do_raw_spin_unlock+0x57/0x270 [ 1059.340034][T21068] oom_kill_process.cold+0x10/0x15 [ 1059.370541][T21068] out_of_memory+0x334/0x1340 [ 1059.375220][T21068] ? lock_downgrade+0x920/0x920 [ 1059.380077][T21068] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1059.385887][T21068] ? oom_killer_disable+0x280/0x280 [ 1059.391109][T21068] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1059.396658][T21068] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1059.402294][T21068] ? do_raw_spin_unlock+0x57/0x270 [ 1059.407407][T21068] ? _raw_spin_unlock+0x2d/0x50 [ 1059.412269][T21068] try_charge+0xf4b/0x1440 [ 1059.416695][T21068] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1059.422331][T21068] ? percpu_ref_tryget_live+0x111/0x290 [ 1059.427889][T21068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1059.434133][T21068] ? __kasan_check_read+0x11/0x20 [ 1059.439168][T21068] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1059.444726][T21068] mem_cgroup_try_charge+0x136/0x590 [ 1059.450021][T21068] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1059.456288][T21068] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1059.462028][T21068] __handle_mm_fault+0x1e34/0x3f20 [ 1059.467156][T21068] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1059.472717][T21068] ? __kasan_check_read+0x11/0x20 [ 1059.477758][T21068] handle_mm_fault+0x1b5/0x6c0 [ 1059.482563][T21068] __get_user_pages+0x7d4/0x1b30 [ 1059.487502][T21068] ? mark_held_locks+0xf0/0xf0 [ 1059.492276][T21068] ? follow_page_mask+0x1cf0/0x1cf0 [ 1059.497476][T21068] ? __mm_populate+0x270/0x380 [ 1059.502247][T21068] ? __kasan_check_write+0x14/0x20 [ 1059.507442][T21068] ? down_read+0x109/0x430 [ 1059.511860][T21068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1059.518103][T21068] populate_vma_page_range+0x20d/0x2a0 [ 1059.523574][T21068] __mm_populate+0x204/0x380 [ 1059.528171][T21068] ? populate_vma_page_range+0x2a0/0x2a0 [ 1059.533806][T21068] ? __kasan_check_write+0x14/0x20 [ 1059.538915][T21068] ? up_write+0x155/0x490 [ 1059.543241][T21068] ? ns_capable_common+0x93/0x100 [ 1059.548279][T21068] __x64_sys_mlockall+0x473/0x520 [ 1059.553308][T21068] do_syscall_64+0xfa/0x760 [ 1059.557817][T21068] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1059.563710][T21068] RIP: 0033:0x4598e9 [ 1059.567634][T21068] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1059.587245][T21068] RSP: 002b:00007fb275dd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1059.595658][T21068] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1059.603624][T21068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 05:31:35 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) [ 1059.611590][T21068] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1059.619553][T21068] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275dd66d4 [ 1059.627530][T21068] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1059.641587][T21068] memory: usage 307200kB, limit 307200kB, failcnt 14164 [ 1059.665509][T21068] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1059.682811][T21068] Memory cgroup stats for /syz5: [ 1059.682932][T21068] anon 301240320 [ 1059.682932][T21068] file 90112 [ 1059.682932][T21068] kernel_stack 851968 [ 1059.682932][T21068] slab 8298496 [ 1059.682932][T21068] sock 0 [ 1059.682932][T21068] shmem 0 [ 1059.682932][T21068] file_mapped 0 [ 1059.682932][T21068] file_dirty 0 [ 1059.682932][T21068] file_writeback 0 [ 1059.682932][T21068] anon_thp 180355072 [ 1059.682932][T21068] inactive_anon 260337664 [ 1059.682932][T21068] active_anon 1458176 [ 1059.682932][T21068] inactive_file 131072 [ 1059.682932][T21068] active_file 0 [ 1059.682932][T21068] unevictable 39731200 [ 1059.682932][T21068] slab_reclaimable 2973696 [ 1059.682932][T21068] slab_unreclaimable 5324800 [ 1059.682932][T21068] pgfault 931854 [ 1059.682932][T21068] pgmajfault 0 [ 1059.682932][T21068] workingset_refault 8877 [ 1059.682932][T21068] workingset_activate 66 [ 1059.682932][T21068] workingset_nodereclaim 0 [ 1059.682932][T21068] pgrefill 20807 [ 1059.682932][T21068] pgscan 26673 [ 1059.682932][T21068] pgsteal 17021 [ 1059.778526][T21075] bridge0: port 2(bridge_slave_1) entered blocking state [ 1059.785634][T21075] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1059.787582][T21068] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9454,uid=0 [ 1059.793190][T21075] bridge0: port 1(bridge_slave_0) entered blocking state [ 1059.815549][T21075] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1059.890423][T21075] device bridge0 entered promiscuous mode [ 1059.912737][T21068] Memory cgroup out of memory: Killed process 9454 (syz-executor.5) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 05:31:35 executing program 0: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1060.097930][T21081] bridge0: port 2(bridge_slave_1) entered disabled state [ 1060.105201][T21081] bridge0: port 1(bridge_slave_0) entered disabled state [ 1060.117872][T21081] device bridge0 left promiscuous mode [ 1060.521981][T21082] bridge0: port 2(bridge_slave_1) entered blocking state [ 1060.529237][T21082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1060.536770][T21082] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.545178][T21082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1060.608816][T21082] device bridge0 entered promiscuous mode 05:31:36 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:36 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) 05:31:36 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:36 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000004c0)) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:36 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1060.885778][T21096] bridge0: port 2(bridge_slave_1) entered disabled state [ 1060.893076][T21096] bridge0: port 1(bridge_slave_0) entered disabled state 05:31:36 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1060.964697][T21096] device bridge0 left promiscuous mode 05:31:36 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1061.393194][T21103] bridge0: port 2(bridge_slave_1) entered blocking state [ 1061.400397][T21103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1061.407882][T21103] bridge0: port 1(bridge_slave_0) entered blocking state [ 1061.415034][T21103] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:36 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1061.537549][T21103] device bridge0 entered promiscuous mode 05:31:37 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1061.678851][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 1061.678864][ T26] audit: type=1800 audit(1568179897.153:2844): pid=21116 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16689 res=0 05:31:37 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1061.847992][T21121] bridge0: port 2(bridge_slave_1) entered disabled state [ 1061.855648][T21121] bridge0: port 1(bridge_slave_0) entered disabled state [ 1061.876642][ T26] audit: type=1804 audit(1568179897.343:2845): pid=21102 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/670/bus" dev="sda1" ino=16649 res=1 [ 1061.905042][T21121] device bridge0 left promiscuous mode 05:31:37 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(0x0, 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1062.000654][ T26] audit: type=1800 audit(1568179897.383:2846): pid=21102 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16649 res=0 [ 1062.120817][ T26] audit: type=1804 audit(1568179897.523:2847): pid=21127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/346/bus" dev="sda1" ino=16655 res=1 [ 1062.244373][ T26] audit: type=1800 audit(1568179897.523:2848): pid=21127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16655 res=0 05:31:37 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1062.428235][T21123] bridge0: port 2(bridge_slave_1) entered blocking state [ 1062.435360][T21123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1062.443917][T21123] bridge0: port 1(bridge_slave_0) entered blocking state [ 1062.443974][T21123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1062.500111][ T26] audit: type=1804 audit(1568179897.973:2849): pid=21134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/347/bus" dev="sda1" ino=16707 res=1 [ 1062.508923][ T26] audit: type=1800 audit(1568179897.983:2850): pid=21134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16707 res=0 [ 1062.611715][T21123] device bridge0 entered promiscuous mode 05:31:38 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:38 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:38 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000004c0)) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:38 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) 05:31:38 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1063.019940][T21145] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.027186][T21145] bridge0: port 1(bridge_slave_0) entered disabled state [ 1063.048662][ T26] audit: type=1804 audit(1568179898.523:2851): pid=21146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/348/bus" dev="sda1" ino=16648 res=1 05:31:38 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(0x0, 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1063.098076][T21145] device bridge0 left promiscuous mode [ 1063.134435][ T26] audit: type=1800 audit(1568179898.523:2852): pid=21146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16648 res=0 05:31:38 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1063.519546][T21148] bridge0: port 2(bridge_slave_1) entered blocking state [ 1063.526998][T21148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1063.534487][T21148] bridge0: port 1(bridge_slave_0) entered blocking state [ 1063.541649][T21148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1063.652048][ T26] audit: type=1804 audit(1568179899.123:2853): pid=21142 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/393/bus" dev="sda1" ino=16738 res=1 [ 1063.839282][T21148] device bridge0 entered promiscuous mode 05:31:39 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1063.954756][T21143] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1064.001020][T21143] CPU: 1 PID: 21143 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1064.010407][T21143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1064.020516][T21143] Call Trace: [ 1064.023832][T21143] dump_stack+0x172/0x1f0 [ 1064.028195][T21143] dump_header+0x177/0x1152 [ 1064.032718][T21143] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1064.038878][T21143] ? ___ratelimit+0x2c8/0x595 [ 1064.043563][T21143] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1064.049393][T21143] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1064.054690][T21143] ? trace_hardirqs_on+0x67/0x240 [ 1064.059739][T21143] ? pagefault_out_of_memory+0x11c/0x11c [ 1064.065380][T21143] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1064.071204][T21143] ? ___ratelimit+0x60/0x595 [ 1064.075800][T21143] ? do_raw_spin_unlock+0x57/0x270 [ 1064.081356][T21143] oom_kill_process.cold+0x10/0x15 [ 1064.086476][T21143] out_of_memory+0x334/0x1340 [ 1064.091171][T21143] ? lock_downgrade+0x920/0x920 [ 1064.096034][T21143] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1064.101851][T21143] ? oom_killer_disable+0x280/0x280 [ 1064.107071][T21143] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1064.112638][T21143] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1064.118320][T21143] ? do_raw_spin_unlock+0x57/0x270 [ 1064.123452][T21143] ? _raw_spin_unlock+0x2d/0x50 [ 1064.128320][T21143] try_charge+0xf4b/0x1440 [ 1064.132767][T21143] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1064.138327][T21143] ? percpu_ref_tryget_live+0x111/0x290 [ 1064.143980][T21143] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1064.150246][T21143] ? __kasan_check_read+0x11/0x20 [ 1064.155300][T21143] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1064.160875][T21143] mem_cgroup_try_charge+0x136/0x590 [ 1064.166174][T21143] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1064.172438][T21143] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1064.178111][T21143] __handle_mm_fault+0x1e34/0x3f20 [ 1064.183253][T21143] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1064.188841][T21143] ? __kasan_check_read+0x11/0x20 [ 1064.194251][T21143] handle_mm_fault+0x1b5/0x6c0 [ 1064.199299][T21143] __do_page_fault+0x536/0xdd0 [ 1064.204064][T21143] do_page_fault+0x38/0x590 [ 1064.208563][T21143] page_fault+0x39/0x40 [ 1064.212800][T21143] RIP: 0033:0x41122f [ 1064.216718][T21143] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1064.236335][T21143] RSP: 002b:00007ffee4650000 EFLAGS: 00010206 [ 1064.242406][T21143] RAX: 00007fb275d74000 RBX: 0000000000020000 RCX: 000000000045993a 05:31:39 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000004c0)) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1064.250466][T21143] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1064.259222][T21143] RBP: 00007ffee46500e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1064.267230][T21143] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee46501d0 [ 1064.275200][T21143] R13: 00007fb275d94700 R14: 0000000000000002 R15: 000000000075c07c [ 1064.316573][T21143] memory: usage 307200kB, limit 307200kB, failcnt 14478 [ 1064.324191][T21143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1064.377139][T21143] Memory cgroup stats for /syz5: [ 1064.383961][T21143] anon 288239616 [ 1064.383961][T21143] file 13058048 [ 1064.383961][T21143] kernel_stack 786432 [ 1064.383961][T21143] slab 8433664 [ 1064.383961][T21143] sock 0 [ 1064.383961][T21143] shmem 0 [ 1064.383961][T21143] file_mapped 12840960 [ 1064.383961][T21143] file_dirty 0 [ 1064.383961][T21143] file_writeback 0 [ 1064.383961][T21143] anon_thp 163577856 [ 1064.383961][T21143] inactive_anon 243519488 [ 1064.383961][T21143] active_anon 1458176 [ 1064.383961][T21143] inactive_file 90112 [ 1064.383961][T21143] active_file 102400 [ 1064.383961][T21143] unevictable 56266752 [ 1064.383961][T21143] slab_reclaimable 3108864 [ 1064.383961][T21143] slab_unreclaimable 5324800 [ 1064.383961][T21143] pgfault 941490 [ 1064.383961][T21143] pgmajfault 0 [ 1064.383961][T21143] workingset_refault 12210 [ 1064.383961][T21143] workingset_activate 66 [ 1064.383961][T21143] workingset_nodereclaim 0 [ 1064.383961][T21143] pgrefill 20873 [ 1064.383961][T21143] pgscan 27195 [ 1064.383961][T21143] pgsteal 17393 05:31:40 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1064.618271][T21143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21143,uid=0 [ 1064.688461][T21143] Memory cgroup out of memory: Killed process 21143 (syz-executor.5) total-vm:72840kB, anon-rss:17872kB, file-rss:50300kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 05:31:40 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(0x0, 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1064.752523][T21172] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.759877][T21172] bridge0: port 1(bridge_slave_0) entered disabled state 05:31:40 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1064.796391][T21172] device bridge0 left promiscuous mode [ 1064.907734][ T1065] oom_reaper: reaped process 21143 (syz-executor.5), now anon-rss:17864kB, file-rss:50656kB, shmem-rss:0kB 05:31:40 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1065.261990][T21173] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.269239][T21173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1065.276675][T21173] bridge0: port 1(bridge_slave_0) entered blocking state [ 1065.283844][T21173] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:40 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(0x0, 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1065.449236][T21173] device bridge0 entered promiscuous mode 05:31:41 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:41 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1065.829927][T21191] bridge0: port 2(bridge_slave_1) entered disabled state [ 1065.837428][T21191] bridge0: port 1(bridge_slave_0) entered disabled state [ 1065.878299][T21191] device bridge0 left promiscuous mode 05:31:41 executing program 1: mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1066.481589][T21195] bridge0: port 2(bridge_slave_1) entered blocking state [ 1066.488778][T21195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1066.496232][T21195] bridge0: port 1(bridge_slave_0) entered blocking state [ 1066.503412][T21195] bridge0: port 1(bridge_slave_0) entered forwarding state 05:31:42 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1066.608753][T21195] device bridge0 entered promiscuous mode 05:31:42 executing program 1: mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1066.726390][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 1066.726405][ T26] audit: type=1804 audit(1568179902.193:2867): pid=21194 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/395/bus" dev="sda1" ino=16671 res=1 [ 1066.893824][ T26] audit: type=1804 audit(1568179902.363:2868): pid=21209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/352/bus" dev="sda1" ino=16678 res=1 [ 1066.972901][ T26] audit: type=1800 audit(1568179902.393:2869): pid=21209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16678 res=0 05:31:42 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:42 executing program 1: mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1067.213149][ T26] audit: type=1804 audit(1568179902.683:2870): pid=21214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/353/bus" dev="sda1" ino=16653 res=1 [ 1067.310384][ T26] audit: type=1800 audit(1568179902.683:2871): pid=21214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16653 res=0 05:31:42 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r1, 0x0, 0x0) 05:31:42 executing program 1: mlockall(0x1) r0 = creat(0x0, 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:42 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:43 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r0, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:43 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1067.743342][ T26] audit: type=1804 audit(1568179903.213:2872): pid=21233 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/431/file0" dev="sda1" ino=16778 res=1 05:31:43 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1067.828596][ T26] audit: type=1800 audit(1568179903.243:2873): pid=21233 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16778 res=0 05:31:43 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) [ 1067.937611][ T26] audit: type=1804 audit(1568179903.273:2874): pid=21206 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/366/bus" dev="sda1" ino=16629 res=1 [ 1068.071252][ T26] audit: type=1800 audit(1568179903.273:2875): pid=21206 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16629 res=0 [ 1068.170761][ T26] audit: type=1804 audit(1568179903.573:2876): pid=21246 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/432/file0" dev="sda1" ino=16737 res=1 05:31:43 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:43 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:43 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:44 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:44 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:44 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r1, 0x0, 0x0) 05:31:44 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:44 executing program 1: mlockall(0x1) r0 = creat(0x0, 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:44 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)=0xe5) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x8000000000006000, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000005340)='TIPCv2\x00') flistxattr(r1, &(0x7f0000001a00)=""/4096, 0x1000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) dup(0xffffffffffffffff) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000040)=0x69c, 0x4) 05:31:44 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:44 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:44 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) 05:31:45 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:45 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:45 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:45 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:45 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:46 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r1, 0x0, 0x0) 05:31:46 executing program 1: mlockall(0x1) r0 = creat(0x0, 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:46 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:46 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:46 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1070.992258][T21323] bridge0: port 2(bridge_slave_1) entered disabled state [ 1070.999605][T21323] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.031609][T21323] device bridge0 left promiscuous mode 05:31:47 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1072.059652][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 1072.059667][ T26] audit: type=1804 audit(1568179907.533:2892): pid=21327 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/398/bus" dev="sda1" ino=16669 res=1 [ 1072.156992][T21295] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1072.212866][T21295] CPU: 1 PID: 21295 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1072.222110][T21295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1072.232175][T21295] Call Trace: [ 1072.235492][T21295] dump_stack+0x172/0x1f0 [ 1072.239940][T21295] dump_header+0x177/0x1152 [ 1072.244474][T21295] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1072.250302][T21295] ? ___ratelimit+0x2c8/0x595 [ 1072.255010][T21295] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1072.260842][T21295] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1072.266144][T21295] ? trace_hardirqs_on+0x67/0x240 [ 1072.271199][T21295] ? pagefault_out_of_memory+0x11c/0x11c [ 1072.277116][T21295] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1072.282947][T21295] ? ___ratelimit+0x60/0x595 [ 1072.287544][T21295] ? do_raw_spin_unlock+0x57/0x270 [ 1072.292689][T21295] oom_kill_process.cold+0x10/0x15 [ 1072.297826][T21295] out_of_memory+0x334/0x1340 [ 1072.302524][T21295] ? lock_downgrade+0x920/0x920 [ 1072.307492][T21295] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1072.313412][T21295] ? oom_killer_disable+0x280/0x280 [ 1072.318648][T21295] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1072.324207][T21295] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1072.329865][T21295] ? do_raw_spin_unlock+0x57/0x270 [ 1072.334987][T21295] ? _raw_spin_unlock+0x2d/0x50 [ 1072.339853][T21295] try_charge+0xf4b/0x1440 [ 1072.344288][T21295] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1072.349923][T21295] ? percpu_ref_tryget_live+0x111/0x290 [ 1072.349949][T21295] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1072.361709][T21295] ? __kasan_check_read+0x11/0x20 [ 1072.361728][T21295] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1072.361743][T21295] mem_cgroup_try_charge+0x136/0x590 [ 1072.361767][T21295] __add_to_page_cache_locked+0x43f/0xec0 [ 1072.361789][T21295] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1072.372320][T21295] ? __kasan_check_read+0x11/0x20 [ 1072.372350][T21295] ? unaccount_page_cache_page+0xda0/0xda0 [ 1072.383318][T21295] ? __alloc_pages_nodemask+0x658/0x900 [ 1072.383335][T21295] ? xas_descend+0x144/0x370 [ 1072.383357][T21295] ? shadow_lru_isolate+0x430/0x430 [ 1072.415439][T21295] add_to_page_cache_lru+0x1d8/0x790 [ 1072.420758][T21295] ? add_to_page_cache_locked+0x40/0x40 [ 1072.426324][T21295] ? __page_cache_alloc+0x116/0x490 [ 1072.431554][T21295] pagecache_get_page+0x3be/0x900 [ 1072.436609][T21295] filemap_fault+0x901/0x2b70 [ 1072.441322][T21295] ? mark_held_locks+0xf0/0xf0 [ 1072.446114][T21295] ? pagecache_get_page+0x900/0x900 [ 1072.451325][T21295] ? __kasan_check_write+0x14/0x20 [ 1072.456552][T21295] ? down_read+0x109/0x430 [ 1072.460963][T21295] ? down_read_killable+0x490/0x490 [ 1072.466148][T21295] ? lock_downgrade+0x920/0x920 [ 1072.470989][T21295] ext4_filemap_fault+0x86/0xb2 [ 1072.475837][T21295] __do_fault+0x111/0x540 [ 1072.480152][T21295] ? do_raw_spin_unlock+0x57/0x270 [ 1072.485258][T21295] __handle_mm_fault+0x2cb8/0x3f20 [ 1072.490378][T21295] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1072.495928][T21295] ? __kasan_check_read+0x11/0x20 [ 1072.500964][T21295] handle_mm_fault+0x1b5/0x6c0 [ 1072.505743][T21295] __get_user_pages+0x7d4/0x1b30 [ 1072.510707][T21295] ? mark_held_locks+0xf0/0xf0 [ 1072.515487][T21295] ? follow_page_mask+0x1cf0/0x1cf0 [ 1072.520699][T21295] ? __mm_populate+0x270/0x380 [ 1072.525494][T21295] ? __kasan_check_read+0x11/0x20 [ 1072.530519][T21295] ? down_read+0x281/0x430 [ 1072.534936][T21295] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1072.540655][T21295] populate_vma_page_range+0x20d/0x2a0 [ 1072.546107][T21295] __mm_populate+0x204/0x380 [ 1072.550685][T21295] ? populate_vma_page_range+0x2a0/0x2a0 [ 1072.556324][T21295] ? __kasan_check_write+0x14/0x20 [ 1072.561434][T21295] ? up_write+0x155/0x490 [ 1072.565763][T21295] ? ns_capable_common+0x93/0x100 [ 1072.570781][T21295] __x64_sys_mlockall+0x473/0x520 [ 1072.575800][T21295] do_syscall_64+0xfa/0x760 [ 1072.580296][T21295] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1072.586167][T21295] RIP: 0033:0x4598e9 [ 1072.590051][T21295] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1072.609653][T21295] RSP: 002b:00007fb275dd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1072.618097][T21295] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1072.626094][T21295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1072.634061][T21295] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1072.642150][T21295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275dd66d4 [ 1072.650131][T21295] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1072.658537][T21295] memory: usage 298628kB, limit 307200kB, failcnt 16135 [ 1072.665484][T21295] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1072.672448][T21295] Memory cgroup stats for /syz5: [ 1072.672556][T21295] anon 281583616 [ 1072.672556][T21295] file 11403264 [ 1072.672556][T21295] kernel_stack 786432 [ 1072.672556][T21295] slab 8163328 [ 1072.672556][T21295] sock 0 [ 1072.672556][T21295] shmem 0 [ 1072.672556][T21295] file_mapped 11354112 [ 1072.672556][T21295] file_dirty 0 [ 1072.672556][T21295] file_writeback 0 [ 1072.672556][T21295] anon_thp 161480704 [ 1072.672556][T21295] inactive_anon 243523584 [ 1072.672556][T21295] active_anon 1400832 [ 1072.672556][T21295] inactive_file 0 [ 1072.672556][T21295] active_file 8192 [ 1072.672556][T21295] unevictable 48033792 [ 1072.672556][T21295] slab_reclaimable 3108864 [ 1072.672556][T21295] slab_unreclaimable 5054464 [ 1072.672556][T21295] pgfault 952380 [ 1072.672556][T21295] pgmajfault 0 [ 1072.672556][T21295] workingset_refault 16071 [ 1072.672556][T21295] workingset_activate 1089 [ 1072.672556][T21295] workingset_nodereclaim 0 [ 1072.672556][T21295] pgrefill 24829 [ 1072.672556][T21295] pgscan 31959 [ 1072.672556][T21295] pgsteal 21880 [ 1072.768442][T21295] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21294,uid=0 [ 1072.784077][T21295] Memory cgroup out of memory: Killed process 21295 (syz-executor.5) total-vm:72832kB, anon-rss:11240kB, file-rss:48312kB, shmem-rss:0kB, UID:0 pgtables:180224kB oom_score_adj:1000 [ 1072.803506][ T1065] oom_reaper: reaped process 21295 (syz-executor.5), now anon-rss:11224kB, file-rss:49232kB, shmem-rss:0kB 05:31:48 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) 05:31:48 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:48 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:48 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:48 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:48 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00'}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1073.427019][ T26] audit: type=1804 audit(1568179908.893:2893): pid=21347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/676/bus" dev="sda1" ino=16866 res=1 05:31:49 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00'}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1073.535454][ T26] audit: type=1800 audit(1568179908.923:2894): pid=21347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16866 res=0 [ 1073.666451][ T26] audit: type=1804 audit(1568179909.083:2895): pid=21344 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/399/bus" dev="sda1" ino=16862 res=1 05:31:49 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00'}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1073.735175][ T26] audit: type=1804 audit(1568179909.183:2896): pid=21339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/369/bus" dev="sda1" ino=16678 res=1 [ 1073.849326][ T26] audit: type=1800 audit(1568179909.183:2897): pid=21339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16678 res=0 [ 1073.915755][ T26] audit: type=1804 audit(1568179909.213:2898): pid=21341 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/357/bus" dev="sda1" ino=16689 res=1 05:31:49 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/202, 0x1b7) [ 1073.984593][T21356] syz-executor.5 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1074.013133][ T26] audit: type=1800 audit(1568179909.213:2899): pid=21341 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16689 res=0 [ 1074.087235][ T26] audit: type=1804 audit(1568179909.413:2900): pid=21356 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/437/bus" dev="sda1" ino=16648 res=1 [ 1074.087719][T21356] CPU: 0 PID: 21356 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1074.112317][T21356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1074.112324][T21356] Call Trace: [ 1074.112355][T21356] dump_stack+0x172/0x1f0 [ 1074.112383][T21356] dump_header+0x177/0x1152 [ 1074.112401][T21356] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1074.112414][T21356] ? ___ratelimit+0x2c8/0x595 [ 1074.112427][T21356] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1074.112445][T21356] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1074.112463][T21356] ? trace_hardirqs_on+0x67/0x240 [ 1074.112477][T21356] ? pagefault_out_of_memory+0x11c/0x11c [ 1074.112490][T21356] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1074.112508][T21356] ? ___ratelimit+0x60/0x595 [ 1074.186469][T21356] ? do_raw_spin_unlock+0x57/0x270 [ 1074.191583][T21356] oom_kill_process.cold+0x10/0x15 [ 1074.196686][T21356] out_of_memory+0x334/0x1340 [ 1074.201351][T21356] ? lock_downgrade+0x920/0x920 [ 1074.206196][T21356] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1074.211991][T21356] ? oom_killer_disable+0x280/0x280 [ 1074.217195][T21356] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1074.222726][T21356] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1074.228351][T21356] ? do_raw_spin_unlock+0x57/0x270 [ 1074.233459][T21356] ? _raw_spin_unlock+0x2d/0x50 [ 1074.238325][T21356] try_charge+0xf4b/0x1440 [ 1074.242741][T21356] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1074.248287][T21356] ? percpu_ref_tryget_live+0x111/0x290 [ 1074.253826][T21356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.260056][T21356] ? __kasan_check_read+0x11/0x20 [ 1074.265074][T21356] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1074.270614][T21356] mem_cgroup_try_charge+0x136/0x590 [ 1074.275993][T21356] __add_to_page_cache_locked+0x43f/0xec0 [ 1074.281699][T21356] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1074.287666][T21356] ? __kasan_check_read+0x11/0x20 [ 1074.292685][T21356] ? unaccount_page_cache_page+0xda0/0xda0 [ 1074.298486][T21356] ? __alloc_pages_nodemask+0x658/0x900 [ 1074.304107][T21356] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1074.311308][T21356] ? xas_start+0x166/0x560 [ 1074.315722][T21356] ? shadow_lru_isolate+0x430/0x430 [ 1074.320926][T21356] add_to_page_cache_lru+0x1d8/0x790 [ 1074.326205][T21356] ? add_to_page_cache_locked+0x40/0x40 [ 1074.331747][T21356] ? __page_cache_alloc+0x116/0x490 [ 1074.336946][T21356] pagecache_get_page+0x3be/0x900 [ 1074.341962][T21356] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1074.347516][T21356] grab_cache_page_write_begin+0x75/0xb0 [ 1074.353157][T21356] ext4_da_write_begin+0x2ec/0xb80 [ 1074.358264][T21356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.364508][T21356] ? ext4_write_begin+0xd20/0xd20 [ 1074.369534][T21356] ? iov_iter_zero+0xfa0/0xfa0 [ 1074.374298][T21356] generic_perform_write+0x23b/0x540 [ 1074.380234][T21356] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1074.388301][T21356] ? current_time+0x140/0x140 [ 1074.392979][T21356] ? generic_write_check_limits.isra.0+0x270/0x270 [ 1074.399808][T21356] __generic_file_write_iter+0x25e/0x630 [ 1074.405621][T21356] ext4_file_write_iter+0x317/0x13c0 [ 1074.410905][T21356] ? ext4_release_file+0x380/0x380 [ 1074.416099][T21356] ? __kasan_check_read+0x11/0x20 [ 1074.421395][T21356] ? __lock_acquire+0x16f2/0x4a00 [ 1074.426412][T21356] ? __kasan_check_read+0x11/0x20 [ 1074.431425][T21356] ? mark_lock+0xc2/0x1220 [ 1074.435883][T21356] do_iter_readv_writev+0x5f8/0x8f0 [ 1074.441120][T21356] ? no_seek_end_llseek_size+0x70/0x70 [ 1074.446581][T21356] ? apparmor_file_permission+0x25/0x30 [ 1074.452139][T21356] ? rw_verify_area+0x126/0x360 [ 1074.457012][T21356] do_iter_write+0x184/0x610 [ 1074.461606][T21356] ? __kmalloc+0x608/0x770 [ 1074.466023][T21356] vfs_iter_write+0x77/0xb0 [ 1074.470523][T21356] iter_file_splice_write+0x66d/0xbe0 [ 1074.475984][T21356] ? atime_needs_update+0x5f0/0x5f0 [ 1074.481189][T21356] ? page_cache_pipe_buf_release+0x180/0x180 [ 1074.487175][T21356] ? rw_verify_area+0x126/0x360 [ 1074.492029][T21356] ? page_cache_pipe_buf_release+0x180/0x180 [ 1074.498011][T21356] direct_splice_actor+0x123/0x190 [ 1074.503127][T21356] splice_direct_to_actor+0x366/0x970 [ 1074.508516][T21356] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1074.514059][T21356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.520289][T21356] ? do_splice_to+0x180/0x180 [ 1074.524979][T21356] ? rw_verify_area+0x126/0x360 [ 1074.529839][T21356] do_splice_direct+0x1da/0x2a0 [ 1074.534682][T21356] ? splice_direct_to_actor+0x970/0x970 [ 1074.540218][T21356] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1074.545598][T21356] ? __this_cpu_preempt_check+0x3a/0x210 [ 1074.551222][T21356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.557449][T21356] ? __sb_start_write+0x1e5/0x460 [ 1074.562466][T21356] do_sendfile+0x597/0xd00 [ 1074.566882][T21356] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1074.572152][T21356] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1074.578995][T21356] ? put_timespec64+0xda/0x140 [ 1074.583786][T21356] __x64_sys_sendfile64+0x1dd/0x220 [ 1074.589084][T21356] ? __ia32_sys_sendfile+0x230/0x230 [ 1074.594617][T21356] ? do_syscall_64+0x26/0x760 [ 1074.599283][T21356] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1074.604583][T21356] ? trace_hardirqs_on+0x67/0x240 [ 1074.609628][T21356] do_syscall_64+0xfa/0x760 [ 1074.614178][T21356] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1074.620417][T21356] RIP: 0033:0x4598e9 [ 1074.625194][T21356] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1074.646354][T21356] RSP: 002b:00007fb275db4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1074.654787][T21356] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 1074.662747][T21356] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1074.670708][T21356] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1074.678777][T21356] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb275db56d4 [ 1074.686780][T21356] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff 05:31:50 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1074.835205][ T26] audit: type=1800 audit(1568179909.413:2901): pid=21356 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16648 res=0 [ 1075.184814][T21356] memory: usage 307200kB, limit 307200kB, failcnt 16359 [ 1075.201879][T21356] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1075.210589][T21356] Memory cgroup stats for /syz5: [ 1075.210722][T21356] anon 288346112 [ 1075.210722][T21356] file 13103104 [ 1075.210722][T21356] kernel_stack 917504 [ 1075.210722][T21356] slab 8163328 [ 1075.210722][T21356] sock 0 [ 1075.210722][T21356] shmem 0 [ 1075.210722][T21356] file_mapped 12976128 [ 1075.210722][T21356] file_dirty 0 [ 1075.210722][T21356] file_writeback 0 [ 1075.210722][T21356] anon_thp 161480704 [ 1075.210722][T21356] inactive_anon 251768832 [ 1075.210722][T21356] active_anon 1400832 [ 1075.210722][T21356] inactive_file 40960 [ 1075.210722][T21356] active_file 8192 [ 1075.210722][T21356] unevictable 48439296 [ 1075.210722][T21356] slab_reclaimable 3108864 [ 1075.210722][T21356] slab_unreclaimable 5054464 [ 1075.210722][T21356] pgfault 957231 [ 1075.210722][T21356] pgmajfault 33 [ 1075.210722][T21356] workingset_refault 16698 [ 1075.210722][T21356] workingset_activate 1089 [ 1075.210722][T21356] workingset_nodereclaim 0 [ 1075.210722][T21356] pgrefill 24829 [ 1075.210722][T21356] pgscan 32278 [ 1075.210722][T21356] pgsteal 22131 [ 1075.322467][T21356] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21349,uid=0 [ 1075.349676][T21356] Memory cgroup out of memory: Killed process 21349 (syz-executor.5) total-vm:72964kB, anon-rss:9688kB, file-rss:50104kB, shmem-rss:0kB, UID:0 pgtables:180224kB oom_score_adj:1000 [ 1075.375797][ T1065] oom_reaper: reaped process 21349 (syz-executor.5), now anon-rss:9688kB, file-rss:50804kB, shmem-rss:0kB 05:31:50 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) 05:31:50 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:50 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/202, 0x1b7) 05:31:50 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:50 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:50 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:51 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/202, 0x1b7) 05:31:51 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, 0x0, 0x0) 05:31:51 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, 0x0, 0x0) [ 1076.183063][T21390] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1076.214735][T21390] CPU: 0 PID: 21390 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1076.223927][T21390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1076.233999][T21390] Call Trace: [ 1076.237332][T21390] dump_stack+0x172/0x1f0 [ 1076.241683][T21390] dump_header+0x177/0x1152 [ 1076.246750][T21390] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1076.252562][T21390] ? ___ratelimit+0x2c8/0x595 [ 1076.257246][T21390] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1076.263056][T21390] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1076.268352][T21390] ? trace_hardirqs_on+0x67/0x240 [ 1076.273385][T21390] ? pagefault_out_of_memory+0x11c/0x11c [ 1076.279559][T21390] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1076.285372][T21390] ? ___ratelimit+0x60/0x595 [ 1076.290844][T21390] ? do_raw_spin_unlock+0x57/0x270 [ 1076.295990][T21390] oom_kill_process.cold+0x10/0x15 [ 1076.301143][T21390] out_of_memory+0x334/0x1340 [ 1076.305938][T21390] ? lock_downgrade+0x920/0x920 [ 1076.310800][T21390] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1076.316719][T21390] ? oom_killer_disable+0x280/0x280 [ 1076.321940][T21390] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1076.327526][T21390] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1076.333607][T21390] ? do_raw_spin_unlock+0x57/0x270 [ 1076.338739][T21390] ? _raw_spin_unlock+0x2d/0x50 [ 1076.343604][T21390] try_charge+0xf4b/0x1440 [ 1076.348059][T21390] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1076.353621][T21390] ? percpu_ref_tryget_live+0x111/0x290 [ 1076.359180][T21390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1076.365431][T21390] ? __kasan_check_read+0x11/0x20 [ 1076.370469][T21390] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1076.376049][T21390] mem_cgroup_try_charge+0x136/0x590 [ 1076.381527][T21390] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1076.387782][T21390] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1076.393429][T21390] __handle_mm_fault+0x1e34/0x3f20 [ 1076.398559][T21390] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1076.404279][T21390] ? __kasan_check_read+0x11/0x20 [ 1076.409329][T21390] handle_mm_fault+0x1b5/0x6c0 [ 1076.414493][T21390] __get_user_pages+0x7d4/0x1b30 [ 1076.419525][T21390] ? mark_held_locks+0xf0/0xf0 [ 1076.424299][T21390] ? follow_page_mask+0x1cf0/0x1cf0 [ 1076.429512][T21390] ? __mm_populate+0x270/0x380 [ 1076.434292][T21390] ? __kasan_check_write+0x14/0x20 [ 1076.439408][T21390] ? down_read+0x109/0x430 [ 1076.443825][T21390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1076.450075][T21390] populate_vma_page_range+0x20d/0x2a0 [ 1076.455540][T21390] __mm_populate+0x204/0x380 [ 1076.460139][T21390] ? populate_vma_page_range+0x2a0/0x2a0 [ 1076.465778][T21390] ? __kasan_check_write+0x14/0x20 [ 1076.470892][T21390] ? up_write+0x155/0x490 [ 1076.475227][T21390] ? ns_capable_common+0x93/0x100 [ 1076.480261][T21390] __x64_sys_mlockall+0x473/0x520 [ 1076.485309][T21390] do_syscall_64+0xfa/0x760 [ 1076.489822][T21390] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1076.495712][T21390] RIP: 0033:0x4598e9 [ 1076.499609][T21390] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1076.519216][T21390] RSP: 002b:00007fb275dd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 05:31:52 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, 0x0, 0x0) [ 1076.527727][T21390] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1076.535696][T21390] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1076.543673][T21390] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1076.551656][T21390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275dd66d4 [ 1076.559637][T21390] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff 05:31:52 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:52 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1076.857461][T21390] memory: usage 307200kB, limit 307200kB, failcnt 17842 [ 1076.868639][T21390] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1076.920161][T21390] Memory cgroup stats for /syz5: [ 1076.920301][T21390] anon 301727744 [ 1076.920301][T21390] file 131072 [ 1076.920301][T21390] kernel_stack 786432 [ 1076.920301][T21390] slab 8163328 [ 1076.920301][T21390] sock 0 [ 1076.920301][T21390] shmem 0 [ 1076.920301][T21390] file_mapped 0 [ 1076.920301][T21390] file_dirty 0 [ 1076.920301][T21390] file_writeback 0 [ 1076.920301][T21390] anon_thp 161480704 [ 1076.920301][T21390] inactive_anon 261636096 [ 1076.920301][T21390] active_anon 1400832 [ 1076.920301][T21390] inactive_file 0 [ 1076.920301][T21390] active_file 28672 [ 1076.920301][T21390] unevictable 38436864 [ 1076.920301][T21390] slab_reclaimable 3108864 [ 1076.920301][T21390] slab_unreclaimable 5054464 [ 1076.920301][T21390] pgfault 960597 [ 1076.920301][T21390] pgmajfault 33 [ 1076.920301][T21390] workingset_refault 16698 [ 1076.920301][T21390] workingset_activate 1089 [ 1076.920301][T21390] workingset_nodereclaim 0 [ 1076.920301][T21390] pgrefill 28080 [ 1076.920301][T21390] pgscan 35538 [ 1076.920301][T21390] pgsteal 25337 [ 1077.075340][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 1077.075355][ T26] audit: type=1804 audit(1568179912.543:2908): pid=21410 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/592/bus" dev="sda1" ino=16634 res=1 [ 1077.155961][ T26] audit: type=1800 audit(1568179912.593:2909): pid=21410 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16634 res=0 [ 1077.246096][T21390] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9418,uid=0 [ 1077.270480][T21390] Memory cgroup out of memory: Killed process 9418 (syz-executor.5) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 1077.368894][ T26] audit: type=1804 audit(1568179912.843:2910): pid=21405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/359/bus" dev="sda1" ino=16606 res=1 [ 1077.417527][ T26] audit: type=1800 audit(1568179912.863:2911): pid=21405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16606 res=0 [ 1077.516867][ T26] audit: type=1804 audit(1568179912.983:2912): pid=21414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/438/bus" dev="sda1" ino=16621 res=1 [ 1077.546659][ T26] audit: type=1800 audit(1568179913.013:2913): pid=21414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16621 res=0 [ 1077.941810][T21390] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1077.953377][T21390] CPU: 0 PID: 21390 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1077.962493][T21390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1077.972549][T21390] Call Trace: [ 1077.975831][T21390] dump_stack+0x172/0x1f0 [ 1077.980177][T21390] dump_header+0x177/0x1152 [ 1077.984678][T21390] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1077.990485][T21390] ? ___ratelimit+0x2c8/0x595 [ 1077.995140][T21390] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1078.000939][T21390] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1078.006386][T21390] ? trace_hardirqs_on+0x67/0x240 [ 1078.011392][T21390] ? pagefault_out_of_memory+0x11c/0x11c [ 1078.017009][T21390] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1078.022797][T21390] ? ___ratelimit+0x60/0x595 [ 1078.027376][T21390] ? do_raw_spin_unlock+0x57/0x270 [ 1078.032485][T21390] oom_kill_process.cold+0x10/0x15 [ 1078.037588][T21390] out_of_memory+0x334/0x1340 [ 1078.042258][T21390] ? lock_downgrade+0x920/0x920 [ 1078.047092][T21390] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1078.052883][T21390] ? oom_killer_disable+0x280/0x280 [ 1078.059161][T21390] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1078.064698][T21390] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1078.070328][T21390] ? do_raw_spin_unlock+0x57/0x270 [ 1078.075438][T21390] ? _raw_spin_unlock+0x2d/0x50 [ 1078.080307][T21390] try_charge+0xf4b/0x1440 [ 1078.084723][T21390] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1078.090258][T21390] ? percpu_ref_tryget_live+0x111/0x290 [ 1078.095788][T21390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.102030][T21390] ? __kasan_check_read+0x11/0x20 [ 1078.107040][T21390] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1078.112567][T21390] mem_cgroup_try_charge+0x136/0x590 [ 1078.117851][T21390] __add_to_page_cache_locked+0x43f/0xec0 [ 1078.123560][T21390] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1078.129646][T21390] ? __kasan_check_read+0x11/0x20 [ 1078.134677][T21390] ? unaccount_page_cache_page+0xda0/0xda0 [ 1078.140471][T21390] ? __alloc_pages_nodemask+0x658/0x900 [ 1078.146012][T21390] ? xas_descend+0x144/0x370 [ 1078.150590][T21390] ? shadow_lru_isolate+0x430/0x430 [ 1078.155774][T21390] add_to_page_cache_lru+0x1d8/0x790 [ 1078.161046][T21390] ? add_to_page_cache_locked+0x40/0x40 [ 1078.166573][T21390] ? __page_cache_alloc+0x116/0x490 [ 1078.171757][T21390] pagecache_get_page+0x3be/0x900 [ 1078.176796][T21390] filemap_fault+0x901/0x2b70 [ 1078.182346][T21390] ? mark_held_locks+0xf0/0xf0 [ 1078.187264][T21390] ? pagecache_get_page+0x900/0x900 [ 1078.192474][T21390] ? __kasan_check_write+0x14/0x20 [ 1078.197590][T21390] ? down_read+0x109/0x430 [ 1078.202017][T21390] ? down_read_killable+0x490/0x490 [ 1078.207565][T21390] ? lock_downgrade+0x920/0x920 [ 1078.212417][T21390] ext4_filemap_fault+0x86/0xb2 [ 1078.217277][T21390] __do_fault+0x111/0x540 [ 1078.221689][T21390] ? do_raw_spin_unlock+0x57/0x270 [ 1078.226923][T21390] __handle_mm_fault+0x2cb8/0x3f20 [ 1078.232075][T21390] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1078.237651][T21390] ? __kasan_check_read+0x11/0x20 [ 1078.243036][T21390] handle_mm_fault+0x1b5/0x6c0 [ 1078.248438][T21390] __get_user_pages+0x7d4/0x1b30 [ 1078.253374][T21390] ? mark_held_locks+0xf0/0xf0 [ 1078.258147][T21390] ? follow_page_mask+0x1cf0/0x1cf0 [ 1078.263432][T21390] ? __mm_populate+0x270/0x380 [ 1078.268195][T21390] ? __kasan_check_read+0x11/0x20 [ 1078.273223][T21390] ? down_read+0x281/0x430 [ 1078.277630][T21390] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1078.283534][T21390] populate_vma_page_range+0x20d/0x2a0 [ 1078.288994][T21390] __mm_populate+0x204/0x380 [ 1078.293576][T21390] ? populate_vma_page_range+0x2a0/0x2a0 [ 1078.299198][T21390] ? __kasan_check_write+0x14/0x20 [ 1078.304313][T21390] ? up_write+0x155/0x490 [ 1078.308639][T21390] ? ns_capable_common+0x93/0x100 [ 1078.313662][T21390] __x64_sys_mlockall+0x473/0x520 [ 1078.318684][T21390] do_syscall_64+0xfa/0x760 [ 1078.323183][T21390] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1078.329079][T21390] RIP: 0033:0x4598e9 [ 1078.332985][T21390] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1078.352583][T21390] RSP: 002b:00007fb275dd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1078.360990][T21390] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1078.369215][T21390] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1078.377168][T21390] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1078.385124][T21390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275dd66d4 [ 1078.393084][T21390] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1078.402192][T21390] memory: usage 307200kB, limit 307200kB, failcnt 18097 [ 1078.409199][T21390] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1078.416039][T21390] Memory cgroup stats for /syz5: [ 1078.416129][T21390] anon 291127296 [ 1078.416129][T21390] file 10665984 [ 1078.416129][T21390] kernel_stack 917504 [ 1078.416129][T21390] slab 8028160 [ 1078.416129][T21390] sock 0 [ 1078.416129][T21390] shmem 0 [ 1078.416129][T21390] file_mapped 10543104 [ 1078.416129][T21390] file_dirty 135168 [ 1078.416129][T21390] file_writeback 0 [ 1078.416129][T21390] anon_thp 150994944 [ 1078.416129][T21390] inactive_anon 253571072 [ 1078.416129][T21390] active_anon 1400832 [ 1078.416129][T21390] inactive_file 98304 [ 1078.416129][T21390] active_file 28672 [ 1078.416129][T21390] unevictable 46579712 [ 1078.416129][T21390] slab_reclaimable 3108864 [ 1078.416129][T21390] slab_unreclaimable 4919296 [ 1078.416129][T21390] pgfault 961290 [ 1078.416129][T21390] pgmajfault 33 [ 1078.416129][T21390] workingset_refault 19404 [ 1078.416129][T21390] workingset_activate 1089 [ 1078.416129][T21390] workingset_nodereclaim 0 [ 1078.416129][T21390] pgrefill 28080 [ 1078.416129][T21390] pgscan 35957 [ 1078.511876][T21390] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21388,uid=0 [ 1078.528268][T21390] Memory cgroup out of memory: Killed process 21388 (syz-executor.5) total-vm:72832kB, anon-rss:12516kB, file-rss:48188kB, shmem-rss:0kB, UID:0 pgtables:184320kB oom_score_adj:1000 [ 1078.546800][ T1065] oom_reaper: reaped process 21388 (syz-executor.5), now anon-rss:12508kB, file-rss:48188kB, shmem-rss:0kB 05:31:54 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:54 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:54 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:54 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:31:54 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:54 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1079.229602][ T26] audit: type=1804 audit(1568179914.703:2914): pid=21427 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/360/bus" dev="sda1" ino=16635 res=1 [ 1079.329869][ T26] audit: type=1800 audit(1568179914.703:2915): pid=21427 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16635 res=0 [ 1079.468264][ T26] audit: type=1804 audit(1568179914.773:2916): pid=21419 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/402/bus" dev="sda1" ino=16655 res=1 [ 1079.604098][ T26] audit: type=1804 audit(1568179914.793:2917): pid=21433 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/439/bus" dev="sda1" ino=16665 res=1 05:31:55 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1079.962619][T21437] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 05:31:55 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:55 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:55 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:55 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1080.147569][T21437] CPU: 0 PID: 21437 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1080.156731][T21437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1080.166826][T21437] Call Trace: [ 1080.170155][T21437] dump_stack+0x172/0x1f0 [ 1080.174503][T21437] dump_header+0x177/0x1152 [ 1080.179025][T21437] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1080.179037][T21437] ? ___ratelimit+0x2c8/0x595 [ 1080.179050][T21437] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1080.179067][T21437] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1080.179086][T21437] ? trace_hardirqs_on+0x67/0x240 [ 1080.200862][T21437] ? pagefault_out_of_memory+0x11c/0x11c [ 1080.211501][T21437] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1080.217328][T21437] ? ___ratelimit+0x60/0x595 [ 1080.221929][T21437] ? do_raw_spin_unlock+0x57/0x270 [ 1080.227066][T21437] oom_kill_process.cold+0x10/0x15 [ 1080.232190][T21437] out_of_memory+0x334/0x1340 [ 1080.236869][T21437] ? lock_downgrade+0x920/0x920 [ 1080.241741][T21437] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1080.247915][T21437] ? oom_killer_disable+0x280/0x280 [ 1080.253135][T21437] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1080.258694][T21437] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1080.264348][T21437] ? do_raw_spin_unlock+0x57/0x270 [ 1080.269488][T21437] ? _raw_spin_unlock+0x2d/0x50 [ 1080.274355][T21437] try_charge+0xf4b/0x1440 [ 1080.278803][T21437] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1080.284376][T21437] ? percpu_ref_tryget_live+0x111/0x290 [ 1080.289945][T21437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1080.296200][T21437] ? __kasan_check_read+0x11/0x20 [ 1080.301246][T21437] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1080.306815][T21437] mem_cgroup_try_charge+0x136/0x590 [ 1080.312121][T21437] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1080.318405][T21437] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1080.324061][T21437] __handle_mm_fault+0x1e34/0x3f20 [ 1080.329195][T21437] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1080.334762][T21437] ? __kasan_check_read+0x11/0x20 [ 1080.339810][T21437] handle_mm_fault+0x1b5/0x6c0 [ 1080.344635][T21437] __get_user_pages+0x7d4/0x1b30 [ 1080.349593][T21437] ? mark_held_locks+0xf0/0xf0 [ 1080.354395][T21437] ? follow_page_mask+0x1cf0/0x1cf0 [ 1080.359603][T21437] ? __mm_populate+0x270/0x380 [ 1080.364387][T21437] ? memset+0x32/0x40 [ 1080.368385][T21437] populate_vma_page_range+0x20d/0x2a0 [ 1080.373862][T21437] __mm_populate+0x204/0x380 [ 1080.378478][T21437] ? populate_vma_page_range+0x2a0/0x2a0 [ 1080.384104][T21437] ? up_write+0x1c8/0x490 [ 1080.388439][T21437] __x64_sys_mremap+0x7dc/0xb80 [ 1080.393288][T21437] ? mremap_to+0x750/0x750 [ 1080.397707][T21437] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1080.403158][T21437] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1080.408611][T21437] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1080.414676][T21437] ? do_syscall_64+0x26/0x760 [ 1080.419342][T21437] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1080.424617][T21437] ? trace_hardirqs_on+0x67/0x240 [ 1080.429637][T21437] do_syscall_64+0xfa/0x760 [ 1080.434136][T21437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1080.440014][T21437] RIP: 0033:0x4598e9 [ 1080.443993][T21437] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1080.463670][T21437] RSP: 002b:00007fb275d93c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1080.472070][T21437] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1080.480027][T21437] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1080.487984][T21437] RBP: 000000000075c070 R08: 0000000020130000 R09: 0000000000000000 [ 1080.496030][T21437] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb275d946d4 [ 1080.503991][T21437] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1080.549328][T21437] memory: usage 307092kB, limit 307200kB, failcnt 18280 [ 1080.612872][T21451] bridge0: port 2(bridge_slave_1) entered blocking state [ 1080.620179][T21451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1080.627781][T21451] bridge0: port 1(bridge_slave_0) entered blocking state [ 1080.629773][T21437] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1080.634896][T21451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1080.656695][T21437] Memory cgroup stats for /syz5: [ 1080.656821][T21437] anon 287834112 [ 1080.656821][T21437] file 14405632 [ 1080.656821][T21437] kernel_stack 786432 [ 1080.656821][T21437] slab 7892992 [ 1080.656821][T21437] sock 0 [ 1080.656821][T21437] shmem 0 [ 1080.656821][T21437] file_mapped 14057472 [ 1080.656821][T21437] file_dirty 135168 [ 1080.656821][T21437] file_writeback 0 [ 1080.656821][T21437] anon_thp 150994944 [ 1080.656821][T21437] inactive_anon 245108736 [ 1080.656821][T21437] active_anon 1536000 [ 1080.656821][T21437] inactive_file 184320 [ 1080.656821][T21437] active_file 28672 [ 1080.656821][T21437] unevictable 55324672 [ 1080.656821][T21437] slab_reclaimable 3108864 [ 1080.656821][T21437] slab_unreclaimable 4784128 [ 1080.656821][T21437] pgfault 966669 [ 1080.656821][T21437] pgmajfault 33 [ 1080.656821][T21437] workingset_refault 20361 [ 1080.656821][T21437] workingset_activate 1089 [ 1080.656821][T21437] workingset_nodereclaim 0 [ 1080.656821][T21437] pgrefill 28130 [ 1080.656821][T21437] pgscan 36409 [ 1080.768279][T21451] device bridge0 entered promiscuous mode [ 1080.775682][ T8974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:31:56 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1080.957122][T21437] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21429,uid=0 [ 1081.397486][T21437] Memory cgroup out of memory: Killed process 21437 (syz-executor.5) total-vm:72964kB, anon-rss:17672kB, file-rss:51784kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1081.524048][ T1065] oom_reaper: reaped process 21437 (syz-executor.5), now anon-rss:17836kB, file-rss:51784kB, shmem-rss:0kB 05:31:57 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:57 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) keyctl$set_reqkey_keyring(0xe, 0xfffffffffffffff1) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) 05:31:57 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x0, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:57 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:57 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:31:57 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1081.862436][T21467] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.869769][T21467] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.940535][T21467] device bridge0 left promiscuous mode [ 1082.333324][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 1082.333339][ T26] audit: type=1804 audit(1568179917.803:2931): pid=21469 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/404/bus" dev="sda1" ino=16802 res=1 [ 1082.569848][ T26] audit: type=1804 audit(1568179918.043:2932): pid=21468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/373/bus" dev="sda1" ino=16606 res=1 05:31:58 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) keyctl$set_reqkey_keyring(0xe, 0xfffffffffffffff1) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1082.702572][ T26] audit: type=1800 audit(1568179918.093:2933): pid=21468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16606 res=0 [ 1082.832161][ T26] audit: type=1804 audit(1568179918.213:2934): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/440/bus" dev="sda1" ino=16635 res=1 [ 1082.886131][T21475] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 05:31:58 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r1, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r1, r2, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000080)) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'bond0\x00'}) syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x3, 0x2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r5 = socket(0xa, 0x1, 0x0) close(r5) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r4}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r5, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB="2000000000840000000200000000000400"/28, @ANYRES32=0x0], 0x20}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r4}, 0x10) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x2, 0xe98d, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80000000, 0x0, 0x4000000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb0df3f47fdbc870b, @perf_config_ext, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x891b, &(0x7f0000000040)={'bond0\x00\x05H\a\x00`\x00\x06\x00z\x03'}) [ 1082.926154][ T26] audit: type=1800 audit(1568179918.213:2935): pid=21482 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16635 res=0 [ 1082.986480][ T26] audit: type=1804 audit(1568179918.233:2936): pid=21474 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/680/bus" dev="sda1" ino=16655 res=1 [ 1083.040582][T21475] CPU: 0 PID: 21475 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1083.049734][T21475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1083.059800][T21475] Call Trace: [ 1083.063110][T21475] dump_stack+0x172/0x1f0 [ 1083.067458][T21475] dump_header+0x177/0x1152 [ 1083.071978][T21475] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1083.077792][T21475] ? ___ratelimit+0x2c8/0x595 [ 1083.082483][T21475] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1083.088293][T21475] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1083.093581][T21475] ? trace_hardirqs_on+0x67/0x240 [ 1083.098625][T21475] ? pagefault_out_of_memory+0x11c/0x11c [ 1083.104266][T21475] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1083.110077][T21475] ? ___ratelimit+0x60/0x595 [ 1083.114675][T21475] ? do_raw_spin_unlock+0x57/0x270 [ 1083.119801][T21475] oom_kill_process.cold+0x10/0x15 [ 1083.124941][T21475] out_of_memory+0x334/0x1340 [ 1083.124960][T21475] ? lock_downgrade+0x920/0x920 [ 1083.124980][T21475] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1083.124997][T21475] ? oom_killer_disable+0x280/0x280 [ 1083.125023][T21475] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1083.125039][T21475] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1083.125058][T21475] ? do_raw_spin_unlock+0x57/0x270 [ 1083.125079][T21475] ? _raw_spin_unlock+0x2d/0x50 [ 1083.125098][T21475] try_charge+0xf4b/0x1440 [ 1083.125123][T21475] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1083.125137][T21475] ? find_held_lock+0x35/0x130 [ 1083.125154][T21475] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1083.125176][T21475] ? lock_downgrade+0x920/0x920 [ 1083.125190][T21475] ? percpu_ref_tryget_live+0x111/0x290 [ 1083.125215][T21475] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1083.125231][T21475] ? memcg_kmem_put_cache+0x50/0x50 [ 1083.125250][T21475] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1083.125270][T21475] __memcg_kmem_charge+0x13a/0x3a0 [ 1083.125290][T21475] __alloc_pages_nodemask+0x4f7/0x900 [ 1083.125307][T21475] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1083.125321][T21475] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1083.125341][T21475] ? percpu_ref_put_many+0xb6/0x190 [ 1083.240483][T21475] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1083.245781][T21475] ? trace_hardirqs_on+0x67/0x240 [ 1083.250817][T21475] ? __kasan_check_read+0x11/0x20 [ 1083.255854][T21475] copy_process+0x3f8/0x6830 [ 1083.260452][T21475] ? psi_memstall_leave+0x12e/0x180 [ 1083.265689][T21475] ? __cleanup_sighand+0x60/0x60 [ 1083.270639][T21475] ? __kasan_check_read+0x11/0x20 [ 1083.275667][T21475] ? __lock_acquire+0x8a0/0x4a00 [ 1083.280612][T21475] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1083.287206][T21475] _do_fork+0x146/0xfa0 [ 1083.291370][T21475] ? copy_init_mm+0x20/0x20 [ 1083.295902][T21475] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1083.302166][T21475] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1083.308409][T21475] ? debug_smp_processor_id+0x3c/0x214 [ 1083.313969][T21475] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1083.320135][T21475] __x64_sys_clone+0x1ab/0x270 [ 1083.324905][T21475] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1083.330891][T21475] ? __ia32_sys_vfork+0xd0/0xd0 [ 1083.335759][T21475] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1083.341434][ T26] audit: type=1800 audit(1568179918.233:2937): pid=21474 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16655 res=0 [ 1083.342004][T21475] ? do_syscall_64+0x26/0x760 [ 1083.366962][T21475] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1083.372252][T21475] ? trace_hardirqs_on+0x67/0x240 [ 1083.377280][T21475] do_syscall_64+0xfa/0x760 [ 1083.380679][ T26] audit: type=1804 audit(1568179918.323:2938): pid=21486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/363/bus" dev="sda1" ino=16629 res=1 [ 1083.381790][T21475] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1083.381803][T21475] RIP: 0033:0x45c2b9 [ 1083.381818][T21475] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 05:31:58 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x0, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:31:58 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1083.381831][T21475] RSP: 002b:00007ffee464ffb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1083.429707][ T26] audit: type=1800 audit(1568179918.323:2939): pid=21486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16629 res=0 [ 1083.435771][T21475] RAX: ffffffffffffffda RBX: 00007fb275d94700 RCX: 000000000045c2b9 [ 1083.435781][T21475] RDX: 00007fb275d949d0 RSI: 00007fb275d93db0 RDI: 00000000003d0f00 [ 1083.435790][T21475] RBP: 00007ffee46501d0 R08: 00007fb275d94700 R09: 00007fb275d94700 [ 1083.435798][T21475] R10: 00007fb275d949d0 R11: 0000000000000202 R12: 0000000000000000 [ 1083.435807][T21475] R13: 00007ffee465006f R14: 00007fb275d949c0 R15: 000000000075c07c [ 1083.527509][T21475] memory: usage 307200kB, limit 307200kB, failcnt 18493 [ 1083.535038][T21475] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1083.560996][T21475] Memory cgroup stats for /syz5: [ 1083.561114][T21475] anon 287825920 [ 1083.561114][T21475] file 14405632 [ 1083.561114][T21475] kernel_stack 786432 [ 1083.561114][T21475] slab 7892992 [ 1083.561114][T21475] sock 0 [ 1083.561114][T21475] shmem 0 [ 1083.561114][T21475] file_mapped 14057472 [ 1083.561114][T21475] file_dirty 135168 [ 1083.561114][T21475] file_writeback 0 [ 1083.561114][T21475] anon_thp 146800640 [ 1083.561114][T21475] inactive_anon 245211136 [ 1083.561114][T21475] active_anon 1536000 05:31:59 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1083.561114][T21475] inactive_file 49152 [ 1083.561114][T21475] active_file 163840 [ 1083.561114][T21475] unevictable 55472128 [ 1083.561114][T21475] slab_reclaimable 3108864 [ 1083.561114][T21475] slab_unreclaimable 4784128 [ 1083.561114][T21475] pgfault 970926 [ 1083.561114][T21475] pgmajfault 33 [ 1083.561114][T21475] workingset_refault 20493 [ 1083.561114][T21475] workingset_activate 1089 [ 1083.561114][T21475] workingset_nodereclaim 0 [ 1083.561114][T21475] pgrefill 28164 [ 1083.561114][T21475] pgscan 36649 05:31:59 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1083.775917][ T26] audit: type=1804 audit(1568179919.033:2940): pid=21489 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/597/bus" dev="sda1" ino=16707 res=1 [ 1083.866150][T21475] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21475,uid=0 [ 1083.920687][T21475] Memory cgroup out of memory: Killed process 21475 (syz-executor.5) total-vm:72840kB, anon-rss:17820kB, file-rss:49400kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1083.971184][ T1065] oom_reaper: reaped process 21475 (syz-executor.5), now anon-rss:17804kB, file-rss:50924kB, shmem-rss:0kB 05:31:59 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:31:59 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) keyctl$set_reqkey_keyring(0xe, 0xfffffffffffffff1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1084.544879][T21511] bridge0: port 2(bridge_slave_1) entered blocking state [ 1084.552136][T21511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1084.559636][T21511] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.566743][T21511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1084.618145][T21511] device bridge0 entered promiscuous mode [ 1084.635177][T20543] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:32:00 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x0, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:32:00 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:32:00 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) keyctl$set_reqkey_keyring(0xe, 0xfffffffffffffff1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1084.949664][T21508] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1084.964367][T21523] bridge0: port 2(bridge_slave_1) entered disabled state [ 1084.971705][T21523] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.015750][T21523] device bridge0 left promiscuous mode [ 1085.118992][T21508] CPU: 1 PID: 21508 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1085.128158][T21508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1085.138252][T21508] Call Trace: [ 1085.141567][T21508] dump_stack+0x172/0x1f0 [ 1085.145906][T21508] dump_header+0x177/0x1152 [ 1085.150417][T21508] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1085.156229][T21508] ? ___ratelimit+0x2c8/0x595 [ 1085.161347][T21508] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1085.167173][T21508] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1085.172468][T21508] ? trace_hardirqs_on+0x67/0x240 [ 1085.177507][T21508] ? pagefault_out_of_memory+0x11c/0x11c [ 1085.183156][T21508] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1085.188974][T21508] ? ___ratelimit+0x60/0x595 [ 1085.193567][T21508] ? do_raw_spin_unlock+0x57/0x270 [ 1085.198692][T21508] oom_kill_process.cold+0x10/0x15 [ 1085.203851][T21508] out_of_memory+0x334/0x1340 [ 1085.208542][T21508] ? lock_downgrade+0x920/0x920 [ 1085.213410][T21508] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1085.219229][T21508] ? oom_killer_disable+0x280/0x280 [ 1085.224467][T21508] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1085.230029][T21508] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1085.235766][T21508] ? do_raw_spin_unlock+0x57/0x270 [ 1085.240893][T21508] ? _raw_spin_unlock+0x2d/0x50 [ 1085.245766][T21508] try_charge+0xf4b/0x1440 [ 1085.250202][T21508] ? perf_trace_lock_acquire+0x20/0x530 [ 1085.255765][T21508] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1085.261327][T21508] ? find_held_lock+0x35/0x130 [ 1085.269761][T21508] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1085.275332][T21508] ? lock_downgrade+0x920/0x920 [ 1085.280186][T21508] ? percpu_ref_tryget_live+0x111/0x290 [ 1085.285762][T21508] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1085.291233][T21508] ? memcg_kmem_put_cache+0x50/0x50 [ 1085.296452][T21508] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1085.302010][T21508] __memcg_kmem_charge+0x13a/0x3a0 [ 1085.307139][T21508] __alloc_pages_nodemask+0x4f7/0x900 [ 1085.312524][T21508] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1085.318081][T21508] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1085.323803][T21508] ? percpu_ref_put_many+0xb6/0x190 [ 1085.329012][T21508] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1085.334309][T21508] ? trace_hardirqs_on+0x67/0x240 [ 1085.340729][T21508] ? __kasan_check_read+0x11/0x20 [ 1085.345772][T21508] copy_process+0x3f8/0x6830 [ 1085.350388][T21508] ? psi_memstall_leave+0x12e/0x180 [ 1085.355616][T21508] ? __cleanup_sighand+0x60/0x60 [ 1085.360572][T21508] ? __kasan_check_read+0x11/0x20 [ 1085.365613][T21508] ? __lock_acquire+0x8a0/0x4a00 [ 1085.371027][T21508] ? debug_smp_processor_id+0x3c/0x214 [ 1085.376504][T21508] _do_fork+0x146/0xfa0 [ 1085.380675][T21508] ? copy_init_mm+0x20/0x20 [ 1085.385199][T21508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.391457][T21508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.397705][T21508] ? debug_smp_processor_id+0x3c/0x214 [ 1085.403205][T21508] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1085.409548][T21508] __x64_sys_clone+0x1ab/0x270 [ 1085.414335][T21508] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1085.420333][T21508] ? __ia32_sys_vfork+0xd0/0xd0 [ 1085.425194][T21508] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1085.431457][T21508] ? do_syscall_64+0x26/0x760 [ 1085.436173][T21508] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1085.441468][T21508] ? trace_hardirqs_on+0x67/0x240 [ 1085.446520][T21508] do_syscall_64+0xfa/0x760 [ 1085.451049][T21508] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1085.456950][T21508] RIP: 0033:0x45c2b9 [ 1085.460855][T21508] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1085.480979][T21508] RSP: 002b:00007ffee464ffb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1085.489406][T21508] RAX: ffffffffffffffda RBX: 00007fb275d94700 RCX: 000000000045c2b9 [ 1085.497389][T21508] RDX: 00007fb275d949d0 RSI: 00007fb275d93db0 RDI: 00000000003d0f00 [ 1085.505366][T21508] RBP: 00007ffee46501d0 R08: 00007fb275d94700 R09: 00007fb275d94700 05:32:01 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1085.513363][T21508] R10: 00007fb275d949d0 R11: 0000000000000202 R12: 0000000000000000 [ 1085.521343][T21508] R13: 00007ffee465006f R14: 00007fb275d949c0 R15: 000000000075c07c [ 1085.884352][T21524] bridge0: port 2(bridge_slave_1) entered blocking state [ 1085.892108][T21524] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1085.899618][T21524] bridge0: port 1(bridge_slave_0) entered blocking state [ 1085.906724][T21524] bridge0: port 1(bridge_slave_0) entered forwarding state 05:32:01 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r1, 0x0, 0x0) 05:32:01 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1086.034051][T21524] device bridge0 entered promiscuous mode 05:32:01 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1086.816952][T21508] memory: usage 307200kB, limit 307200kB, failcnt 18723 [ 1086.873422][T21508] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1086.978512][T21508] Memory cgroup stats for /syz5: [ 1086.978639][T21508] anon 287932416 [ 1086.978639][T21508] file 14540800 [ 1086.978639][T21508] kernel_stack 786432 [ 1086.978639][T21508] slab 7618560 [ 1086.978639][T21508] sock 0 [ 1086.978639][T21508] shmem 0 [ 1086.978639][T21508] file_mapped 14327808 [ 1086.978639][T21508] file_dirty 135168 [ 1086.978639][T21508] file_writeback 0 [ 1086.978639][T21508] anon_thp 155189248 [ 1086.978639][T21508] inactive_anon 245178368 [ 1086.978639][T21508] active_anon 1536000 05:32:02 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1086.978639][T21508] inactive_file 49152 [ 1086.978639][T21508] active_file 163840 [ 1086.978639][T21508] unevictable 55676928 [ 1086.978639][T21508] slab_reclaimable 2973696 [ 1086.978639][T21508] slab_unreclaimable 4644864 [ 1086.978639][T21508] pgfault 973170 [ 1086.978639][T21508] pgmajfault 33 [ 1086.978639][T21508] workingset_refault 20658 [ 1086.978639][T21508] workingset_activate 1089 [ 1086.978639][T21508] workingset_nodereclaim 0 [ 1086.978639][T21508] pgrefill 28236 [ 1086.978639][T21508] pgscan 36997 05:32:02 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r1, 0x0, 0x0) 05:32:02 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) keyctl$set_reqkey_keyring(0xe, 0xfffffffffffffff1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getdents64(r0, &(0x7f0000000540)=""/202, 0x1b7) [ 1087.352271][T21553] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.359582][T21553] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.386779][T21553] device bridge0 left promiscuous mode [ 1087.832422][T21508] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21508,uid=0 [ 1087.838720][T21555] bridge0: port 2(bridge_slave_1) entered blocking state [ 1087.855189][T21555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1087.856230][T21508] Memory cgroup out of memory: Killed process 21508 (syz-executor.5) total-vm:72840kB, anon-rss:17872kB, file-rss:52104kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1087.862754][T21555] bridge0: port 1(bridge_slave_0) entered blocking state [ 1087.887585][T21555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1087.969343][ T1065] oom_reaper: reaped process 21508 (syz-executor.5), now anon-rss:17856kB, file-rss:52104kB, shmem-rss:0kB [ 1088.021955][T21555] device bridge0 entered promiscuous mode 05:32:03 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 05:32:03 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) 05:32:03 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:32:03 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r1, 0x0, 0x0) 05:32:03 executing program 0: inotify_init1(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r0, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) keyctl$set_reqkey_keyring(0xe, 0xfffffffffffffff1) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r1, 0x5, 0x3a, 0x7f, 0x1000, 0x200}, &(0x7f0000000180)=0x14) [ 1088.380373][T21572] bridge0: port 2(bridge_slave_1) entered disabled state [ 1088.387757][T21572] bridge0: port 1(bridge_slave_0) entered disabled state [ 1088.412773][T21572] device bridge0 left promiscuous mode 05:32:03 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1088.750077][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 1088.750093][ T26] audit: type=1804 audit(1568179924.223:2950): pid=21564 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/367/bus" dev="sda1" ino=16817 res=1 [ 1088.997880][T21573] bridge0: port 2(bridge_slave_1) entered blocking state [ 1089.005076][T21573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1089.012583][T21573] bridge0: port 1(bridge_slave_0) entered blocking state [ 1089.019735][T21573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1089.044602][ T26] audit: type=1804 audit(1568179924.513:2951): pid=21580 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/442/bus" dev="sda1" ino=16667 res=1 [ 1089.151680][ T26] audit: type=1800 audit(1568179924.543:2952): pid=21580 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16667 res=0 [ 1089.201283][T21569] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1089.277372][ T26] audit: type=1804 audit(1568179924.673:2953): pid=21562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/408/bus" dev="sda1" ino=16681 res=1 [ 1089.337091][T21569] CPU: 1 PID: 21569 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1089.346240][T21569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1089.356287][T21569] Call Trace: [ 1089.359666][T21569] dump_stack+0x172/0x1f0 [ 1089.363988][T21569] dump_header+0x177/0x1152 [ 1089.368480][T21569] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1089.374352][T21569] ? ___ratelimit+0x2c8/0x595 [ 1089.379031][T21569] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1089.384827][T21569] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1089.391496][T21569] ? trace_hardirqs_on+0x67/0x240 [ 1089.396508][T21569] ? pagefault_out_of_memory+0x11c/0x11c [ 1089.402139][T21569] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1089.407930][T21569] ? ___ratelimit+0x60/0x595 [ 1089.412518][T21569] ? do_raw_spin_unlock+0x57/0x270 [ 1089.417617][T21569] oom_kill_process.cold+0x10/0x15 [ 1089.422712][T21569] out_of_memory+0x334/0x1340 [ 1089.427374][T21569] ? lock_downgrade+0x920/0x920 [ 1089.432217][T21569] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1089.438010][T21569] ? oom_killer_disable+0x280/0x280 [ 1089.443199][T21569] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1089.448732][T21569] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1089.454349][T21569] ? do_raw_spin_unlock+0x57/0x270 [ 1089.459444][T21569] ? _raw_spin_unlock+0x2d/0x50 [ 1089.464285][T21569] try_charge+0xf4b/0x1440 [ 1089.468690][T21569] ? perf_trace_lock_acquire+0x20/0x530 [ 1089.474311][T21569] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1089.480620][T21569] ? find_held_lock+0x35/0x130 [ 1089.485367][T21569] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1089.490901][T21569] ? lock_downgrade+0x920/0x920 [ 1089.495735][T21569] ? percpu_ref_tryget_live+0x111/0x290 [ 1089.501269][T21569] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1089.506712][T21569] ? memcg_kmem_put_cache+0x50/0x50 [ 1089.511900][T21569] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1089.517432][T21569] __memcg_kmem_charge+0x13a/0x3a0 [ 1089.522554][T21569] __alloc_pages_nodemask+0x4f7/0x900 [ 1089.527922][T21569] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1089.533451][T21569] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1089.539153][T21569] ? percpu_ref_put_many+0xb6/0x190 [ 1089.544350][T21569] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1089.549620][T21569] ? trace_hardirqs_on+0x67/0x240 [ 1089.554623][T21569] ? __kasan_check_read+0x11/0x20 [ 1089.559635][T21569] copy_process+0x3f8/0x6830 [ 1089.564208][T21569] ? psi_memstall_leave+0x12e/0x180 [ 1089.569402][T21569] ? __cleanup_sighand+0x60/0x60 [ 1089.574336][T21569] ? __kasan_check_read+0x11/0x20 [ 1089.579357][T21569] ? __lock_acquire+0x8a0/0x4a00 [ 1089.584279][T21569] ? debug_smp_processor_id+0x3c/0x214 [ 1089.589729][T21569] _do_fork+0x146/0xfa0 [ 1089.593871][T21569] ? copy_init_mm+0x20/0x20 [ 1089.598371][T21569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1089.604597][T21569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1089.610837][T21569] ? debug_smp_processor_id+0x3c/0x214 [ 1089.616296][T21569] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1089.622447][T21569] __x64_sys_clone+0x1ab/0x270 [ 1089.627195][T21569] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1089.633158][T21569] ? __ia32_sys_vfork+0xd0/0xd0 [ 1089.637994][T21569] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1089.644240][T21569] ? do_syscall_64+0x26/0x760 [ 1089.648904][T21569] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1089.654183][T21569] ? trace_hardirqs_on+0x67/0x240 [ 1089.659628][T21569] do_syscall_64+0xfa/0x760 [ 1089.664123][T21569] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1089.670083][T21569] RIP: 0033:0x45c2b9 [ 1089.673966][T21569] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1089.693579][T21569] RSP: 002b:00007ffee464ffb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1089.701989][T21569] RAX: ffffffffffffffda RBX: 00007fb275d94700 RCX: 000000000045c2b9 [ 1089.709950][T21569] RDX: 00007fb275d949d0 RSI: 00007fb275d93db0 RDI: 00000000003d0f00 [ 1089.717906][T21569] RBP: 00007ffee46501d0 R08: 00007fb275d94700 R09: 00007fb275d94700 [ 1089.725860][T21569] R10: 00007fb275d949d0 R11: 0000000000000202 R12: 0000000000000000 05:32:05 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1089.733825][T21569] R13: 00007ffee465006f R14: 00007fb275d949c0 R15: 000000000075c07c [ 1089.744247][T21573] device bridge0 entered promiscuous mode [ 1089.772624][T20448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:32:05 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1090.067594][T21569] memory: usage 307200kB, limit 307200kB, failcnt 19167 [ 1090.099473][T21569] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1090.155307][T21569] Memory cgroup stats for /syz5: [ 1090.155437][T21569] anon 287961088 [ 1090.155437][T21569] file 14946304 [ 1090.155437][T21569] kernel_stack 851968 [ 1090.155437][T21569] slab 7344128 [ 1090.155437][T21569] sock 0 [ 1090.155437][T21569] shmem 0 [ 1090.155437][T21569] file_mapped 14598144 [ 1090.155437][T21569] file_dirty 0 [ 1090.155437][T21569] file_writeback 0 [ 1090.155437][T21569] anon_thp 146800640 [ 1090.155437][T21569] inactive_anon 245211136 [ 1090.155437][T21569] active_anon 1536000 [ 1090.155437][T21569] inactive_file 0 [ 1090.155437][T21569] active_file 163840 [ 1090.155437][T21569] unevictable 56053760 [ 1090.155437][T21569] slab_reclaimable 2973696 [ 1090.155437][T21569] slab_unreclaimable 4370432 [ 1090.155437][T21569] pgfault 977460 [ 1090.155437][T21569] pgmajfault 66 [ 1090.155437][T21569] workingset_refault 20988 [ 1090.155437][T21569] workingset_activate 1089 [ 1090.155437][T21569] workingset_nodereclaim 0 [ 1090.155437][T21569] pgrefill 28303 [ 1090.155437][T21569] pgscan 37807 [ 1090.155437][T21569] pgsteal 26568 05:32:05 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1090.286560][T21569] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21569,uid=0 05:32:05 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) [ 1090.407008][ T26] audit: type=1804 audit(1568179925.873:2954): pid=21583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/368/bus" dev="sda1" ino=16652 res=1 05:32:06 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1090.514457][ T26] audit: type=1804 audit(1568179925.983:2955): pid=21594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/685/bus" dev="sda1" ino=16707 res=1 [ 1090.535377][T21569] Memory cgroup out of memory: Killed process 21569 (syz-executor.5) total-vm:72840kB, anon-rss:17820kB, file-rss:49400kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1090.601624][ T26] audit: type=1800 audit(1568179925.983:2956): pid=21594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16707 res=0 [ 1090.642625][ T1065] oom_reaper: reaped process 21569 (syz-executor.5), now anon-rss:17804kB, file-rss:51476kB, shmem-rss:0kB 05:32:06 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1091.011544][ T26] audit: type=1804 audit(1568179926.483:2957): pid=21591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/409/bus" dev="sda1" ino=16665 res=1 [ 1091.225153][ T26] audit: type=1804 audit(1568179926.693:2958): pid=21600 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/378/bus" dev="sda1" ino=16669 res=1 05:32:06 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 05:32:06 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1091.335547][ T26] audit: type=1804 audit(1568179926.803:2959): pid=21609 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/686/bus" dev="sda1" ino=16667 res=1 05:32:07 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) 05:32:07 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:07 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1091.955034][T21612] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 05:32:07 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r1, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r1, r2, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000080)) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'bond0\x00'}) r3 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x3, 0x2) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r6 = socket(0xa, 0x1, 0x0) close(r6) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000040)={r5}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r6, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB="2000000000840000000200000000000400"/28, @ANYRES32=0x0], 0x20}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r5}, 0x10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r5, 0x0, 0x0, 0xfffffffffffff801, 0x3, 0x2}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x2, 0xe98d, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80000000, 0x0, 0x4000000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb0df3f47fdbc870b, @perf_config_ext, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x891b, &(0x7f0000000040)={'bond0\x00\x05H\a\x00`\x00\x06\x00z\x03'}) [ 1092.113795][T21612] CPU: 1 PID: 21612 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1092.122950][T21612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1092.133016][T21612] Call Trace: [ 1092.136335][T21612] dump_stack+0x172/0x1f0 [ 1092.140692][T21612] dump_header+0x177/0x1152 [ 1092.145210][T21612] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1092.151041][T21612] ? ___ratelimit+0x2c8/0x595 [ 1092.156070][T21612] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1092.161884][T21612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1092.167188][T21612] ? trace_hardirqs_on+0x67/0x240 [ 1092.172239][T21612] ? pagefault_out_of_memory+0x11c/0x11c [ 1092.177936][T21612] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1092.183748][T21612] ? ___ratelimit+0x60/0x595 [ 1092.188342][T21612] ? do_raw_spin_unlock+0x57/0x270 [ 1092.193460][T21612] oom_kill_process.cold+0x10/0x15 [ 1092.198576][T21612] out_of_memory+0x334/0x1340 [ 1092.203257][T21612] ? lock_downgrade+0x920/0x920 [ 1092.208120][T21612] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1092.213935][T21612] ? oom_killer_disable+0x280/0x280 [ 1092.219148][T21612] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1092.224698][T21612] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1092.230339][T21612] ? do_raw_spin_unlock+0x57/0x270 [ 1092.235459][T21612] ? _raw_spin_unlock+0x2d/0x50 [ 1092.240321][T21612] try_charge+0xf4b/0x1440 [ 1092.244748][T21612] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1092.250297][T21612] ? find_held_lock+0x35/0x130 [ 1092.255076][T21612] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1092.260640][T21612] ? lock_downgrade+0x920/0x920 [ 1092.265492][T21612] ? percpu_ref_tryget_live+0x111/0x290 [ 1092.271048][T21612] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1092.276516][T21612] ? memcg_kmem_put_cache+0x50/0x50 [ 1092.281721][T21612] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1092.287278][T21612] __memcg_kmem_charge+0x13a/0x3a0 [ 1092.292401][T21612] __alloc_pages_nodemask+0x4f7/0x900 [ 1092.297778][T21612] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1092.303351][T21612] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1092.309071][T21612] ? percpu_ref_put_many+0xb6/0x190 [ 1092.314286][T21612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1092.319576][T21612] ? trace_hardirqs_on+0x67/0x240 [ 1092.324599][T21612] ? __kasan_check_read+0x11/0x20 [ 1092.329640][T21612] copy_process+0x3f8/0x6830 [ 1092.334411][T21612] ? psi_memstall_leave+0x12e/0x180 [ 1092.339630][T21612] ? __cleanup_sighand+0x60/0x60 [ 1092.344589][T21612] ? __kasan_check_read+0x11/0x20 [ 1092.349621][T21612] ? __lock_acquire+0x8a0/0x4a00 [ 1092.354561][T21612] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1092.359769][T21612] _do_fork+0x146/0xfa0 [ 1092.363939][T21612] ? copy_init_mm+0x20/0x20 [ 1092.368456][T21612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1092.374704][T21612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1092.380948][T21612] ? debug_smp_processor_id+0x3c/0x214 [ 1092.386413][T21612] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1092.392575][T21612] __x64_sys_clone+0x1ab/0x270 [ 1092.397345][T21612] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1092.403328][T21612] ? __ia32_sys_vfork+0xd0/0xd0 [ 1092.408180][T21612] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1092.414700][T21612] ? do_syscall_64+0x26/0x760 [ 1092.419380][T21612] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1092.424663][T21612] ? trace_hardirqs_on+0x67/0x240 [ 1092.429694][T21612] do_syscall_64+0xfa/0x760 [ 1092.434209][T21612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1092.440101][T21612] RIP: 0033:0x45c2b9 [ 1092.443996][T21612] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 05:32:07 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:32:08 executing program 3: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1092.463603][T21612] RSP: 002b:00007ffee464ffb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1092.472018][T21612] RAX: ffffffffffffffda RBX: 00007fb275d94700 RCX: 000000000045c2b9 [ 1092.479994][T21612] RDX: 00007fb275d949d0 RSI: 00007fb275d93db0 RDI: 00000000003d0f00 [ 1092.487969][T21612] RBP: 00007ffee46501d0 R08: 00007fb275d94700 R09: 00007fb275d94700 [ 1092.496037][T21612] R10: 00007fb275d949d0 R11: 0000000000000202 R12: 0000000000000000 [ 1092.504019][T21612] R13: 00007ffee465006f R14: 00007fb275d949c0 R15: 000000000075c07c [ 1092.658090][T21612] memory: usage 307200kB, limit 307200kB, failcnt 19514 [ 1092.665276][T21612] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1093.247618][T21612] Memory cgroup stats for /syz5: [ 1093.247739][T21612] anon 287969280 [ 1093.247739][T21612] file 14946304 [ 1093.247739][T21612] kernel_stack 786432 [ 1093.247739][T21612] slab 7344128 [ 1093.247739][T21612] sock 0 [ 1093.247739][T21612] shmem 0 [ 1093.247739][T21612] file_mapped 14868480 [ 1093.247739][T21612] file_dirty 0 [ 1093.247739][T21612] file_writeback 0 [ 1093.247739][T21612] anon_thp 155189248 [ 1093.247739][T21612] inactive_anon 245288960 [ 1093.247739][T21612] active_anon 1400832 [ 1093.247739][T21612] inactive_file 0 05:32:08 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) [ 1093.247739][T21612] active_file 28672 [ 1093.247739][T21612] unevictable 56147968 [ 1093.247739][T21612] slab_reclaimable 2973696 [ 1093.247739][T21612] slab_unreclaimable 4370432 [ 1093.247739][T21612] pgfault 979704 [ 1093.247739][T21612] pgmajfault 99 [ 1093.247739][T21612] workingset_refault 21120 [ 1093.247739][T21612] workingset_activate 1089 [ 1093.247739][T21612] workingset_nodereclaim 0 [ 1093.247739][T21612] pgrefill 28471 [ 1093.247739][T21612] pgscan 38247 [ 1093.247739][T21612] pgsteal 26735 05:32:08 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:08 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1093.446713][T21612] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21612,uid=0 [ 1093.589134][T21612] Memory cgroup out of memory: Killed process 21612 (syz-executor.5) total-vm:72840kB, anon-rss:17816kB, file-rss:49272kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1093.678386][ T1065] oom_reaper: reaped process 21612 (syz-executor.5), now anon-rss:17800kB, file-rss:49272kB, shmem-rss:0kB 05:32:09 executing program 3: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:09 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 05:32:09 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) 05:32:09 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1094.086698][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 1094.086714][ T26] audit: type=1804 audit(1568179929.553:2978): pid=21645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/411/bus" dev="sda1" ino=16634 res=1 [ 1094.348074][ T26] audit: type=1804 audit(1568179929.823:2979): pid=21649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/380/bus" dev="sda1" ino=16661 res=1 [ 1094.505497][ T26] audit: type=1804 audit(1568179929.973:2980): pid=21655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/689/bus" dev="sda1" ino=16680 res=1 [ 1094.588692][ T26] audit: type=1800 audit(1568179930.003:2981): pid=21655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16680 res=0 05:32:10 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) [ 1094.929923][ T26] audit: type=1804 audit(1568179930.403:2982): pid=21673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/444/bus" dev="sda1" ino=16697 res=1 05:32:10 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1095.055347][ T26] audit: type=1800 audit(1568179930.403:2983): pid=21673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16697 res=0 [ 1095.096628][T21673] syz-executor.5 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1095.169933][ T26] audit: type=1804 audit(1568179930.553:2984): pid=21661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/605/bus" dev="sda1" ino=16664 res=1 [ 1095.204634][T21673] CPU: 0 PID: 21673 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1095.213783][T21673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1095.223859][T21673] Call Trace: [ 1095.227175][T21673] dump_stack+0x172/0x1f0 [ 1095.231529][T21673] dump_header+0x177/0x1152 [ 1095.236043][T21673] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1095.242042][T21673] ? ___ratelimit+0x2c8/0x595 [ 1095.246740][T21673] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1095.252577][T21673] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1095.257876][T21673] ? trace_hardirqs_on+0x67/0x240 [ 1095.262921][T21673] ? pagefault_out_of_memory+0x11c/0x11c [ 1095.268569][T21673] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1095.274390][T21673] ? ___ratelimit+0x60/0x595 [ 1095.278992][T21673] ? do_raw_spin_unlock+0x57/0x270 [ 1095.284114][T21673] oom_kill_process.cold+0x10/0x15 [ 1095.289268][T21673] out_of_memory+0x334/0x1340 [ 1095.293952][T21673] ? lock_downgrade+0x920/0x920 [ 1095.295131][ T26] audit: type=1800 audit(1568179930.553:2985): pid=21661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16664 res=0 [ 1095.298803][T21673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1095.298819][T21673] ? oom_killer_disable+0x280/0x280 [ 1095.298843][T21673] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1095.298857][T21673] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1095.298876][T21673] ? do_raw_spin_unlock+0x57/0x270 [ 1095.298895][T21673] ? _raw_spin_unlock+0x2d/0x50 [ 1095.298913][T21673] try_charge+0xf4b/0x1440 [ 1095.298936][T21673] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1095.361294][T21673] ? percpu_ref_tryget_live+0x111/0x290 [ 1095.366855][T21673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1095.373101][T21673] ? __kasan_check_read+0x11/0x20 [ 1095.378135][T21673] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1095.383691][T21673] mem_cgroup_try_charge+0x136/0x590 [ 1095.385703][ T26] audit: type=1804 audit(1568179930.683:2986): pid=21659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/371/bus" dev="sda1" ino=16723 res=1 [ 1095.388988][T21673] __add_to_page_cache_locked+0x43f/0xec0 [ 1095.389006][T21673] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1095.389022][T21673] ? __kasan_check_read+0x11/0x20 [ 1095.389040][T21673] ? unaccount_page_cache_page+0xda0/0xda0 [ 1095.389053][T21673] ? __alloc_pages_nodemask+0x658/0x900 [ 1095.389069][T21673] ? xas_descend+0x144/0x370 [ 1095.389090][T21673] ? shadow_lru_isolate+0x430/0x430 [ 1095.451708][T21673] add_to_page_cache_lru+0x1d8/0x790 [ 1095.457024][T21673] ? add_to_page_cache_locked+0x40/0x40 [ 1095.462681][T21673] ? __page_cache_alloc+0x116/0x490 [ 1095.467901][T21673] pagecache_get_page+0x3be/0x900 [ 1095.472942][T21673] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1095.478508][T21673] grab_cache_page_write_begin+0x75/0xb0 [ 1095.484165][T21673] ext4_da_write_begin+0x2ec/0xb80 [ 1095.489306][T21673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1095.489317][ T26] audit: type=1800 audit(1568179930.683:2987): pid=21659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16723 res=0 [ 1095.515880][T21673] ? ext4_write_begin+0xd20/0xd20 [ 1095.520931][T21673] ? iov_iter_zero+0xfa0/0xfa0 [ 1095.525717][T21673] generic_perform_write+0x23b/0x540 [ 1095.531039][T21673] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1095.539121][T21673] ? current_time+0x140/0x140 [ 1095.543817][T21673] ? generic_write_check_limits.isra.0+0x270/0x270 [ 1095.550342][T21673] __generic_file_write_iter+0x25e/0x630 [ 1095.555997][T21673] ext4_file_write_iter+0x317/0x13c0 [ 1095.561304][T21673] ? ext4_release_file+0x380/0x380 [ 1095.566424][T21673] ? __kasan_check_read+0x11/0x20 [ 1095.571499][T21673] ? __lock_acquire+0x16f2/0x4a00 [ 1095.576532][T21673] ? __kasan_check_read+0x11/0x20 [ 1095.581559][T21673] ? mark_lock+0xc2/0x1220 [ 1095.585977][T21673] do_iter_readv_writev+0x5f8/0x8f0 [ 1095.591204][T21673] ? no_seek_end_llseek_size+0x70/0x70 [ 1095.596670][T21673] ? apparmor_file_permission+0x25/0x30 [ 1095.602224][T21673] ? rw_verify_area+0x126/0x360 [ 1095.607078][T21673] do_iter_write+0x184/0x610 [ 1095.611672][T21673] ? __kmalloc+0x608/0x770 [ 1095.616087][T21673] vfs_iter_write+0x77/0xb0 05:32:11 executing program 3: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1095.620685][T21673] iter_file_splice_write+0x66d/0xbe0 [ 1095.626106][T21673] ? atime_needs_update+0x5f0/0x5f0 [ 1095.631327][T21673] ? page_cache_pipe_buf_release+0x180/0x180 [ 1095.637338][T21673] ? rw_verify_area+0x126/0x360 [ 1095.642332][T21673] ? page_cache_pipe_buf_release+0x180/0x180 [ 1095.648332][T21673] direct_splice_actor+0x123/0x190 [ 1095.653457][T21673] splice_direct_to_actor+0x366/0x970 [ 1095.658861][T21673] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1095.664421][T21673] ? do_splice_to+0x180/0x180 [ 1095.669124][T21673] ? rw_verify_area+0x126/0x360 [ 1095.673996][T21673] do_splice_direct+0x1da/0x2a0 [ 1095.678863][T21673] ? splice_direct_to_actor+0x970/0x970 [ 1095.684415][T21673] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1095.689797][T21673] ? __this_cpu_preempt_check+0x3a/0x210 [ 1095.695437][T21673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1095.701699][T21673] ? __sb_start_write+0x1e5/0x460 [ 1095.701717][T21673] do_sendfile+0x597/0xd00 [ 1095.701738][T21673] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1095.701756][T21673] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1095.701772][T21673] ? put_timespec64+0xda/0x140 [ 1095.701793][T21673] __x64_sys_sendfile64+0x1dd/0x220 [ 1095.701808][T21673] ? __ia32_sys_sendfile+0x230/0x230 [ 1095.701823][T21673] ? do_syscall_64+0x26/0x760 [ 1095.701843][T21673] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1095.701857][T21673] ? trace_hardirqs_on+0x67/0x240 [ 1095.701874][T21673] do_syscall_64+0xfa/0x760 [ 1095.701897][T21673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1095.701907][T21673] RIP: 0033:0x4598e9 [ 1095.701921][T21673] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1095.701927][T21673] RSP: 002b:00007fb275db4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1095.701939][T21673] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 1095.701945][T21673] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1095.701952][T21673] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 05:32:11 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) [ 1095.701959][T21673] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb275db56d4 [ 1095.701966][T21673] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff [ 1096.018055][T21673] memory: usage 306968kB, limit 307200kB, failcnt 19614 [ 1096.067602][T21673] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1096.113024][T21673] Memory cgroup stats for /syz5: [ 1096.113161][T21673] anon 287969280 [ 1096.113161][T21673] file 14946304 [ 1096.113161][T21673] kernel_stack 851968 [ 1096.113161][T21673] slab 7073792 [ 1096.113161][T21673] sock 0 [ 1096.113161][T21673] shmem 0 [ 1096.113161][T21673] file_mapped 15003648 [ 1096.113161][T21673] file_dirty 0 [ 1096.113161][T21673] file_writeback 0 [ 1096.113161][T21673] anon_thp 155189248 [ 1096.113161][T21673] inactive_anon 247439360 [ 1096.113161][T21673] active_anon 1400832 [ 1096.113161][T21673] inactive_file 40960 [ 1096.113161][T21673] active_file 28672 [ 1096.113161][T21673] unevictable 54267904 [ 1096.113161][T21673] slab_reclaimable 2838528 [ 1096.113161][T21673] slab_unreclaimable 4235264 [ 1096.113161][T21673] pgfault 983961 [ 1096.113161][T21673] pgmajfault 99 [ 1096.113161][T21673] workingset_refault 21186 [ 1096.113161][T21673] workingset_activate 1089 [ 1096.113161][T21673] workingset_nodereclaim 0 [ 1096.113161][T21673] pgrefill 28725 [ 1096.113161][T21673] pgscan 38721 [ 1096.113161][T21673] pgsteal 26774 05:32:11 executing program 4: r0 = socket(0x11, 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r1, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r1, r2, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000080)) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'bond0\x00'}) r3 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x3, 0x2) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r6 = socket(0xa, 0x1, 0x0) close(r6) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000040)={r5}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r6, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB="2000000000840000000200000000000400"/28, @ANYRES32=0x0], 0x20}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r5}, 0x10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r5, 0x0, 0x0, 0xfffffffffffff801, 0x3, 0x2}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x2, 0xe98d, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80000000, 0x0, 0x4000000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb0df3f47fdbc870b, @perf_config_ext, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x891b, &(0x7f0000000040)={'bond0\x00\x05H\a\x00`\x00\x06\x00z\x03'}) 05:32:11 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r1}) read$char_usb(r1, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) getsockopt(r3, 0x400, 0x20, &(0x7f0000000100)=""/192, &(0x7f00000003c0)=0xc0) 05:32:12 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1096.808199][T21673] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21663,uid=0 05:32:12 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) [ 1096.850960][T21673] Memory cgroup out of memory: Killed process 21664 (syz-executor.5) total-vm:72832kB, anon-rss:17872kB, file-rss:52704kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 05:32:12 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) 05:32:12 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:13 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:13 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:13 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:13 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) [ 1098.265220][T21705] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1098.318843][T21705] CPU: 0 PID: 21705 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1098.328178][T21705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1098.338245][T21705] Call Trace: [ 1098.341559][T21705] dump_stack+0x172/0x1f0 [ 1098.345911][T21705] dump_header+0x177/0x1152 [ 1098.350443][T21705] ? pagefault_out_of_memory+0x11c/0x11c [ 1098.356106][T21705] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1098.361943][T21705] ? ___ratelimit+0x60/0x595 [ 1098.366630][T21705] ? do_raw_spin_unlock+0x57/0x270 [ 1098.371895][T21705] oom_kill_process.cold+0x10/0x15 [ 1098.377200][T21705] out_of_memory+0x334/0x1340 [ 1098.381895][T21705] ? lock_downgrade+0x920/0x920 [ 1098.386784][T21705] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1098.392609][T21705] ? oom_killer_disable+0x280/0x280 [ 1098.397829][T21705] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1098.403397][T21705] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1098.409048][T21705] ? do_raw_spin_unlock+0x57/0x270 [ 1098.414171][T21705] ? _raw_spin_unlock+0x2d/0x50 [ 1098.419745][T21705] try_charge+0xf4b/0x1440 [ 1098.424183][T21705] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1098.429745][T21705] ? percpu_ref_tryget_live+0x111/0x290 [ 1098.435310][T21705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1098.441560][T21705] ? __kasan_check_read+0x11/0x20 [ 1098.446597][T21705] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1098.452148][T21705] mem_cgroup_try_charge+0x136/0x590 [ 1098.457445][T21705] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1098.463717][T21705] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1098.469544][T21705] __handle_mm_fault+0x1e34/0x3f20 [ 1098.474672][T21705] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1098.480248][T21705] ? __kasan_check_read+0x11/0x20 [ 1098.485377][T21705] handle_mm_fault+0x1b5/0x6c0 [ 1098.490179][T21705] __get_user_pages+0x7d4/0x1b30 [ 1098.495147][T21705] ? follow_page_mask+0x1cf0/0x1cf0 [ 1098.500364][T21705] ? __this_cpu_preempt_check+0x3a/0x210 [ 1098.506015][T21705] ? retint_kernel+0x2b/0x2b [ 1098.510631][T21705] populate_vma_page_range+0x20d/0x2a0 [ 1098.516116][T21705] __mm_populate+0x204/0x380 [ 1098.520728][T21705] ? populate_vma_page_range+0x2a0/0x2a0 [ 1098.526379][T21705] ? up_write+0x1c8/0x490 [ 1098.530728][T21705] __x64_sys_mremap+0x7dc/0xb80 [ 1098.535584][T21705] ? retint_kernel+0x2b/0x2b [ 1098.540188][T21705] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1098.545841][T21705] ? mremap_to+0x750/0x750 [ 1098.550279][T21705] ? retint_kernel+0x2b/0x2b [ 1098.554889][T21705] ? do_syscall_64+0xc0/0x760 [ 1098.559586][T21705] do_syscall_64+0xfa/0x760 [ 1098.564105][T21705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1098.570004][T21705] RIP: 0033:0x4598e9 [ 1098.573905][T21705] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1098.593528][T21705] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1098.601963][T21705] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1098.609984][T21705] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 05:32:14 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1098.617959][T21705] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1098.617967][T21705] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb972f886d4 [ 1098.617974][T21705] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1098.838160][T21705] memory: usage 307200kB, limit 307200kB, failcnt 11103 [ 1098.846742][T21705] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1098.856816][T21705] Memory cgroup stats for /syz0: [ 1098.859088][T21705] anon 282259456 [ 1098.859088][T21705] file 18718720 [ 1098.859088][T21705] kernel_stack 786432 [ 1098.859088][T21705] slab 8675328 [ 1098.859088][T21705] sock 0 [ 1098.859088][T21705] shmem 0 [ 1098.859088][T21705] file_mapped 18653184 [ 1098.859088][T21705] file_dirty 0 [ 1098.859088][T21705] file_writeback 0 [ 1098.859088][T21705] anon_thp 56623104 [ 1098.859088][T21705] inactive_anon 260059136 [ 1098.859088][T21705] active_anon 1216512 [ 1098.859088][T21705] inactive_file 0 [ 1098.859088][T21705] active_file 0 [ 1098.859088][T21705] unevictable 39682048 [ 1098.859088][T21705] slab_reclaimable 2703360 [ 1098.859088][T21705] slab_unreclaimable 5971968 [ 1098.859088][T21705] pgfault 1025244 [ 1098.859088][T21705] pgmajfault 99 [ 1098.859088][T21705] workingset_refault 19800 [ 1098.859088][T21705] workingset_activate 1947 [ 1098.859088][T21705] workingset_nodereclaim 0 [ 1098.859088][T21705] pgrefill 22133 [ 1098.859088][T21705] pgscan 37483 [ 1098.859088][T21705] pgsteal 22960 [ 1098.958209][T21705] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21694,uid=0 05:32:14 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(0x0, 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1098.976923][T21705] Memory cgroup out of memory: Killed process 21694 (syz-executor.0) total-vm:72832kB, anon-rss:11092kB, file-rss:54336kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1099.021681][ T1065] oom_reaper: reaped process 21694 (syz-executor.0), now anon-rss:11084kB, file-rss:54332kB, shmem-rss:0kB [ 1099.033589][T21711] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1099.107428][T21711] CPU: 1 PID: 21711 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1099.116581][T21711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1099.126646][T21711] Call Trace: [ 1099.129955][T21711] dump_stack+0x172/0x1f0 [ 1099.134314][T21711] dump_header+0x177/0x1152 [ 1099.138834][T21711] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1099.144643][T21711] ? ___ratelimit+0x2c8/0x595 [ 1099.149326][T21711] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1099.155142][T21711] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1099.160438][T21711] ? trace_hardirqs_on+0x67/0x240 [ 1099.165471][T21711] ? pagefault_out_of_memory+0x11c/0x11c [ 1099.171108][T21711] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1099.176915][T21711] ? ___ratelimit+0x60/0x595 [ 1099.181509][T21711] ? do_raw_spin_unlock+0x57/0x270 [ 1099.186622][T21711] oom_kill_process.cold+0x10/0x15 [ 1099.191743][T21711] out_of_memory+0x334/0x1340 [ 1099.196426][T21711] ? lock_downgrade+0x920/0x920 [ 1099.201288][T21711] ? oom_killer_disable+0x280/0x280 [ 1099.206506][T21711] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1099.212060][T21711] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1099.217708][T21711] ? do_raw_spin_unlock+0x57/0x270 [ 1099.222836][T21711] ? _raw_spin_unlock+0x2d/0x50 [ 1099.227705][T21711] try_charge+0xf4b/0x1440 [ 1099.232140][T21711] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1099.237694][T21711] ? find_held_lock+0x35/0x130 [ 1099.242465][T21711] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1099.248027][T21711] ? lock_downgrade+0x920/0x920 [ 1099.252881][T21711] ? percpu_ref_tryget_live+0x111/0x290 [ 1099.258430][T21711] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1099.263903][T21711] ? memcg_kmem_put_cache+0x50/0x50 [ 1099.269107][T21711] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1099.274660][T21711] __memcg_kmem_charge+0x13a/0x3a0 [ 1099.279779][T21711] __alloc_pages_nodemask+0x4f7/0x900 [ 1099.285166][T21711] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1099.290725][T21711] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1099.296484][T21711] ? percpu_ref_put_many+0xb6/0x190 [ 1099.301715][T21711] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1099.301734][T21711] ? trace_hardirqs_on+0x67/0x240 05:32:14 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) [ 1099.301749][T21711] ? __kasan_check_read+0x11/0x20 [ 1099.301772][T21711] copy_process+0x3f8/0x6830 [ 1099.301788][T21711] ? psi_memstall_leave+0x12e/0x180 [ 1099.301817][T21711] ? __cleanup_sighand+0x60/0x60 [ 1099.301836][T21711] ? __kasan_check_read+0x11/0x20 [ 1099.301850][T21711] ? __lock_acquire+0x8a0/0x4a00 [ 1099.301870][T21711] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1099.301892][T21711] _do_fork+0x146/0xfa0 [ 1099.301911][T21711] ? copy_init_mm+0x20/0x20 [ 1099.301934][T21711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1099.301950][T21711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1099.301967][T21711] ? debug_smp_processor_id+0x3c/0x214 [ 1099.301988][T21711] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1099.302008][T21711] __x64_sys_clone+0x1ab/0x270 [ 1099.302023][T21711] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1099.302038][T21711] ? __ia32_sys_vfork+0xd0/0xd0 [ 1099.302054][T21711] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1099.302078][T21711] ? do_syscall_64+0x26/0x760 [ 1099.302092][T21711] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1099.302107][T21711] ? trace_hardirqs_on+0x67/0x240 [ 1099.302125][T21711] do_syscall_64+0xfa/0x760 [ 1099.302145][T21711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1099.302157][T21711] RIP: 0033:0x45c2b9 [ 1099.302173][T21711] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1099.302181][T21711] RSP: 002b:00007ffee464ffb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1099.302195][T21711] RAX: ffffffffffffffda RBX: 00007fb275d94700 RCX: 000000000045c2b9 [ 1099.302204][T21711] RDX: 00007fb275d949d0 RSI: 00007fb275d93db0 RDI: 00000000003d0f00 [ 1099.302213][T21711] RBP: 00007ffee46501d0 R08: 00007fb275d94700 R09: 00007fb275d94700 05:32:15 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) 05:32:15 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1099.302221][T21711] R10: 00007fb275d949d0 R11: 0000000000000202 R12: 0000000000000000 [ 1099.302230][T21711] R13: 00007ffee465006f R14: 00007fb275d949c0 R15: 000000000075c07c [ 1099.348011][ T26] kauditd_printk_skb: 27 callbacks suppressed [ 1099.348027][ T26] audit: type=1804 audit(1568179934.823:3015): pid=21731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/383/bus" dev="sda1" ino=16707 res=1 [ 1099.348058][ T26] audit: type=1800 audit(1568179934.823:3016): pid=21731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16707 res=0 [ 1099.708339][T21711] memory: usage 307016kB, limit 307200kB, failcnt 19912 [ 1099.708353][T21711] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1099.708358][T21711] Memory cgroup stats for /syz5: [ 1099.708482][T21711] anon 287981568 [ 1099.708482][T21711] file 15314944 [ 1099.708482][T21711] kernel_stack 851968 [ 1099.708482][T21711] slab 6799360 [ 1099.708482][T21711] sock 0 [ 1099.708482][T21711] shmem 0 [ 1099.708482][T21711] file_mapped 15138816 [ 1099.708482][T21711] file_dirty 0 [ 1099.708482][T21711] file_writeback 0 [ 1099.708482][T21711] anon_thp 144703488 [ 1099.708482][T21711] inactive_anon 245411840 [ 1099.708482][T21711] active_anon 1400832 [ 1099.708482][T21711] inactive_file 122880 [ 1099.708482][T21711] active_file 163840 [ 1099.708482][T21711] unevictable 56373248 [ 1099.708482][T21711] slab_reclaimable 2703360 [ 1099.708482][T21711] slab_unreclaimable 4096000 [ 1099.708482][T21711] pgfault 988779 [ 1099.708482][T21711] pgmajfault 99 [ 1099.708482][T21711] workingset_refault 21450 [ 1099.708482][T21711] workingset_activate 1089 [ 1099.708482][T21711] workingset_nodereclaim 0 [ 1099.708482][T21711] pgrefill 28725 [ 1099.708482][T21711] pgscan 39001 05:32:16 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) [ 1099.708502][T21711] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21711,uid=0 05:32:16 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) [ 1099.708635][T21711] Memory cgroup out of memory: Killed process 21711 (syz-executor.5) total-vm:72840kB, anon-rss:17816kB, file-rss:50488kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1099.709242][ T1065] oom_reaper: reaped process 21711 (syz-executor.5), now anon-rss:17800kB, file-rss:50488kB, shmem-rss:0kB [ 1099.715776][T21722] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1099.715909][T21722] CPU: 1 PID: 21722 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1099.715917][T21722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1099.715922][T21722] Call Trace: [ 1099.715945][T21722] dump_stack+0x172/0x1f0 [ 1099.715967][T21722] dump_header+0x177/0x1152 [ 1099.715990][T21722] ? pagefault_out_of_memory+0x11c/0x11c [ 1099.716006][T21722] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1099.716019][T21722] ? ___ratelimit+0x60/0x595 [ 1099.716032][T21722] ? do_raw_spin_unlock+0x57/0x270 [ 1099.716047][T21722] oom_kill_process.cold+0x10/0x15 [ 1099.716062][T21722] out_of_memory+0x334/0x1340 [ 1099.716076][T21722] ? lock_downgrade+0x920/0x920 [ 1099.716095][T21722] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1099.716111][T21722] ? oom_killer_disable+0x280/0x280 [ 1099.716137][T21722] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1099.716153][T21722] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1099.716173][T21722] ? do_raw_spin_unlock+0x57/0x270 [ 1099.716190][T21722] ? _raw_spin_unlock+0x2d/0x50 [ 1099.716209][T21722] try_charge+0xf4b/0x1440 [ 1099.716236][T21722] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1099.716250][T21722] ? percpu_ref_tryget_live+0x111/0x290 [ 1099.716271][T21722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1099.716289][T21722] ? __kasan_check_read+0x11/0x20 [ 1099.716310][T21722] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1099.716329][T21722] mem_cgroup_try_charge+0x136/0x590 [ 1099.716344][T21722] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1099.716364][T21722] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1099.716386][T21722] __handle_mm_fault+0x1e34/0x3f20 [ 1099.716407][T21722] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1099.716436][T21722] ? __kasan_check_read+0x11/0x20 [ 1099.716460][T21722] handle_mm_fault+0x1b5/0x6c0 [ 1099.716481][T21722] __get_user_pages+0x7d4/0x1b30 [ 1099.716508][T21722] ? follow_page_mask+0x1cf0/0x1cf0 [ 1099.716525][T21722] ? retint_kernel+0x2b/0x2b [ 1099.716553][T21722] populate_vma_page_range+0x20d/0x2a0 [ 1099.716574][T21722] __mm_populate+0x204/0x380 [ 1099.716593][T21722] ? populate_vma_page_range+0x2a0/0x2a0 [ 1099.716609][T21722] ? up_write+0x1c8/0x490 [ 1099.716629][T21722] __x64_sys_mremap+0x7dc/0xb80 [ 1099.716652][T21722] ? mremap_to+0x750/0x750 [ 1099.716676][T21722] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1099.716692][T21722] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1099.716710][T21722] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1099.716723][T21722] ? do_syscall_64+0x26/0x760 [ 1099.716739][T21722] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1099.716755][T21722] ? trace_hardirqs_on+0x67/0x240 [ 1099.716776][T21722] do_syscall_64+0xfa/0x760 [ 1099.716801][T21722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1099.716813][T21722] RIP: 0033:0x4598e9 [ 1099.716829][T21722] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1099.716838][T21722] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1099.716852][T21722] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1099.716862][T21722] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1099.716871][T21722] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1099.716880][T21722] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1099.716889][T21722] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1099.724499][T21722] memory: usage 307200kB, limit 307200kB, failcnt 32936 [ 1099.724565][T21722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1099.724659][T21722] Memory cgroup stats for /syz4: [ 1099.725667][T21722] anon 290586624 [ 1099.725667][T21722] file 16494592 [ 1099.725667][T21722] kernel_stack 655360 [ 1099.725667][T21722] slab 3661824 [ 1099.725667][T21722] sock 0 [ 1099.725667][T21722] shmem 0 [ 1099.725667][T21722] file_mapped 16355328 [ 1099.725667][T21722] file_dirty 0 [ 1099.725667][T21722] file_writeback 0 [ 1099.725667][T21722] anon_thp 211812352 [ 1099.725667][T21722] inactive_anon 243625984 [ 1099.725667][T21722] active_anon 4730880 [ 1099.725667][T21722] inactive_file 28672 [ 1099.725667][T21722] active_file 0 [ 1099.725667][T21722] unevictable 58568704 [ 1099.725667][T21722] slab_reclaimable 1081344 [ 1099.725667][T21722] slab_unreclaimable 2580480 [ 1099.725667][T21722] pgfault 1414611 [ 1099.725667][T21722] pgmajfault 528 [ 1099.725667][T21722] workingset_refault 63063 [ 1099.725667][T21722] workingset_activate 17457 [ 1099.725667][T21722] workingset_nodereclaim 0 [ 1099.725667][T21722] pgrefill 85583 [ 1099.725667][T21722] pgscan 113127 [ 1099.725667][T21722] pgsteal 75507 [ 1099.725806][T21722] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21707,uid=0 [ 1099.726384][T21722] Memory cgroup out of memory: Killed process 21707 (syz-executor.4) total-vm:72700kB, anon-rss:14456kB, file-rss:54336kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1099.730574][ T1065] oom_reaper: reaped process 21707 (syz-executor.4), now anon-rss:14448kB, file-rss:54332kB, shmem-rss:0kB [ 1100.476107][ T26] audit: type=1804 audit(1568179935.943:3017): pid=21745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/375/bus" dev="sda1" ino=16655 res=1 [ 1100.476301][ T26] audit: type=1800 audit(1568179935.943:3018): pid=21745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16655 res=0 [ 1100.679670][ T26] audit: type=1804 audit(1568179936.153:3019): pid=21752 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/446/bus" dev="sda1" ino=16785 res=1 [ 1100.687109][ T26] audit: type=1800 audit(1568179936.153:3020): pid=21752 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16785 res=0 [ 1101.429408][ T26] audit: type=1804 audit(1568179936.903:3021): pid=21754 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/607/bus" dev="sda1" ino=16694 res=1 [ 1101.429707][ T26] audit: type=1800 audit(1568179936.903:3022): pid=21754 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16694 res=0 [ 1101.747909][ T26] audit: type=1804 audit(1568179937.223:3023): pid=21758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/415/bus" dev="sda1" ino=16667 res=1 [ 1101.747940][ T26] audit: type=1800 audit(1568179937.223:3024): pid=21758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16667 res=0 [ 1102.117596][T21762] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1102.117671][T21762] CPU: 1 PID: 21762 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1102.117680][T21762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1102.117686][T21762] Call Trace: [ 1102.117711][T21762] dump_stack+0x172/0x1f0 [ 1102.117733][T21762] dump_header+0x177/0x1152 [ 1102.117752][T21762] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1102.117765][T21762] ? ___ratelimit+0x2c8/0x595 [ 1102.117779][T21762] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1102.117798][T21762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1102.117814][T21762] ? trace_hardirqs_on+0x67/0x240 [ 1102.117831][T21762] ? pagefault_out_of_memory+0x11c/0x11c [ 1102.117847][T21762] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1102.117861][T21762] ? ___ratelimit+0x60/0x595 [ 1102.117873][T21762] ? do_raw_spin_unlock+0x57/0x270 [ 1102.117896][T21762] oom_kill_process.cold+0x10/0x15 [ 1102.117914][T21762] out_of_memory+0x334/0x1340 [ 1102.117929][T21762] ? lock_downgrade+0x920/0x920 [ 1102.117949][T21762] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1102.117966][T21762] ? oom_killer_disable+0x280/0x280 [ 1102.117991][T21762] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1102.118007][T21762] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1102.118026][T21762] ? do_raw_spin_unlock+0x57/0x270 [ 1102.118043][T21762] ? _raw_spin_unlock+0x2d/0x50 [ 1102.118062][T21762] try_charge+0xf4b/0x1440 [ 1102.118088][T21762] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1102.118102][T21762] ? percpu_ref_tryget_live+0x111/0x290 [ 1102.118120][T21762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1102.118138][T21762] ? __kasan_check_read+0x11/0x20 [ 1102.118159][T21762] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1102.118177][T21762] mem_cgroup_try_charge+0x136/0x590 05:32:18 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:18 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x0) [ 1102.118191][T21762] ? alloc_pages_vma+0x122/0x3f0 [ 1102.118210][T21762] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1102.118231][T21762] __handle_mm_fault+0x1e34/0x3f20 [ 1102.118253][T21762] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1102.118282][T21762] ? __kasan_check_read+0x11/0x20 [ 1102.118307][T21762] handle_mm_fault+0x1b5/0x6c0 [ 1102.118326][T21762] __get_user_pages+0x7d4/0x1b30 [ 1102.118352][T21762] ? follow_page_mask+0x1cf0/0x1cf0 [ 1102.118366][T21762] ? retint_kernel+0x2b/0x2b [ 1102.118397][T21762] populate_vma_page_range+0x20d/0x2a0 [ 1102.118417][T21762] __mm_populate+0x204/0x380 [ 1102.118437][T21762] ? populate_vma_page_range+0x2a0/0x2a0 [ 1102.118453][T21762] ? up_write+0x1c8/0x490 [ 1102.118474][T21762] __x64_sys_mremap+0x7dc/0xb80 [ 1102.118496][T21762] ? mremap_to+0x750/0x750 [ 1102.118521][T21762] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1102.118537][T21762] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1102.118554][T21762] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1102.118569][T21762] ? do_syscall_64+0x26/0x760 [ 1102.118586][T21762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1102.118601][T21762] ? trace_hardirqs_on+0x67/0x240 [ 1102.118621][T21762] do_syscall_64+0xfa/0x760 [ 1102.118641][T21762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1102.118653][T21762] RIP: 0033:0x4598e9 [ 1102.118669][T21762] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1102.118677][T21762] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1102.118692][T21762] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1102.118700][T21762] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1102.118707][T21762] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1102.118714][T21762] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb972f886d4 [ 1102.118722][T21762] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1102.126787][T21762] memory: usage 307200kB, limit 307200kB, failcnt 11217 [ 1102.851222][T21762] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1102.851229][T21762] Memory cgroup stats for /syz0: [ 1102.851355][T21762] anon 282103808 [ 1102.851355][T21762] file 18714624 [ 1102.851355][T21762] kernel_stack 786432 [ 1102.851355][T21762] slab 8810496 [ 1102.851355][T21762] sock 0 [ 1102.851355][T21762] shmem 0 [ 1102.851355][T21762] file_mapped 18518016 [ 1102.851355][T21762] file_dirty 135168 [ 1102.851355][T21762] file_writeback 0 [ 1102.851355][T21762] anon_thp 56623104 [ 1102.851355][T21762] inactive_anon 262262784 [ 1102.851355][T21762] active_anon 1216512 [ 1102.851355][T21762] inactive_file 131072 [ 1102.851355][T21762] active_file 131072 [ 1102.851355][T21762] unevictable 37462016 [ 1102.851355][T21762] slab_reclaimable 2838528 [ 1102.851355][T21762] slab_unreclaimable 5971968 [ 1102.851355][T21762] pgfault 1028445 [ 1102.851355][T21762] pgmajfault 99 [ 1102.851355][T21762] workingset_refault 19800 [ 1102.851355][T21762] workingset_activate 1947 [ 1102.851355][T21762] workingset_nodereclaim 0 [ 1102.851355][T21762] pgrefill 22486 [ 1102.851355][T21762] pgscan 38066 05:32:18 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:18 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(0x0, 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1102.851383][T21762] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21753,uid=0 [ 1102.851498][T21762] Memory cgroup out of memory: Killed process 21762 (syz-executor.0) total-vm:72832kB, anon-rss:10836kB, file-rss:54336kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1102.913565][T21765] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1102.913643][T21765] CPU: 0 PID: 21765 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 05:32:18 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) [ 1102.913653][T21765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1102.913660][T21765] Call Trace: [ 1102.913684][T21765] dump_stack+0x172/0x1f0 [ 1102.913706][T21765] dump_header+0x177/0x1152 [ 1102.913730][T21765] ? pagefault_out_of_memory+0x11c/0x11c [ 1102.913749][T21765] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1102.913763][T21765] ? ___ratelimit+0x60/0x595 [ 1102.913777][T21765] ? do_raw_spin_unlock+0x57/0x270 [ 1102.913796][T21765] oom_kill_process.cold+0x10/0x15 [ 1102.913813][T21765] out_of_memory+0x334/0x1340 [ 1102.913836][T21765] ? oom_killer_disable+0x280/0x280 [ 1102.913863][T21765] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1102.913879][T21765] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1102.913897][T21765] ? do_raw_spin_unlock+0x57/0x270 [ 1102.913915][T21765] ? _raw_spin_unlock+0x2d/0x50 [ 1102.913935][T21765] try_charge+0xf4b/0x1440 [ 1102.913958][T21765] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1102.913971][T21765] ? percpu_ref_tryget_live+0x111/0x290 [ 1102.913992][T21765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1102.914016][T21765] ? __kasan_check_read+0x11/0x20 [ 1102.914042][T21765] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1102.914060][T21765] mem_cgroup_try_charge+0x136/0x590 [ 1102.914076][T21765] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1102.914095][T21765] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1102.914116][T21765] __handle_mm_fault+0x1e34/0x3f20 [ 1102.914138][T21765] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1102.914167][T21765] ? __kasan_check_read+0x11/0x20 [ 1102.914191][T21765] handle_mm_fault+0x1b5/0x6c0 [ 1102.914211][T21765] __get_user_pages+0x7d4/0x1b30 [ 1102.914226][T21765] ? mark_held_locks+0xf0/0xf0 [ 1102.914252][T21765] ? follow_page_mask+0x1cf0/0x1cf0 [ 1102.914273][T21765] ? retint_kernel+0x2b/0x2b [ 1102.914292][T21765] populate_vma_page_range+0x20d/0x2a0 [ 1102.914310][T21765] __mm_populate+0x204/0x380 [ 1102.914329][T21765] ? populate_vma_page_range+0x2a0/0x2a0 [ 1102.914350][T21765] ? up_write+0x1c8/0x490 [ 1102.914367][T21765] __x64_sys_mremap+0x7dc/0xb80 [ 1102.914385][T21765] ? mremap_to+0x750/0x750 [ 1102.914407][T21765] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1102.914420][T21765] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1102.914434][T21765] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1102.914446][T21765] ? do_syscall_64+0x26/0x760 [ 1102.914460][T21765] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1102.914475][T21765] ? trace_hardirqs_on+0x67/0x240 [ 1102.914491][T21765] do_syscall_64+0xfa/0x760 [ 1102.914509][T21765] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1102.914521][T21765] RIP: 0033:0x4598e9 [ 1102.914534][T21765] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1102.914540][T21765] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1102.914552][T21765] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1102.914559][T21765] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1102.914567][T21765] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1102.914575][T21765] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1102.914582][T21765] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1102.920586][T21765] memory: usage 307084kB, limit 307200kB, failcnt 33093 [ 1102.920671][T21765] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1102.920713][T21765] Memory cgroup stats for /syz4: [ 1102.921363][T21765] anon 290357248 [ 1102.921363][T21765] file 16314368 [ 1102.921363][T21765] kernel_stack 655360 [ 1102.921363][T21765] slab 3796992 [ 1102.921363][T21765] sock 0 [ 1102.921363][T21765] shmem 0 [ 1102.921363][T21765] file_mapped 16490496 [ 1102.921363][T21765] file_dirty 135168 [ 1102.921363][T21765] file_writeback 0 [ 1102.921363][T21765] anon_thp 207618048 [ 1102.921363][T21765] inactive_anon 244535296 [ 1102.921363][T21765] active_anon 4730880 [ 1102.921363][T21765] inactive_file 0 [ 1102.921363][T21765] active_file 0 [ 1102.921363][T21765] unevictable 57556992 [ 1102.921363][T21765] slab_reclaimable 1216512 [ 1102.921363][T21765] slab_unreclaimable 2580480 [ 1102.921363][T21765] pgfault 1420980 [ 1102.921363][T21765] pgmajfault 528 [ 1102.921363][T21765] workingset_refault 63129 [ 1102.921363][T21765] workingset_activate 17457 [ 1102.921363][T21765] workingset_nodereclaim 0 [ 1102.921363][T21765] pgrefill 85583 [ 1102.921363][T21765] pgscan 113395 [ 1102.921424][T21765] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21757,uid=0 [ 1102.924437][T21765] Memory cgroup out of memory: Killed process 21757 (syz-executor.4) total-vm:72832kB, anon-rss:15580kB, file-rss:54336kB, shmem-rss:0kB, UID:0 pgtables:200704kB oom_score_adj:1000 [ 1102.932063][ T1065] oom_reaper: reaped process 21757 (syz-executor.4), now anon-rss:15572kB, file-rss:54332kB, shmem-rss:0kB [ 1103.922655][T21777] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 05:32:19 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x0) 05:32:20 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) [ 1104.607505][T21777] CPU: 1 PID: 21777 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1104.617363][T21777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1104.627433][T21777] Call Trace: [ 1104.630742][T21777] dump_stack+0x172/0x1f0 [ 1104.635359][T21777] dump_header+0x177/0x1152 [ 1104.640657][T21777] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1104.646482][T21777] ? ___ratelimit+0x2c8/0x595 [ 1104.652147][T21777] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1104.657977][T21777] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1104.663282][T21777] ? trace_hardirqs_on+0x67/0x240 [ 1104.668320][T21777] ? pagefault_out_of_memory+0x11c/0x11c [ 1104.673983][T21777] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1104.679801][T21777] ? ___ratelimit+0x60/0x595 [ 1104.684411][T21777] ? do_raw_spin_unlock+0x57/0x270 [ 1104.689539][T21777] oom_kill_process.cold+0x10/0x15 [ 1104.694859][T21777] out_of_memory+0x334/0x1340 [ 1104.699749][T21777] ? lock_downgrade+0x920/0x920 [ 1104.704795][T21777] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1104.710609][T21777] ? oom_killer_disable+0x280/0x280 [ 1104.715824][T21777] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1104.721470][T21777] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1104.727116][T21777] ? do_raw_spin_unlock+0x57/0x270 [ 1104.733370][T21777] ? _raw_spin_unlock+0x2d/0x50 [ 1104.738413][T21777] try_charge+0xf4b/0x1440 [ 1104.742845][T21777] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1104.748403][T21777] ? find_held_lock+0x35/0x130 [ 1104.753180][T21777] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1104.758928][T21777] ? lock_downgrade+0x920/0x920 [ 1104.763788][T21777] ? percpu_ref_tryget_live+0x111/0x290 [ 1104.769351][T21777] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1104.774823][T21777] ? memcg_kmem_put_cache+0x50/0x50 [ 1104.780032][T21777] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1104.785593][T21777] __memcg_kmem_charge+0x13a/0x3a0 [ 1104.790719][T21777] __alloc_pages_nodemask+0x4f7/0x900 [ 1104.796104][T21777] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1104.801658][T21777] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1104.807484][T21777] ? percpu_ref_put_many+0xb6/0x190 [ 1104.812694][T21777] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1104.818083][T21777] ? trace_hardirqs_on+0x67/0x240 [ 1104.823308][T21777] ? __kasan_check_read+0x11/0x20 [ 1104.828347][T21777] copy_process+0x3f8/0x6830 [ 1104.832949][T21777] ? psi_memstall_leave+0x12e/0x180 [ 1104.838171][T21777] ? __cleanup_sighand+0x60/0x60 [ 1104.843124][T21777] ? __kasan_check_read+0x11/0x20 [ 1104.848175][T21777] ? __lock_acquire+0x8a0/0x4a00 [ 1104.853131][T21777] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1104.858376][T21777] _do_fork+0x146/0xfa0 [ 1104.862778][T21777] ? copy_init_mm+0x20/0x20 [ 1104.867360][T21777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1104.873651][T21777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1104.880008][T21777] ? debug_smp_processor_id+0x3c/0x214 [ 1104.885498][T21777] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1104.891793][T21777] __x64_sys_clone+0x1ab/0x270 [ 1104.896582][T21777] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1104.903804][T21777] ? __ia32_sys_vfork+0xd0/0xd0 [ 1104.908679][T21777] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1104.914953][T21777] ? do_syscall_64+0x26/0x760 [ 1104.919662][T21777] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1104.924971][T21777] ? trace_hardirqs_on+0x67/0x240 [ 1104.930015][T21777] do_syscall_64+0xfa/0x760 [ 1104.934792][T21777] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1104.940697][T21777] RIP: 0033:0x45c2b9 [ 1104.944597][T21777] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1104.964294][T21777] RSP: 002b:00007ffee464ffb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1104.972716][T21777] RAX: ffffffffffffffda RBX: 00007fb275d94700 RCX: 000000000045c2b9 [ 1104.980960][T21777] RDX: 00007fb275d949d0 RSI: 00007fb275d93db0 RDI: 00000000003d0f00 [ 1104.988933][T21777] RBP: 00007ffee46501d0 R08: 00007fb275d94700 R09: 00007fb275d94700 [ 1104.997288][T21777] R10: 00007fb275d949d0 R11: 0000000000000202 R12: 0000000000000000 05:32:20 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1105.005265][T21777] R13: 00007ffee465006f R14: 00007fb275d949c0 R15: 000000000075c07c [ 1105.017329][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 1105.017344][ T26] audit: type=1804 audit(1568179940.083:3035): pid=21795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir128303397/syzkaller.DsgSWl/378/bus" dev="sda1" ino=16621 res=1 [ 1105.174942][ T26] audit: type=1800 audit(1568179940.083:3036): pid=21795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16621 res=0 05:32:20 executing program 1: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x0) 05:32:21 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(0x0, 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1105.778826][ T26] audit: type=1804 audit(1568179941.253:3037): pid=21802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/385/bus" dev="sda1" ino=16691 res=1 [ 1105.853535][ T26] audit: type=1800 audit(1568179941.283:3038): pid=21802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16691 res=0 [ 1106.004445][ T26] audit: type=1804 audit(1568179941.473:3039): pid=21803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/416/bus" dev="sda1" ino=16653 res=1 [ 1106.087734][ T26] audit: type=1800 audit(1568179941.513:3040): pid=21803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16653 res=0 05:32:21 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) 05:32:21 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1106.556644][T21777] memory: usage 307160kB, limit 307200kB, failcnt 20508 [ 1106.590341][T21777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1106.633227][T21777] Memory cgroup stats for /syz5: [ 1106.633356][T21777] anon 287911936 [ 1106.633356][T21777] file 15589376 [ 1106.633356][T21777] kernel_stack 786432 [ 1106.633356][T21777] slab 6529024 [ 1106.633356][T21777] sock 0 [ 1106.633356][T21777] shmem 0 [ 1106.633356][T21777] file_mapped 15679488 [ 1106.633356][T21777] file_dirty 0 [ 1106.633356][T21777] file_writeback 0 [ 1106.633356][T21777] anon_thp 150994944 [ 1106.633356][T21777] inactive_anon 245420032 [ 1106.633356][T21777] active_anon 1400832 [ 1106.633356][T21777] inactive_file 90112 [ 1106.633356][T21777] active_file 49152 [ 1106.633356][T21777] unevictable 56926208 [ 1106.633356][T21777] slab_reclaimable 2568192 [ 1106.633356][T21777] slab_unreclaimable 3960832 [ 1106.633356][T21777] pgfault 995841 [ 1106.633356][T21777] pgmajfault 99 [ 1106.633356][T21777] workingset_refault 22110 [ 1106.633356][T21777] workingset_activate 1155 [ 1106.633356][T21777] workingset_nodereclaim 0 [ 1106.633356][T21777] pgrefill 30829 [ 1106.633356][T21777] pgscan 41696 [ 1106.633356][T21777] pgsteal 27865 05:32:22 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1106.970339][ T26] audit: type=1804 audit(1568179942.443:3041): pid=21817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/386/bus" dev="sda1" ino=16689 res=1 05:32:22 executing program 4: socket(0x40000000002, 0x3, 0x80000000002) clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="d3d2b93c38f19c0400cd8034"], 0xc}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r1], 0x2c}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="eabe9f303b222957eecbc624877c825255f910c28f5e87a64820546a1ebed56adb3b91e7f1ffd7e4ab56ad8e39808e0b61a0bf7a301ffe8dac0726906da58a5d1ab066f24351eda628769d37cbcb5c0c5d6b03e4c0487a0c5c3ced0b6983", @ANYRESHEX, @ANYRESOCT, @ANYRES32, @ANYRESHEX, @ANYBLOB="e6c55c669eb82eec510100019b3d7280437a7462010000000000000029a741efca44f937d0492482ba837296d961244e2e0c734057548c402cc43b3897cc275fd87f333c960d2bc40dd8ece5ff1b9d9e2afb67443e955f96c787fc8dc4872b0001000000000000f515586de3c101e4f8d1b12b1894ef983d0cfcdfbb1118c5ae060bb6ae2af877735be7b03b5278b53fe125393d6b6adf7f7d0734bc1e5566b4d1447a982f0b0b061ef05d38deddd795e0b31aa0a970", @ANYRESHEX], 0x0, 0x165}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") ptrace$cont(0x7, r0, 0x0, 0x0) [ 1107.046097][ T26] audit: type=1800 audit(1568179942.473:3042): pid=21817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16689 res=0 [ 1107.197352][T21777] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21777,uid=0 [ 1107.216554][T21777] Memory cgroup out of memory: Killed process 21777 (syz-executor.5) total-vm:72840kB, anon-rss:17820kB, file-rss:52328kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1107.267725][ T1065] oom_reaper: reaped process 21777 (syz-executor.5), now anon-rss:17804kB, file-rss:52328kB, shmem-rss:0kB [ 1107.267795][T21807] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1107.337628][T21807] CPU: 0 PID: 21807 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1107.346776][T21807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1107.356844][T21807] Call Trace: [ 1107.360160][T21807] dump_stack+0x172/0x1f0 [ 1107.364517][T21807] dump_header+0x177/0x1152 [ 1107.369072][T21807] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1107.375144][T21807] ? ___ratelimit+0x2c8/0x595 [ 1107.379867][T21807] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1107.385681][T21807] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1107.391004][T21807] ? trace_hardirqs_on+0x67/0x240 [ 1107.396049][T21807] ? pagefault_out_of_memory+0x11c/0x11c [ 1107.401705][T21807] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1107.407545][T21807] ? ___ratelimit+0x60/0x595 [ 1107.412156][T21807] ? do_raw_spin_unlock+0x57/0x270 [ 1107.421719][T21807] oom_kill_process.cold+0x10/0x15 [ 1107.427890][T21807] out_of_memory+0x334/0x1340 [ 1107.432677][T21807] ? lock_downgrade+0x920/0x920 [ 1107.437597][T21807] ? oom_killer_disable+0x280/0x280 [ 1107.442818][T21807] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1107.451429][T21807] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1107.457190][T21807] ? do_raw_spin_unlock+0x57/0x270 [ 1107.462586][T21807] ? _raw_spin_unlock+0x2d/0x50 [ 1107.467466][T21807] try_charge+0xf4b/0x1440 [ 1107.471910][T21807] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1107.477473][T21807] ? percpu_ref_tryget_live+0x111/0x290 [ 1107.483046][T21807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.489299][T21807] ? __kasan_check_read+0x11/0x20 [ 1107.494336][T21807] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1107.499894][T21807] mem_cgroup_try_charge+0x136/0x590 [ 1107.505194][T21807] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1107.511454][T21807] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1107.517107][T21807] wp_page_copy+0x41e/0x1590 [ 1107.521723][T21807] ? find_held_lock+0x35/0x130 [ 1107.526503][T21807] ? pmd_pfn+0x1d0/0x1d0 [ 1107.530770][T21807] ? lock_downgrade+0x920/0x920 [ 1107.535646][T21807] ? swp_swapcount+0x540/0x540 [ 1107.540593][T21807] ? __kasan_check_read+0x11/0x20 [ 1107.545627][T21807] ? do_raw_spin_unlock+0x57/0x270 [ 1107.550753][T21807] do_wp_page+0x499/0x14d0 [ 1107.555885][T21807] ? finish_mkwrite_fault+0x570/0x570 [ 1107.564205][T21807] __handle_mm_fault+0x22f1/0x3f20 [ 1107.569344][T21807] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1107.574925][T21807] ? __kasan_check_read+0x11/0x20 [ 1107.579972][T21807] handle_mm_fault+0x1b5/0x6c0 [ 1107.584757][T21807] __get_user_pages+0x7d4/0x1b30 [ 1107.589701][T21807] ? mark_held_locks+0xf0/0xf0 [ 1107.594481][T21807] ? follow_page_mask+0x1cf0/0x1cf0 [ 1107.599688][T21807] ? __mm_populate+0x270/0x380 [ 1107.604477][T21807] ? __kasan_check_write+0x14/0x20 [ 1107.609597][T21807] ? down_read+0x109/0x430 [ 1107.614115][T21807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1107.620372][T21807] populate_vma_page_range+0x20d/0x2a0 [ 1107.625847][T21807] __mm_populate+0x204/0x380 [ 1107.630454][T21807] ? populate_vma_page_range+0x2a0/0x2a0 [ 1107.636100][T21807] ? __kasan_check_write+0x14/0x20 [ 1107.641223][T21807] ? up_write+0x155/0x490 [ 1107.645569][T21807] ? ns_capable_common+0x93/0x100 [ 1107.650879][T21807] __x64_sys_mlockall+0x473/0x520 [ 1107.656009][T21807] do_syscall_64+0xfa/0x760 [ 1107.660528][T21807] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1107.666425][T21807] RIP: 0033:0x4598e9 [ 1107.670331][T21807] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1107.689946][T21807] RSP: 002b:00007f7c59502c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1107.698490][T21807] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1107.707022][T21807] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1107.715004][T21807] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1107.722975][T21807] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c595036d4 [ 1107.722983][T21807] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1107.723483][ T26] audit: type=1804 audit(1568179942.813:3043): pid=21819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/609/bus" dev="sda1" ino=16709 res=1 [ 1107.788303][ T26] audit: type=1800 audit(1568179942.813:3044): pid=21819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16709 res=0 [ 1107.809345][T21807] memory: usage 307120kB, limit 307200kB, failcnt 46934 [ 1107.816725][T21807] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1107.829254][T21807] Memory cgroup stats for /syz1: [ 1107.829380][T21807] anon 287449088 [ 1107.829380][T21807] file 16683008 [ 1107.829380][T21807] kernel_stack 786432 [ 1107.829380][T21807] slab 5287936 [ 1107.829380][T21807] sock 0 [ 1107.829380][T21807] shmem 0 [ 1107.829380][T21807] file_mapped 16625664 [ 1107.829380][T21807] file_dirty 135168 [ 1107.829380][T21807] file_writeback 0 [ 1107.829380][T21807] anon_thp 132120576 [ 1107.829380][T21807] inactive_anon 250626048 [ 1107.829380][T21807] active_anon 1654784 [ 1107.829380][T21807] inactive_file 122880 [ 1107.829380][T21807] active_file 73728 [ 1107.829380][T21807] unevictable 52064256 [ 1107.829380][T21807] slab_reclaimable 2162688 [ 1107.829380][T21807] slab_unreclaimable 3125248 [ 1107.829380][T21807] pgfault 1104972 [ 1107.829380][T21807] pgmajfault 264 [ 1107.829380][T21807] workingset_refault 73887 [ 1107.829380][T21807] workingset_activate 1881 [ 1107.829380][T21807] workingset_nodereclaim 0 [ 1107.829380][T21807] pgrefill 81730 [ 1107.829380][T21807] pgscan 118052 05:32:23 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:23 executing program 4: syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x84802) 05:32:23 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1107.973619][T21807] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21806,uid=0 [ 1107.997538][T21807] Memory cgroup out of memory: Killed process 21806 (syz-executor.1) total-vm:72576kB, anon-rss:18156kB, file-rss:53368kB, shmem-rss:0kB, UID:0 pgtables:204800kB oom_score_adj:1000 [ 1108.115056][ T1065] oom_reaper: reaped process 21806 (syz-executor.1), now anon-rss:18172kB, file-rss:54332kB, shmem-rss:0kB 05:32:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, &(0x7f00000015c0)=0x4) 05:32:23 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/202, 0xca}], 0x1}}], 0x1, 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="2321202e2f66696c65300addfb5117fba1699756876915922a9b66379e3db940dc92e4b7d3c6a82a901f75c2b5705d38810f8092a7b9322da4bb62249babde56293cdfc8cc0500878b3a47f94ec3641c4e6cf95f0b8810707ec302b75f06f1daccbc1048b2c20b884e0efb76d265da715f3b51ae6c628ffa8ffbbd3e1f1c825fa8f65756331597c9d3c9afed938893fc5bfd9e8ece96ad967d4beaa78a6262b38ed0964ddc020aa8ca8ccb60d0f93249da69de030000007d82c717750398ec6f025df527cd59a9b317"], 0xc9) write$binfmt_elf32(r0, &(0x7f0000000940)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000380000000000000000000000000020000000000000000000000000000000000000000000000000000034000000000000000000000000000000000000be8482d48c0100b662ca406349d570285ad41d31900f82019739323d494ba4615c6dc497c739e39c00038356ee7674da68b964f425e111854c2b0bf1a00af18e705f3b1d9534408279176538f0ecbdcb43a4c8aa34155f9237d2c6450d2bab0ce132aeab5b67c3ab54503f9ff0a3371b11c1c4e6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d800"/728], 0x2d8) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) 05:32:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000001070581ff10c0d46dffff0e633408100c000100050500007d0a00010c0003000e1322ff09a70000"], 0x2c}}, 0x0) 05:32:24 executing program 1: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}, 0x2c) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080)='1', 0x1, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x100000002091, r1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000100)={0xad, {{0x2, 0x4e21}}}, 0x88) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) r2 = socket$xdp(0x2c, 0x3, 0x0) socket$rxrpc(0x21, 0x2, 0xa) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/21, 0x3c000, 0x800}, 0x18) 05:32:24 executing program 0: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 05:32:24 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) mremap(&(0x7f0000500000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00005de000/0x4000)=nil) 05:32:24 executing program 1: perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 1109.740683][T21869] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1109.761745][T21869] CPU: 1 PID: 21869 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1109.770990][T21869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1109.781158][T21869] Call Trace: [ 1109.784449][T21869] dump_stack+0x172/0x1f0 [ 1109.788771][T21869] dump_header+0x177/0x1152 [ 1109.793269][T21869] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1109.799248][T21869] ? ___ratelimit+0x2c8/0x595 [ 1109.806344][T21869] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1109.812151][T21869] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1109.817427][T21869] ? trace_hardirqs_on+0x67/0x240 [ 1109.822962][T21869] ? pagefault_out_of_memory+0x11c/0x11c [ 1109.829291][T21869] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1109.835115][T21869] ? ___ratelimit+0x60/0x595 [ 1109.839809][T21869] ? do_raw_spin_unlock+0x57/0x270 [ 1109.845367][T21869] oom_kill_process.cold+0x10/0x15 [ 1109.850865][T21869] out_of_memory+0x334/0x1340 [ 1109.855890][T21869] ? lock_downgrade+0x920/0x920 [ 1109.860730][T21869] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1109.866534][T21869] ? oom_killer_disable+0x280/0x280 [ 1109.871735][T21869] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1109.877289][T21869] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1109.882924][T21869] ? do_raw_spin_unlock+0x57/0x270 [ 1109.888230][T21869] ? _raw_spin_unlock+0x2d/0x50 [ 1109.893089][T21869] try_charge+0xf4b/0x1440 [ 1109.897670][T21869] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1109.903897][T21869] ? percpu_ref_tryget_live+0x111/0x290 [ 1109.909437][T21869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1109.915683][T21869] ? __kasan_check_read+0x11/0x20 [ 1109.920977][T21869] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1109.926597][T21869] mem_cgroup_try_charge+0x136/0x590 [ 1109.931867][T21869] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1109.938180][T21869] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1109.943931][T21869] __handle_mm_fault+0x1e34/0x3f20 [ 1109.949032][T21869] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1109.954581][T21869] ? __kasan_check_read+0x11/0x20 [ 1109.959691][T21869] handle_mm_fault+0x1b5/0x6c0 [ 1109.964473][T21869] __get_user_pages+0x7d4/0x1b30 [ 1109.970007][T21869] ? mark_held_locks+0xf0/0xf0 [ 1109.974762][T21869] ? follow_page_mask+0x1cf0/0x1cf0 [ 1109.979947][T21869] ? __mm_populate+0x270/0x380 [ 1109.984717][T21869] ? memset+0x32/0x40 [ 1109.988702][T21869] populate_vma_page_range+0x20d/0x2a0 [ 1109.994154][T21869] __mm_populate+0x204/0x380 [ 1109.998732][T21869] ? populate_vma_page_range+0x2a0/0x2a0 [ 1110.004351][T21869] ? up_write+0x1c8/0x490 [ 1110.008682][T21869] __x64_sys_mremap+0x7dc/0xb80 [ 1110.013534][T21869] ? mremap_to+0x750/0x750 [ 1110.017946][T21869] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1110.023500][T21869] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1110.028959][T21869] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1110.035010][T21869] ? do_syscall_64+0x26/0x760 [ 1110.039688][T21869] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1110.044970][T21869] ? trace_hardirqs_on+0x67/0x240 [ 1110.049998][T21869] do_syscall_64+0xfa/0x760 [ 1110.054879][T21869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1110.060944][T21869] RIP: 0033:0x4598e9 [ 1110.064832][T21869] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:32:25 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1110.084502][T21869] RSP: 002b:00007fb275d93c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1110.092914][T21869] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1110.100902][T21869] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1110.108861][T21869] RBP: 000000000075c070 R08: 0000000020130000 R09: 0000000000000000 [ 1110.116816][T21869] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb275d946d4 [ 1110.124790][T21869] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff 05:32:25 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x5a, &(0x7f0000000040)={@dev, @remote, [{}], {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "4c20952be2e96572fee813f6550c6c33f1d30febe1079b54e728271bb1f26ac722aef02069b1c7489cc553d0301b5fee104d8a821ba299bfc5fd3effcb2ca6d6"}}}}, 0x0) [ 1110.143956][T21869] memory: usage 307200kB, limit 307200kB, failcnt 20796 [ 1110.167146][T21869] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1110.198027][T21869] Memory cgroup stats for /syz5: [ 1110.198156][T21869] anon 287203328 [ 1110.198156][T21869] file 16834560 [ 1110.198156][T21869] kernel_stack 851968 [ 1110.198156][T21869] slab 6258688 [ 1110.198156][T21869] sock 0 [ 1110.198156][T21869] shmem 0 [ 1110.198156][T21869] file_mapped 16625664 [ 1110.198156][T21869] file_dirty 135168 [ 1110.198156][T21869] file_writeback 0 [ 1110.198156][T21869] anon_thp 148897792 [ 1110.198156][T21869] inactive_anon 245379072 [ 1110.198156][T21869] active_anon 1671168 [ 1110.198156][T21869] inactive_file 110592 [ 1110.198156][T21869] active_file 45056 [ 1110.198156][T21869] unevictable 57012224 [ 1110.198156][T21869] slab_reclaimable 2433024 [ 1110.198156][T21869] slab_unreclaimable 3825664 [ 1110.198156][T21869] pgfault 1001517 [ 1110.198156][T21869] pgmajfault 132 [ 1110.198156][T21869] workingset_refault 22473 [ 1110.198156][T21869] workingset_activate 1155 [ 1110.198156][T21869] workingset_nodereclaim 0 [ 1110.198156][T21869] pgrefill 31142 [ 1110.198156][T21869] pgscan 42562 [ 1110.296996][T21869] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21842,uid=0 [ 1110.314850][T21869] Memory cgroup out of memory: Killed process 21842 (syz-executor.5) total-vm:72832kB, anon-rss:16844kB, file-rss:53368kB, shmem-rss:0kB, UID:0 pgtables:200704kB oom_score_adj:1000 [ 1110.373124][ T1065] oom_reaper: reaped process 21842 (syz-executor.5), now anon-rss:16756kB, file-rss:54332kB, shmem-rss:0kB [ 1110.385605][T21862] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1110.417620][T21862] CPU: 0 PID: 21862 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1110.426765][T21862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1110.437131][T21862] Call Trace: [ 1110.440465][T21862] dump_stack+0x172/0x1f0 [ 1110.444803][T21862] dump_header+0x177/0x1152 [ 1110.450280][T21862] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1110.456082][T21862] ? ___ratelimit+0x2c8/0x595 [ 1110.460758][T21862] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1110.466576][T21862] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1110.471866][T21862] ? trace_hardirqs_on+0x67/0x240 [ 1110.476927][T21862] ? pagefault_out_of_memory+0x11c/0x11c [ 1110.482655][T21862] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1110.488556][T21862] ? ___ratelimit+0x60/0x595 [ 1110.493165][T21862] ? do_raw_spin_unlock+0x57/0x270 [ 1110.498293][T21862] oom_kill_process.cold+0x10/0x15 [ 1110.503415][T21862] out_of_memory+0x334/0x1340 [ 1110.508098][T21862] ? lock_downgrade+0x920/0x920 [ 1110.512965][T21862] ? oom_killer_disable+0x280/0x280 [ 1110.518432][T21862] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1110.524083][T21862] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1110.530539][T21862] ? do_raw_spin_unlock+0x57/0x270 [ 1110.535661][T21862] ? _raw_spin_unlock+0x2d/0x50 [ 1110.540520][T21862] try_charge+0xf4b/0x1440 [ 1110.544951][T21862] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1110.550503][T21862] ? percpu_ref_tryget_live+0x111/0x290 [ 1110.556939][T21862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1110.563278][T21862] ? __kasan_check_read+0x11/0x20 [ 1110.569189][T21862] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1110.569204][T21862] mem_cgroup_try_charge+0x136/0x590 [ 1110.569221][T21862] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1110.569237][T21862] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1110.569254][T21862] wp_page_copy+0x41e/0x1590 [ 1110.569269][T21862] ? find_held_lock+0x35/0x130 [ 1110.569286][T21862] ? pmd_pfn+0x1d0/0x1d0 [ 1110.569301][T21862] ? lock_downgrade+0x920/0x920 [ 1110.569324][T21862] ? swp_swapcount+0x540/0x540 05:32:26 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:26 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:26 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000002c0)="0a0008000012a41d88b070") ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000001c0)=0x1) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) pwrite64(r0, &(0x7f0000000080)='1', 0x1, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000300)=0x1ff, 0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x100000002091, r2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000100)={0xad, {{0x2, 0x4e21}}}, 0x88) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) r3 = socket$xdp(0x2c, 0x3, 0x0) socket$rxrpc(0x21, 0x2, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/21, 0x3c000, 0x800}, 0x18) 05:32:26 executing program 4: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x9e27bacb) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unlink(&(0x7f0000000080)='./file0\x00') r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x2, 0x6d, 0x20000000000001, 0x0, 0x0}, 0x2c) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f00000001c0)='./file0\x00', r3}, 0x10) dup3(r0, r3, 0x0) [ 1110.615486][T21862] ? __kasan_check_read+0x11/0x20 [ 1110.620704][T21862] ? do_raw_spin_unlock+0x57/0x270 [ 1110.625928][T21862] do_wp_page+0x499/0x14d0 [ 1110.628351][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 1110.628365][ T26] audit: type=1804 audit(1568179946.053:3051): pid=21884 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/698/bus" dev="sda1" ino=16695 res=1 [ 1110.630379][T21862] ? finish_mkwrite_fault+0x570/0x570 [ 1110.630402][T21862] __handle_mm_fault+0x22f1/0x3f20 [ 1110.640840][ T26] audit: type=1800 audit(1568179946.053:3052): pid=21884 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16695 res=0 [ 1110.662693][T21862] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1110.662722][T21862] ? __kasan_check_read+0x11/0x20 [ 1110.662741][T21862] handle_mm_fault+0x1b5/0x6c0 [ 1110.662761][T21862] __do_page_fault+0x536/0xdd0 [ 1110.662780][T21862] do_page_fault+0x38/0x590 [ 1110.662797][T21862] page_fault+0x39/0x40 [ 1110.662807][T21862] RIP: 0033:0x4150c3 [ 1110.662821][T21862] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1110.662828][T21862] RSP: 002b:00007ffc960a1528 EFLAGS: 00010213 [ 1110.662840][T21862] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 00000000004598e9 [ 1110.662848][T21862] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd4 [ 1110.662856][T21862] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1110.662864][T21862] R10: 00007ffc960a1600 R11: 0000000000000246 R12: 000000000075bfc8 [ 1110.662872][T21862] R13: 000000000010ee93 R14: 000000000010eec0 R15: 000000000075bfd4 [ 1110.809780][T21862] memory: usage 307200kB, limit 307200kB, failcnt 15009 [ 1110.816786][T21862] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1110.834441][T21862] Memory cgroup stats for /syz0: [ 1110.834553][T21862] anon 298246144 [ 1110.834553][T21862] file 2142208 [ 1110.834553][T21862] kernel_stack 917504 [ 1110.834553][T21862] slab 8945664 [ 1110.834553][T21862] sock 0 [ 1110.834553][T21862] shmem 0 [ 1110.834553][T21862] file_mapped 2162688 [ 1110.834553][T21862] file_dirty 0 [ 1110.834553][T21862] file_writeback 0 [ 1110.834553][T21862] anon_thp 56623104 [ 1110.834553][T21862] inactive_anon 268345344 [ 1110.834553][T21862] active_anon 1486848 [ 1110.834553][T21862] inactive_file 65536 [ 1110.834553][T21862] active_file 0 [ 1110.834553][T21862] unevictable 30703616 [ 1110.834553][T21862] slab_reclaimable 2838528 [ 1110.834553][T21862] slab_unreclaimable 6107136 [ 1110.834553][T21862] pgfault 1043361 [ 1110.834553][T21862] pgmajfault 99 [ 1110.834553][T21862] workingset_refault 23298 [ 1110.834553][T21862] workingset_activate 1980 05:32:26 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89fb, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) [ 1110.834553][T21862] workingset_nodereclaim 0 [ 1110.834553][T21862] pgrefill 30308 [ 1110.834553][T21862] pgscan 48602 [ 1110.834553][T21862] pgsteal 31112 05:32:26 executing program 4: [ 1110.986451][T21862] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21862,uid=0 05:32:26 executing program 4: [ 1111.086274][T21862] Memory cgroup out of memory: Killed process 21862 (syz-executor.0) total-vm:72708kB, anon-rss:17856kB, file-rss:37048kB, shmem-rss:0kB, UID:0 pgtables:167936kB oom_score_adj:1000 [ 1111.173056][ T1065] oom_reaper: reaped process 21862 (syz-executor.0), now anon-rss:17848kB, file-rss:37048kB, shmem-rss:0kB [ 1111.213445][ T26] audit: type=1804 audit(1568179946.683:3053): pid=21911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/449/bus" dev="sda1" ino=16817 res=1 [ 1111.333471][ T26] audit: type=1800 audit(1568179946.713:3054): pid=21911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16817 res=0 05:32:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x2d00000000000000) creat(0x0, 0x0) open(0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, 0x0, 0x28000010) 05:32:27 executing program 1: 05:32:27 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3f) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x40000000000003, 0xfa}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 1111.560061][ T26] audit: type=1804 audit(1568179947.033:3055): pid=21893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/388/bus" dev="sda1" ino=16661 res=1 [ 1111.646434][ T26] audit: type=1800 audit(1568179947.033:3056): pid=21893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16661 res=0 05:32:27 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:27 executing program 4: 05:32:27 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:27 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:27 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:27 executing program 0: 05:32:27 executing program 4: 05:32:27 executing program 0: 05:32:27 executing program 4: 05:32:27 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:27 executing program 0: 05:32:27 executing program 4: 05:32:28 executing program 4: 05:32:28 executing program 0: [ 1112.581563][ T26] audit: type=1804 audit(1568179948.053:3057): pid=21966 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/450/bus" dev="sda1" ino=16642 res=1 [ 1112.706708][ T26] audit: type=1800 audit(1568179948.053:3058): pid=21966 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16642 res=0 [ 1112.873824][ T26] audit: type=1804 audit(1568179948.343:3059): pid=21948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/699/bus" dev="sda1" ino=16663 res=1 [ 1112.933505][ T26] audit: type=1800 audit(1568179948.343:3060): pid=21948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16663 res=0 05:32:28 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:28 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:28 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:28 executing program 4: 05:32:28 executing program 0: 05:32:28 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:29 executing program 4: 05:32:29 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x31c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, &(0x7f00000015c0)) 05:32:29 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:29 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)={[{@errors_recover='errors=\necover'}]}) 05:32:29 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x0, 0x0) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffc63, 0x0) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, 0x0) listen(r2, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @empty}}, 0x1c) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$PPPIOCATTACH(0xffffffffffffffff, 0x4004743d, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x0) write(r3, &(0x7f0000000840)="d5", 0x1) recvfrom$inet6(r3, &(0x7f0000001840)=""/31, 0xfe2d, 0x100, 0x0, 0x236) r4 = accept4(r2, 0x0, 0x0, 0x80000) sendto$inet6(r4, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) [ 1114.052580][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 05:32:29 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1114.106534][T21981] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1114.204517][T21981] CPU: 1 PID: 21981 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1114.213692][T21981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1114.225699][T21981] Call Trace: [ 1114.229001][T21981] dump_stack+0x172/0x1f0 [ 1114.233336][T21981] dump_header+0x177/0x1152 [ 1114.233354][T21981] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1114.233371][T21981] ? ___ratelimit+0x2c8/0x595 [ 1114.248712][T21981] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1114.254539][T21981] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1114.259941][T21981] ? trace_hardirqs_on+0x67/0x240 [ 1114.265068][T21981] ? pagefault_out_of_memory+0x11c/0x11c [ 1114.270716][T21981] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1114.276529][T21981] ? ___ratelimit+0x60/0x595 [ 1114.281135][T21981] ? do_raw_spin_unlock+0x57/0x270 [ 1114.286445][T21981] oom_kill_process.cold+0x10/0x15 [ 1114.288252][T22026] 9pnet: Insufficient options for proto=fd [ 1114.291572][T21981] out_of_memory+0x334/0x1340 [ 1114.291589][T21981] ? lock_downgrade+0x920/0x920 [ 1114.291614][T21981] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1114.313322][T21981] ? oom_killer_disable+0x280/0x280 [ 1114.318544][T21981] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1114.324102][T21981] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1114.329830][T21981] ? do_raw_spin_unlock+0x57/0x270 [ 1114.334958][T21981] ? _raw_spin_unlock+0x2d/0x50 [ 1114.340774][T21981] try_charge+0xf4b/0x1440 [ 1114.345654][T21981] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1114.351208][T21981] ? percpu_ref_tryget_live+0x111/0x290 [ 1114.356760][T21981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1114.364926][T21981] ? __kasan_check_read+0x11/0x20 [ 1114.369965][T21981] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1114.375539][T21981] mem_cgroup_try_charge+0x136/0x590 [ 1114.381036][T21981] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1114.387286][T21981] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1114.392929][T21981] __handle_mm_fault+0x1e34/0x3f20 [ 1114.398148][T21981] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1114.403709][T21981] ? __kasan_check_read+0x11/0x20 [ 1114.408748][T21981] handle_mm_fault+0x1b5/0x6c0 [ 1114.413614][T21981] __get_user_pages+0x7d4/0x1b30 [ 1114.418994][T21981] ? mark_held_locks+0xf0/0xf0 [ 1114.423947][T21981] ? follow_page_mask+0x1cf0/0x1cf0 [ 1114.429144][T21981] ? __mm_populate+0x270/0x380 [ 1114.433918][T21981] ? memset+0x32/0x40 [ 1114.439221][T21981] populate_vma_page_range+0x20d/0x2a0 [ 1114.445719][T21981] __mm_populate+0x204/0x380 [ 1114.450327][T21981] ? populate_vma_page_range+0x2a0/0x2a0 [ 1114.455972][T21981] ? up_write+0x1c8/0x490 [ 1114.460494][T21981] __x64_sys_mremap+0x7dc/0xb80 [ 1114.465367][T21981] ? mremap_to+0x750/0x750 [ 1114.469807][T21981] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1114.475291][T21981] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1114.481824][T21981] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1114.487917][T21981] ? do_syscall_64+0x26/0x760 [ 1114.492712][T21981] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1114.498011][T21981] ? trace_hardirqs_on+0x67/0x240 [ 1114.503061][T21981] do_syscall_64+0xfa/0x760 [ 1114.507596][T21981] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1114.513522][T21981] RIP: 0033:0x4598e9 [ 1114.518219][T21981] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1114.538381][T21981] RSP: 002b:00007fb275db4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1114.546812][T21981] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1114.555926][T21981] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1114.563909][T21981] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1114.572024][T21981] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb275db56d4 [ 1114.580115][T21981] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1114.592060][T21981] memory: usage 307200kB, limit 307200kB, failcnt 21154 [ 1114.599325][T21981] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1114.606890][T21981] Memory cgroup stats for /syz5: [ 1114.607029][T21981] anon 287227904 [ 1114.607029][T21981] file 16691200 [ 1114.607029][T21981] kernel_stack 851968 [ 1114.607029][T21981] slab 6123520 [ 1114.607029][T21981] sock 0 [ 1114.607029][T21981] shmem 0 [ 1114.607029][T21981] file_mapped 16625664 [ 1114.607029][T21981] file_dirty 135168 [ 1114.607029][T21981] file_writeback 0 [ 1114.607029][T21981] anon_thp 148897792 [ 1114.607029][T21981] inactive_anon 247472128 [ 1114.607029][T21981] active_anon 1536000 [ 1114.607029][T21981] inactive_file 0 [ 1114.607029][T21981] active_file 212992 [ 1114.607029][T21981] unevictable 55099392 [ 1114.607029][T21981] slab_reclaimable 2297856 [ 1114.607029][T21981] slab_unreclaimable 3825664 [ 1114.607029][T21981] pgfault 1015278 [ 1114.607029][T21981] pgmajfault 132 [ 1114.607029][T21981] workingset_refault 23991 [ 1114.607029][T21981] workingset_activate 2541 [ 1114.607029][T21981] workingset_nodereclaim 0 [ 1114.607029][T21981] pgrefill 33307 [ 1114.607029][T21981] pgscan 44734 [ 1114.614425][T21981] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21978,uid=0 [ 1114.728780][T21981] Memory cgroup out of memory: Killed process 21978 (syz-executor.5) total-vm:72700kB, anon-rss:16992kB, file-rss:53368kB, shmem-rss:0kB, UID:0 pgtables:200704kB oom_score_adj:1000 [ 1114.829441][ T1065] oom_reaper: reaped process 21978 (syz-executor.5), now anon-rss:17156kB, file-rss:54332kB, shmem-rss:0kB 05:32:30 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:30 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:30 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) 05:32:30 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:30 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x31c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00'}) [ 1115.390572][T22053] 9pnet: Insufficient options for proto=fd 05:32:31 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:31 executing program 0: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:31 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:31 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) [ 1115.829105][T22069] __ntfs_error: 14 callbacks suppressed [ 1115.829120][T22069] ntfs: (device loop4): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 1115.864642][T22075] 9pnet: Insufficient options for proto=fd 05:32:31 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1115.928947][T22069] ntfs: (device loop4): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. 05:32:31 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) [ 1116.020800][T22069] ntfs: (device loop4): ntfs_fill_super(): Not an NTFS volume. [ 1116.145485][T22091] 9pnet: Insufficient options for proto=fd [ 1116.171567][ T26] audit: type=1804 audit(1568179951.643:3067): pid=22088 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/621/bus" dev="sda1" ino=16737 res=1 05:32:31 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) [ 1116.287438][ T26] audit: type=1800 audit(1568179951.643:3068): pid=22088 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16737 res=0 05:32:31 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1116.442433][T22097] ntfs: (device loop4): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 1116.453362][ T26] audit: type=1804 audit(1568179951.923:3069): pid=22057 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/391/bus" dev="sda1" ino=16630 res=1 [ 1116.547888][T22097] ntfs: (device loop4): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 1116.573630][ T26] audit: type=1800 audit(1568179951.953:3070): pid=22057 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16630 res=0 [ 1116.589853][T22088] syz-executor.0 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1116.625641][T22097] ntfs: (device loop4): ntfs_fill_super(): Not an NTFS volume. [ 1116.657891][T22088] CPU: 0 PID: 22088 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1116.667034][T22088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1116.677100][T22088] Call Trace: [ 1116.680404][T22088] dump_stack+0x172/0x1f0 [ 1116.685094][T22088] dump_header+0x177/0x1152 [ 1116.689613][T22088] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1116.696565][T22088] ? ___ratelimit+0x2c8/0x595 [ 1116.701256][T22088] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1116.707078][T22088] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1116.712373][T22088] ? trace_hardirqs_on+0x67/0x240 [ 1116.717411][T22088] ? pagefault_out_of_memory+0x11c/0x11c [ 1116.723052][T22088] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1116.728865][T22088] ? ___ratelimit+0x60/0x595 [ 1116.733457][T22088] ? do_raw_spin_unlock+0x57/0x270 [ 1116.738753][T22088] oom_kill_process.cold+0x10/0x15 [ 1116.743911][T22088] out_of_memory+0x334/0x1340 [ 1116.748596][T22088] ? lock_downgrade+0x920/0x920 [ 1116.753456][T22088] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1116.759279][T22088] ? oom_killer_disable+0x280/0x280 [ 1116.764500][T22088] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1116.770059][T22088] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1116.775702][T22088] ? do_raw_spin_unlock+0x57/0x270 [ 1116.780838][T22088] ? _raw_spin_unlock+0x2d/0x50 [ 1116.785701][T22088] try_charge+0xf4b/0x1440 [ 1116.790134][T22088] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1116.795690][T22088] ? percpu_ref_tryget_live+0x111/0x290 [ 1116.801364][T22088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1116.807623][T22088] ? __kasan_check_read+0x11/0x20 [ 1116.812662][T22088] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1116.818211][T22088] mem_cgroup_try_charge+0x136/0x590 [ 1116.823512][T22088] __add_to_page_cache_locked+0x43f/0xec0 [ 1116.829243][T22088] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1116.835230][T22088] ? __kasan_check_read+0x11/0x20 [ 1116.840282][T22088] ? unaccount_page_cache_page+0xda0/0xda0 [ 1116.846095][T22088] ? __alloc_pages_nodemask+0x658/0x900 [ 1116.851746][T22088] ? xas_descend+0x144/0x370 [ 1116.856356][T22088] ? shadow_lru_isolate+0x430/0x430 [ 1116.861580][T22088] add_to_page_cache_lru+0x1d8/0x790 [ 1116.867058][T22088] ? add_to_page_cache_locked+0x40/0x40 [ 1116.872628][T22088] ? __page_cache_alloc+0x116/0x490 [ 1116.877844][T22088] pagecache_get_page+0x3be/0x900 [ 1116.882881][T22088] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1116.888465][T22088] grab_cache_page_write_begin+0x75/0xb0 [ 1116.894138][T22088] ext4_da_write_begin+0x2ec/0xb80 [ 1116.899299][T22088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1116.905581][T22088] ? ext4_write_begin+0xd20/0xd20 [ 1116.910875][T22088] ? iov_iter_zero+0xfa0/0xfa0 [ 1116.915655][T22088] generic_perform_write+0x23b/0x540 [ 1116.920965][T22088] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1116.929037][T22088] ? current_time+0x140/0x140 [ 1116.933750][T22088] ? generic_write_check_limits.isra.0+0x270/0x270 [ 1116.940267][T22088] __generic_file_write_iter+0x25e/0x630 [ 1116.945943][T22088] ext4_file_write_iter+0x317/0x13c0 [ 1116.945965][T22088] ? ext4_release_file+0x380/0x380 [ 1116.956430][T22088] ? __kasan_check_read+0x11/0x20 [ 1116.962172][T22088] ? __lock_acquire+0x16f2/0x4a00 [ 1116.967379][T22088] ? __kasan_check_read+0x11/0x20 [ 1116.972409][T22088] ? mark_lock+0xc2/0x1220 [ 1116.976849][T22088] do_iter_readv_writev+0x5f8/0x8f0 [ 1116.982064][T22088] ? no_seek_end_llseek_size+0x70/0x70 [ 1116.987532][T22088] ? apparmor_file_permission+0x25/0x30 [ 1116.993086][T22088] ? rw_verify_area+0x126/0x360 [ 1117.000552][T22088] do_iter_write+0x184/0x610 [ 1117.005157][T22088] ? __kmalloc+0x608/0x770 [ 1117.009582][T22088] vfs_iter_write+0x77/0xb0 [ 1117.014894][T22088] iter_file_splice_write+0x66d/0xbe0 [ 1117.020359][T22088] ? atime_needs_update+0x5f0/0x5f0 [ 1117.025585][T22088] ? page_cache_pipe_buf_release+0x180/0x180 [ 1117.031619][T22088] ? rw_verify_area+0x126/0x360 [ 1117.036480][T22088] ? page_cache_pipe_buf_release+0x180/0x180 [ 1117.042468][T22088] direct_splice_actor+0x123/0x190 [ 1117.048286][T22088] splice_direct_to_actor+0x366/0x970 [ 1117.053836][T22088] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1117.059391][T22088] ? do_splice_to+0x180/0x180 [ 1117.064078][T22088] ? rw_verify_area+0x126/0x360 [ 1117.068951][T22088] do_splice_direct+0x1da/0x2a0 [ 1117.073829][T22088] ? splice_direct_to_actor+0x970/0x970 [ 1117.079395][T22088] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1117.084779][T22088] ? __this_cpu_preempt_check+0x3a/0x210 [ 1117.090567][T22088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1117.096863][T22088] ? __sb_start_write+0x1e5/0x460 [ 1117.101896][T22088] do_sendfile+0x597/0xd00 [ 1117.106348][T22088] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1117.111636][T22088] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1117.117885][T22088] ? put_timespec64+0xda/0x140 [ 1117.122669][T22088] __x64_sys_sendfile64+0x1dd/0x220 [ 1117.127877][T22088] ? __ia32_sys_sendfile+0x230/0x230 [ 1117.133164][T22088] ? do_syscall_64+0x26/0x760 [ 1117.137844][T22088] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1117.143136][T22088] ? trace_hardirqs_on+0x67/0x240 [ 1117.148171][T22088] do_syscall_64+0xfa/0x760 [ 1117.152881][T22088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1117.160427][T22088] RIP: 0033:0x4598e9 [ 1117.164328][T22088] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1117.184459][T22088] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1117.192912][T22088] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 1117.200897][T22088] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 05:32:32 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:32 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) [ 1117.208878][T22088] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1117.217132][T22088] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb972f886d4 [ 1117.226170][T22088] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff [ 1117.257622][T22088] memory: usage 307200kB, limit 307200kB, failcnt 15176 [ 1117.264813][T22088] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1117.272429][T22088] Memory cgroup stats for /syz0: [ 1117.272553][T22088] anon 298897408 [ 1117.272553][T22088] file 1998848 [ 1117.272553][T22088] kernel_stack 917504 [ 1117.272553][T22088] slab 8536064 [ 1117.272553][T22088] sock 0 [ 1117.272553][T22088] shmem 0 [ 1117.272553][T22088] file_mapped 1892352 [ 1117.272553][T22088] file_dirty 0 [ 1117.272553][T22088] file_writeback 0 [ 1117.272553][T22088] anon_thp 56623104 [ 1117.272553][T22088] inactive_anon 286457856 [ 1117.272553][T22088] active_anon 1622016 [ 1117.272553][T22088] inactive_file 0 [ 1117.272553][T22088] active_file 180224 [ 1117.272553][T22088] unevictable 12861440 [ 1117.272553][T22088] slab_reclaimable 2838528 [ 1117.272553][T22088] slab_unreclaimable 5697536 [ 1117.272553][T22088] pgfault 1044252 [ 1117.272553][T22088] pgmajfault 99 [ 1117.272553][T22088] workingset_refault 23859 [ 1117.272553][T22088] workingset_activate 1980 [ 1117.272553][T22088] workingset_nodereclaim 0 [ 1117.272553][T22088] pgrefill 30981 [ 1117.272553][T22088] pgscan 49527 [ 1117.272553][T22088] pgsteal 31888 [ 1117.370968][T22088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21763,uid=0 [ 1117.404636][T22088] Memory cgroup out of memory: Killed process 21763 (syz-executor.0) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 1117.501215][T22083] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1117.599200][T22083] CPU: 0 PID: 22083 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1117.608355][T22083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1117.621395][T22083] Call Trace: [ 1117.624970][T22083] dump_stack+0x172/0x1f0 [ 1117.629346][T22083] dump_header+0x177/0x1152 [ 1117.633905][T22083] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1117.640619][T22083] ? ___ratelimit+0x2c8/0x595 05:32:33 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) [ 1117.645428][T22083] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1117.651256][T22083] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1117.656578][T22083] ? trace_hardirqs_on+0x67/0x240 [ 1117.661973][T22083] ? pagefault_out_of_memory+0x11c/0x11c [ 1117.667639][T22083] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1117.673466][T22083] ? ___ratelimit+0x60/0x595 [ 1117.678071][T22083] ? do_raw_spin_unlock+0x57/0x270 [ 1117.683207][T22083] oom_kill_process.cold+0x10/0x15 [ 1117.688344][T22083] out_of_memory+0x334/0x1340 [ 1117.693038][T22083] ? lock_downgrade+0x920/0x920 [ 1117.697915][T22083] ? oom_killer_disable+0x280/0x280 [ 1117.703238][T22083] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1117.708893][T22083] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1117.714551][T22083] ? do_raw_spin_unlock+0x57/0x270 [ 1117.719686][T22083] ? _raw_spin_unlock+0x2d/0x50 [ 1117.724566][T22083] try_charge+0xa2d/0x1440 [ 1117.729444][T22083] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1117.735268][T22083] ? percpu_ref_tryget_live+0x111/0x290 [ 1117.740845][T22083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1117.747113][T22083] ? __kasan_check_read+0x11/0x20 [ 1117.752155][T22083] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1117.757711][T22083] mem_cgroup_try_charge+0x136/0x590 [ 1117.763016][T22083] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1117.769273][T22083] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1117.774925][T22083] __handle_mm_fault+0x1e34/0x3f20 [ 1117.780088][T22083] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1117.785929][T22083] ? __kasan_check_read+0x11/0x20 [ 1117.790973][T22083] handle_mm_fault+0x1b5/0x6c0 [ 1117.795753][T22083] __get_user_pages+0x7d4/0x1b30 [ 1117.800704][T22083] ? mark_held_locks+0xf0/0xf0 [ 1117.805493][T22083] ? follow_page_mask+0x1cf0/0x1cf0 [ 1117.811051][T22083] ? __mm_populate+0x270/0x380 [ 1117.815841][T22083] ? __kasan_check_read+0x11/0x20 [ 1117.821055][T22083] ? down_read+0x281/0x430 [ 1117.826524][T22083] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1117.826550][T22083] populate_vma_page_range+0x20d/0x2a0 [ 1117.826572][T22083] __mm_populate+0x204/0x380 [ 1117.826591][T22083] ? populate_vma_page_range+0x2a0/0x2a0 [ 1117.826609][T22083] ? __kasan_check_write+0x14/0x20 05:32:33 executing program 4: syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) [ 1117.826624][T22083] ? up_write+0x155/0x490 [ 1117.826639][T22083] ? ns_capable_common+0x93/0x100 [ 1117.826661][T22083] __x64_sys_mlockall+0x473/0x520 [ 1117.826682][T22083] do_syscall_64+0xfa/0x760 [ 1117.826703][T22083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1117.826716][T22083] RIP: 0033:0x4598e9 [ 1117.826732][T22083] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1117.826740][T22083] RSP: 002b:00007fb972fa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1117.826755][T22083] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1117.826763][T22083] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1117.826771][T22083] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1117.826780][T22083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb972fa96d4 [ 1117.826789][T22083] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1118.137903][T22083] memory: usage 289252kB, limit 307200kB, failcnt 15176 [ 1118.137917][T22083] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1118.137923][T22083] Memory cgroup stats for /syz0: [ 1118.138043][T22083] anon 280293376 [ 1118.138043][T22083] file 2404352 [ 1118.138043][T22083] kernel_stack 917504 [ 1118.138043][T22083] slab 8536064 [ 1118.138043][T22083] sock 0 [ 1118.138043][T22083] shmem 0 [ 1118.138043][T22083] file_mapped 1892352 [ 1118.138043][T22083] file_dirty 405504 [ 1118.138043][T22083] file_writeback 0 [ 1118.138043][T22083] anon_thp 48234496 [ 1118.138043][T22083] inactive_anon 269873152 [ 1118.138043][T22083] active_anon 1622016 [ 1118.138043][T22083] inactive_file 397312 [ 1118.138043][T22083] active_file 180224 [ 1118.138043][T22083] unevictable 10809344 [ 1118.138043][T22083] slab_reclaimable 2838528 [ 1118.138043][T22083] slab_unreclaimable 5697536 [ 1118.138043][T22083] pgfault 1044252 [ 1118.138043][T22083] pgmajfault 99 [ 1118.138043][T22083] workingset_refault 23859 [ 1118.138043][T22083] workingset_activate 1980 [ 1118.138043][T22083] workingset_nodereclaim 0 [ 1118.138043][T22083] pgrefill 30981 [ 1118.138043][T22083] pgscan 49527 [ 1118.138064][T22083] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20231,uid=0 [ 1118.138192][T22083] Memory cgroup out of memory: Killed process 20231 (syz-executor.0) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 1118.163148][ T1065] oom_reaper: reaped process 20231 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1118.164811][T22093] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1118.164898][T22093] CPU: 1 PID: 22093 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1118.164907][T22093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1118.164913][T22093] Call Trace: [ 1118.164937][T22093] dump_stack+0x172/0x1f0 [ 1118.164960][T22093] dump_header+0x177/0x1152 [ 1118.164983][T22093] ? __this_cpu_preempt_check+0x3a/0x210 [ 1118.165000][T22093] ? retint_kernel+0x2b/0x2b [ 1118.165018][T22093] ? pagefault_out_of_memory+0x11c/0x11c [ 1118.165034][T22093] ? oom_kill_process+0x94/0x3f0 [ 1118.165054][T22093] oom_kill_process.cold+0x10/0x15 [ 1118.165071][T22093] out_of_memory+0x334/0x1340 [ 1118.165088][T22093] ? lock_downgrade+0x920/0x920 [ 1118.165107][T22093] ? oom_killer_disable+0x280/0x280 [ 1118.165135][T22093] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1118.165152][T22093] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1118.165171][T22093] ? do_raw_spin_unlock+0x57/0x270 [ 1118.165187][T22093] ? _raw_spin_unlock+0x2d/0x50 [ 1118.165205][T22093] try_charge+0xa2d/0x1440 [ 1118.165231][T22093] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1118.165246][T22093] ? percpu_ref_tryget_live+0x111/0x290 [ 1118.165275][T22093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1118.165294][T22093] ? __kasan_check_read+0x11/0x20 [ 1118.165314][T22093] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1118.165332][T22093] mem_cgroup_try_charge+0x136/0x590 [ 1118.165348][T22093] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1118.165367][T22093] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1118.165389][T22093] __handle_mm_fault+0x1e34/0x3f20 [ 1118.165410][T22093] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1118.165438][T22093] ? __kasan_check_read+0x11/0x20 [ 1118.165462][T22093] handle_mm_fault+0x1b5/0x6c0 [ 1118.165482][T22093] __get_user_pages+0x7d4/0x1b30 [ 1118.165495][T22093] ? mark_held_locks+0xf0/0xf0 [ 1118.165520][T22093] ? follow_page_mask+0x1cf0/0x1cf0 [ 1118.165533][T22093] ? __mm_populate+0x270/0x380 [ 1118.165558][T22093] ? memset+0x32/0x40 [ 1118.165579][T22093] populate_vma_page_range+0x20d/0x2a0 [ 1118.165596][T22093] __mm_populate+0x204/0x380 [ 1118.165613][T22093] ? populate_vma_page_range+0x2a0/0x2a0 [ 1118.165627][T22093] ? up_write+0x1c8/0x490 [ 1118.165644][T22093] __x64_sys_mremap+0x7dc/0xb80 [ 1118.165665][T22093] ? mremap_to+0x750/0x750 [ 1118.165691][T22093] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1118.165705][T22093] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1118.165719][T22093] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1118.165733][T22093] ? do_syscall_64+0x26/0x760 [ 1118.165746][T22093] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1118.165760][T22093] ? trace_hardirqs_on+0x67/0x240 [ 1118.165777][T22093] do_syscall_64+0xfa/0x760 [ 1118.165797][T22093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1118.165809][T22093] RIP: 0033:0x4598e9 [ 1118.165825][T22093] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1118.165833][T22093] RSP: 002b:00007fb972f66c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1118.165848][T22093] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1118.165857][T22093] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1118.165865][T22093] RBP: 000000000075c070 R08: 0000000020130000 R09: 0000000000000000 [ 1118.165874][T22093] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb972f676d4 [ 1118.165882][T22093] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1118.167210][T22093] memory: usage 277140kB, limit 307200kB, failcnt 15176 [ 1118.167565][T22093] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1118.167653][T22093] Memory cgroup stats for /syz0: [ 1118.168951][T22093] anon 267956224 [ 1118.168951][T22093] file 2404352 [ 1118.168951][T22093] kernel_stack 917504 [ 1118.168951][T22093] slab 8536064 [ 1118.168951][T22093] sock 0 [ 1118.168951][T22093] shmem 0 [ 1118.168951][T22093] file_mapped 1892352 [ 1118.168951][T22093] file_dirty 405504 [ 1118.168951][T22093] file_writeback 0 [ 1118.168951][T22093] anon_thp 41943040 [ 1118.168951][T22093] inactive_anon 257593344 [ 1118.168951][T22093] active_anon 1622016 [ 1118.168951][T22093] inactive_file 397312 [ 1118.168951][T22093] active_file 180224 [ 1118.168951][T22093] unevictable 10809344 [ 1118.168951][T22093] slab_reclaimable 2838528 [ 1118.168951][T22093] slab_unreclaimable 5697536 [ 1118.168951][T22093] pgfault 1044252 [ 1118.168951][T22093] pgmajfault 99 [ 1118.168951][T22093] workingset_refault 23859 [ 1118.168951][T22093] workingset_activate 1980 [ 1118.168951][T22093] workingset_nodereclaim 0 [ 1118.168951][T22093] pgrefill 30981 [ 1118.168951][T22093] pgscan 49527 [ 1118.169025][T22093] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10460,uid=0 [ 1118.169874][T22093] Memory cgroup out of memory: Killed process 10460 (syz-executor.0) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 1118.205305][ T1065] oom_reaper: reaped process 10460 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 05:32:34 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:34 executing program 4: syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) 05:32:34 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:34 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) [ 1119.470425][T22145] 9pnet: Insufficient options for proto=fd 05:32:35 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:35 executing program 4: syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) 05:32:35 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:35 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:35 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:35 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', 0x0, 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) 05:32:35 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:35 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', 0x0, 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) 05:32:36 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, 0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:36 executing program 1: syz_mount_image$gfs2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:36 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', 0x0, 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa, 0x6}], 0x0, 0x0) 05:32:36 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1120.906435][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 1120.906448][ T26] audit: type=1804 audit(1568179956.373:3081): pid=22164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/393/bus" dev="sda1" ino=16649 res=1 [ 1121.103104][ T26] audit: type=1800 audit(1568179956.413:3082): pid=22164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16649 res=0 [ 1121.398491][T22202] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1121.437380][T22202] CPU: 1 PID: 22202 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1121.446530][T22202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1121.456769][T22202] Call Trace: [ 1121.460078][T22202] dump_stack+0x172/0x1f0 [ 1121.465724][T22202] dump_header+0x177/0x1152 [ 1121.470243][T22202] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1121.476070][T22202] ? ___ratelimit+0x2c8/0x595 [ 1121.480778][T22202] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1121.486595][T22202] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1121.491897][T22202] ? trace_hardirqs_on+0x67/0x240 [ 1121.496943][T22202] ? pagefault_out_of_memory+0x11c/0x11c [ 1121.502592][T22202] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1121.508543][T22202] ? ___ratelimit+0x60/0x595 [ 1121.513140][T22202] ? do_raw_spin_unlock+0x57/0x270 [ 1121.518808][T22202] oom_kill_process.cold+0x10/0x15 [ 1121.524470][T22202] out_of_memory+0x334/0x1340 [ 1121.529248][T22202] ? lock_downgrade+0x920/0x920 [ 1121.534109][T22202] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1121.539940][T22202] ? oom_killer_disable+0x280/0x280 [ 1121.545157][T22202] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1121.550707][T22202] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1121.556456][T22202] ? do_raw_spin_unlock+0x57/0x270 [ 1121.561581][T22202] ? _raw_spin_unlock+0x2d/0x50 [ 1121.566529][T22202] try_charge+0xf4b/0x1440 [ 1121.570970][T22202] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1121.576611][T22202] ? percpu_ref_tryget_live+0x111/0x290 [ 1121.582171][T22202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1121.588432][T22202] ? __kasan_check_read+0x11/0x20 [ 1121.593482][T22202] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1121.599067][T22202] mem_cgroup_try_charge+0x136/0x590 [ 1121.604369][T22202] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1121.610737][T22202] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1121.617344][T22202] __handle_mm_fault+0x1e34/0x3f20 [ 1121.622468][T22202] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1121.628035][T22202] ? __kasan_check_read+0x11/0x20 [ 1121.633077][T22202] handle_mm_fault+0x1b5/0x6c0 [ 1121.637872][T22202] __get_user_pages+0x7d4/0x1b30 [ 1121.642817][T22202] ? mark_held_locks+0xf0/0xf0 [ 1121.647599][T22202] ? follow_page_mask+0x1cf0/0x1cf0 [ 1121.652802][T22202] ? __mm_populate+0x270/0x380 [ 1121.657574][T22202] ? __kasan_check_write+0x14/0x20 [ 1121.662724][T22202] ? down_read+0x109/0x430 [ 1121.667173][T22202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1121.673516][T22202] populate_vma_page_range+0x20d/0x2a0 [ 1121.679015][T22202] __mm_populate+0x204/0x380 [ 1121.683621][T22202] ? populate_vma_page_range+0x2a0/0x2a0 [ 1121.689274][T22202] ? __kasan_check_write+0x14/0x20 [ 1121.694404][T22202] ? up_write+0x155/0x490 [ 1121.698744][T22202] ? ns_capable_common+0x93/0x100 [ 1121.704675][T22202] __x64_sys_mlockall+0x473/0x520 [ 1121.709713][T22202] do_syscall_64+0xfa/0x760 [ 1121.714236][T22202] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1121.720415][T22202] RIP: 0033:0x4598e9 [ 1121.724315][T22202] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1121.748270][T22202] RSP: 002b:00007fb275dd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1121.756812][T22202] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1121.764795][T22202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1121.772778][T22202] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1121.780761][T22202] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275dd66d4 [ 1121.788747][T22202] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1121.874654][T22202] memory: usage 307168kB, limit 307200kB, failcnt 21522 [ 1121.884373][T22202] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1122.000782][T22202] Memory cgroup stats for /syz5: [ 1122.000902][T22202] anon 287907840 [ 1122.000902][T22202] file 16654336 [ 1122.000902][T22202] kernel_stack 786432 [ 1122.000902][T22202] slab 5574656 [ 1122.000902][T22202] sock 0 [ 1122.000902][T22202] shmem 0 [ 1122.000902][T22202] file_mapped 16625664 [ 1122.000902][T22202] file_dirty 135168 [ 1122.000902][T22202] file_writeback 0 [ 1122.000902][T22202] anon_thp 159383552 [ 1122.000902][T22202] inactive_anon 245211136 [ 1122.000902][T22202] active_anon 1536000 05:32:37 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:37 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 05:32:37 executing program 1: syz_mount_image$gfs2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:37 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1122.000902][T22202] inactive_file 20480 [ 1122.000902][T22202] active_file 114688 [ 1122.000902][T22202] unevictable 57970688 [ 1122.000902][T22202] slab_reclaimable 2027520 [ 1122.000902][T22202] slab_unreclaimable 3547136 [ 1122.000902][T22202] pgfault 1029567 [ 1122.000902][T22202] pgmajfault 132 [ 1122.000902][T22202] workingset_refault 25278 [ 1122.000902][T22202] workingset_activate 3399 [ 1122.000902][T22202] workingset_nodereclaim 0 [ 1122.000902][T22202] pgrefill 34645 [ 1122.000902][T22202] pgscan 46070 [ 1122.098956][T22202] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22201,uid=0 [ 1122.099129][T22202] Memory cgroup out of memory: Killed process 22201 (syz-executor.5) total-vm:72576kB, anon-rss:17820kB, file-rss:51320kB, shmem-rss:0kB, UID:0 pgtables:200704kB oom_score_adj:1000 [ 1122.211354][T22221] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 05:32:37 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 05:32:37 executing program 1: syz_mount_image$gfs2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1122.507816][T22234] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 05:32:38 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:38 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, 0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:38 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 05:32:38 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1122.866763][T22253] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1122.875597][ T26] audit: type=1804 audit(1568179958.333:3083): pid=22224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/394/bus" dev="sda1" ino=16649 res=1 [ 1122.996676][ T26] audit: type=1800 audit(1568179958.333:3084): pid=22224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16649 res=0 05:32:38 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001600), 0x0, 0x0) [ 1123.064791][T22261] 9pnet: Insufficient options for proto=fd [ 1123.113952][ T26] audit: type=1804 audit(1568179958.403:3085): pid=22225 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/623/bus" dev="sda1" ino=16663 res=1 [ 1123.224879][ T26] audit: type=1800 audit(1568179958.403:3086): pid=22225 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16663 res=0 [ 1123.226700][T22267] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1123.280893][T22243] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1123.291448][T22243] CPU: 1 PID: 22243 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1123.300759][T22243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1123.310826][T22243] Call Trace: [ 1123.314138][T22243] dump_stack+0x172/0x1f0 [ 1123.318486][T22243] dump_header+0x177/0x1152 [ 1123.323097][T22243] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1123.328934][T22243] ? ___ratelimit+0x2c8/0x595 [ 1123.333620][T22243] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1123.339439][T22243] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1123.344737][T22243] ? trace_hardirqs_on+0x67/0x240 [ 1123.349797][T22243] ? pagefault_out_of_memory+0x11c/0x11c [ 1123.355448][T22243] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1123.361263][T22243] ? ___ratelimit+0x60/0x595 [ 1123.365862][T22243] ? do_raw_spin_unlock+0x57/0x270 [ 1123.370987][T22243] oom_kill_process.cold+0x10/0x15 [ 1123.376200][T22243] out_of_memory+0x334/0x1340 [ 1123.380887][T22243] ? lock_downgrade+0x920/0x920 [ 1123.385755][T22243] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1123.391579][T22243] ? oom_killer_disable+0x280/0x280 [ 1123.396801][T22243] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1123.402354][T22243] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1123.408005][T22243] ? do_raw_spin_unlock+0x57/0x270 [ 1123.413130][T22243] ? _raw_spin_unlock+0x2d/0x50 [ 1123.417994][T22243] try_charge+0xf4b/0x1440 [ 1123.422431][T22243] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1123.427984][T22243] ? percpu_ref_tryget_live+0x111/0x290 [ 1123.434324][T22243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1123.440580][T22243] ? __kasan_check_read+0x11/0x20 [ 1123.445625][T22243] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1123.451733][T22243] mem_cgroup_try_charge+0x136/0x590 [ 1123.457034][T22243] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1123.463290][T22243] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1123.468947][T22243] __handle_mm_fault+0x1e34/0x3f20 [ 1123.474073][T22243] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1123.479641][T22243] ? __kasan_check_read+0x11/0x20 [ 1123.484692][T22243] handle_mm_fault+0x1b5/0x6c0 [ 1123.489472][T22243] __get_user_pages+0x7d4/0x1b30 [ 1123.494413][T22243] ? mark_held_locks+0xf0/0xf0 [ 1123.499196][T22243] ? follow_page_mask+0x1cf0/0x1cf0 [ 1123.504396][T22243] ? __mm_populate+0x270/0x380 [ 1123.509268][T22243] ? __kasan_check_write+0x14/0x20 [ 1123.514387][T22243] ? down_read+0x109/0x430 [ 1123.518828][T22243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1123.525101][T22243] populate_vma_page_range+0x20d/0x2a0 [ 1123.530589][T22243] __mm_populate+0x204/0x380 [ 1123.535200][T22243] ? populate_vma_page_range+0x2a0/0x2a0 [ 1123.540892][T22243] ? __kasan_check_write+0x14/0x20 [ 1123.546368][T22243] ? up_write+0x155/0x490 [ 1123.550716][T22243] ? ns_capable_common+0x93/0x100 [ 1123.556457][T22243] __x64_sys_mlockall+0x473/0x520 [ 1123.561503][T22243] do_syscall_64+0xfa/0x760 [ 1123.566030][T22243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1123.571932][T22243] RIP: 0033:0x4598e9 [ 1123.575831][T22243] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1123.595443][T22243] RSP: 002b:00007fb275dd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1123.604076][T22243] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1123.612068][T22243] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1123.620052][T22243] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 05:32:39 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1123.628168][T22243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275dd66d4 [ 1123.636153][T22243] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1123.657424][T22243] memory: usage 307032kB, limit 307200kB, failcnt 21551 [ 1123.687019][T22243] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1123.754595][T22243] Memory cgroup stats for /syz5: [ 1123.754729][T22243] anon 287965184 [ 1123.754729][T22243] file 16654336 [ 1123.754729][T22243] kernel_stack 851968 [ 1123.754729][T22243] slab 5304320 [ 1123.754729][T22243] sock 0 [ 1123.754729][T22243] shmem 0 [ 1123.754729][T22243] file_mapped 16896000 [ 1123.754729][T22243] file_dirty 135168 [ 1123.754729][T22243] file_writeback 0 [ 1123.754729][T22243] anon_thp 150994944 [ 1123.754729][T22243] inactive_anon 245309440 [ 1123.754729][T22243] active_anon 1536000 [ 1123.754729][T22243] inactive_file 155648 [ 1123.754729][T22243] active_file 0 [ 1123.754729][T22243] unevictable 58261504 [ 1123.754729][T22243] slab_reclaimable 1892352 [ 1123.754729][T22243] slab_unreclaimable 3411968 [ 1123.754729][T22243] pgfault 1032834 [ 1123.754729][T22243] pgmajfault 132 [ 1123.754729][T22243] workingset_refault 25278 [ 1123.754729][T22243] workingset_activate 3399 [ 1123.754729][T22243] workingset_nodereclaim 0 [ 1123.754729][T22243] pgrefill 34645 [ 1123.754729][T22243] pgscan 46070 [ 1124.069485][T22243] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22242,uid=0 [ 1124.085696][T22243] Memory cgroup out of memory: Killed process 22242 (syz-executor.5) total-vm:72576kB, anon-rss:17820kB, file-rss:51448kB, shmem-rss:0kB, UID:0 pgtables:200704kB oom_score_adj:1000 [ 1124.104583][ T1065] oom_reaper: reaped process 22242 (syz-executor.5), now anon-rss:17864kB, file-rss:52412kB, shmem-rss:0kB 05:32:39 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:39 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:39 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001600), 0x0, 0x0) 05:32:39 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, 0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1124.384124][T22289] 9pnet: Insufficient options for proto=fd 05:32:40 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:40 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001600), 0x0, 0x0) 05:32:40 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1124.740119][T22308] 9pnet: Insufficient options for proto=fd 05:32:40 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{0x0, 0x0, 0x6}], 0x0, 0x0) 05:32:40 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:40 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{0x0, 0x0, 0x6}], 0x0, 0x0) [ 1125.095751][T22324] 9pnet: Insufficient options for proto=fd 05:32:40 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1125.407954][T22339] 9pnet: Insufficient options for proto=fd 05:32:40 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1125.765634][T22299] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1125.787481][T22299] CPU: 0 PID: 22299 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1125.796640][T22299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1125.806824][T22299] Call Trace: [ 1125.810146][T22299] dump_stack+0x172/0x1f0 [ 1125.814494][T22299] dump_header+0x177/0x1152 [ 1125.819008][T22299] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1125.824824][T22299] ? ___ratelimit+0x2c8/0x595 [ 1125.829506][T22299] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1125.835319][T22299] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1125.840615][T22299] ? trace_hardirqs_on+0x67/0x240 [ 1125.845646][T22299] ? pagefault_out_of_memory+0x11c/0x11c [ 1125.851288][T22299] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1125.857211][T22299] ? ___ratelimit+0x60/0x595 [ 1125.861808][T22299] ? do_raw_spin_unlock+0x57/0x270 [ 1125.866933][T22299] oom_kill_process.cold+0x10/0x15 [ 1125.872052][T22299] out_of_memory+0x334/0x1340 [ 1125.876734][T22299] ? lock_downgrade+0x920/0x920 [ 1125.881589][T22299] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1125.887398][T22299] ? oom_killer_disable+0x280/0x280 [ 1125.892615][T22299] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1125.898168][T22299] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1125.903810][T22299] ? do_raw_spin_unlock+0x57/0x270 [ 1125.908933][T22299] ? _raw_spin_unlock+0x2d/0x50 [ 1125.913791][T22299] try_charge+0xf4b/0x1440 [ 1125.918220][T22299] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1125.923767][T22299] ? percpu_ref_tryget_live+0x111/0x290 [ 1125.929320][T22299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1125.935570][T22299] ? __kasan_check_read+0x11/0x20 [ 1125.940608][T22299] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1125.946167][T22299] mem_cgroup_try_charge+0x136/0x590 [ 1125.951457][T22299] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1125.957705][T22299] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1125.963345][T22299] __handle_mm_fault+0x1e34/0x3f20 [ 1125.968467][T22299] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1125.974031][T22299] ? __kasan_check_read+0x11/0x20 [ 1125.979072][T22299] handle_mm_fault+0x1b5/0x6c0 [ 1125.983868][T22299] __get_user_pages+0x7d4/0x1b30 [ 1125.988818][T22299] ? mark_held_locks+0xf0/0xf0 [ 1125.993605][T22299] ? follow_page_mask+0x1cf0/0x1cf0 [ 1125.998811][T22299] ? __mm_populate+0x270/0x380 [ 1126.003593][T22299] ? __kasan_check_write+0x14/0x20 [ 1126.008704][T22299] ? down_read+0x109/0x430 [ 1126.013109][T22299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1126.019343][T22299] populate_vma_page_range+0x20d/0x2a0 [ 1126.024792][T22299] __mm_populate+0x204/0x380 [ 1126.029370][T22299] ? populate_vma_page_range+0x2a0/0x2a0 [ 1126.034990][T22299] ? __kasan_check_write+0x14/0x20 [ 1126.040097][T22299] ? up_write+0x155/0x490 [ 1126.044408][T22299] ? ns_capable_common+0x93/0x100 [ 1126.049506][T22299] __x64_sys_mlockall+0x473/0x520 [ 1126.054520][T22299] do_syscall_64+0xfa/0x760 [ 1126.059016][T22299] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1126.064892][T22299] RIP: 0033:0x4598e9 [ 1126.068785][T22299] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1126.088372][T22299] RSP: 002b:00007fb275dd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1126.096770][T22299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1126.104724][T22299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1126.112680][T22299] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1126.120635][T22299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275dd66d4 [ 1126.128603][T22299] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1126.155526][ T26] kauditd_printk_skb: 12 callbacks suppressed 05:32:41 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:41 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{0x0, 0x0, 0x6}], 0x0, 0x0) 05:32:41 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:41 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600), 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1126.155540][ T26] audit: type=1804 audit(1568179961.623:3095): pid=22345 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/396/bus" dev="sda1" ino=16642 res=1 [ 1126.232210][T22351] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1126.267549][T22299] memory: usage 307200kB, limit 307200kB, failcnt 21574 [ 1126.279187][T22299] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1126.311130][T22299] Memory cgroup stats for /syz5: [ 1126.311258][T22299] anon 288190464 [ 1126.311258][T22299] file 16654336 [ 1126.311258][T22299] kernel_stack 851968 [ 1126.311258][T22299] slab 5169152 [ 1126.311258][T22299] sock 0 [ 1126.311258][T22299] shmem 0 [ 1126.311258][T22299] file_mapped 16760832 [ 1126.311258][T22299] file_dirty 135168 [ 1126.311258][T22299] file_writeback 0 [ 1126.311258][T22299] anon_thp 148897792 [ 1126.311258][T22299] inactive_anon 245338112 [ 1126.311258][T22299] active_anon 1536000 [ 1126.311258][T22299] inactive_file 20480 [ 1126.311258][T22299] active_file 0 [ 1126.311258][T22299] unevictable 58331136 [ 1126.311258][T22299] slab_reclaimable 1757184 [ 1126.311258][T22299] slab_unreclaimable 3411968 [ 1126.311258][T22299] pgfault 1036695 [ 1126.311258][T22299] pgmajfault 132 [ 1126.311258][T22299] workingset_refault 25278 [ 1126.311258][T22299] workingset_activate 3399 [ 1126.311258][T22299] workingset_nodereclaim 0 [ 1126.311258][T22299] pgrefill 34645 [ 1126.311258][T22299] pgscan 46070 [ 1126.328070][ T26] audit: type=1800 audit(1568179961.623:3096): pid=22345 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16642 res=0 [ 1126.419537][T22299] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22298,uid=0 [ 1126.442374][T22299] Memory cgroup out of memory: Killed process 22298 (syz-executor.5) total-vm:72576kB, anon-rss:18024kB, file-rss:53368kB, shmem-rss:0kB, UID:0 pgtables:200704kB oom_score_adj:1000 [ 1126.818736][ T26] audit: type=1804 audit(1568179962.293:3097): pid=22353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/706/bus" dev="sda1" ino=16630 res=1 05:32:42 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:42 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500), 0x0, 0x6}], 0x0, 0x0) 05:32:42 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:42 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1126.892902][ T26] audit: type=1800 audit(1568179962.313:3098): pid=22353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16630 res=0 [ 1126.946178][ T26] audit: type=1804 audit(1568179962.343:3099): pid=22361 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/625/bus" dev="sda1" ino=16634 res=1 [ 1126.973506][ T26] audit: type=1800 audit(1568179962.343:3100): pid=22361 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16634 res=0 [ 1127.103337][T22373] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 05:32:42 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500), 0x0, 0x6}], 0x0, 0x0) 05:32:42 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1127.504800][ T26] audit: type=1804 audit(1568179962.973:3101): pid=22372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/397/bus" dev="sda1" ino=16625 res=1 [ 1127.550019][T22393] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 05:32:43 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600), 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:43 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500), 0x0, 0x6}], 0x0, 0x0) 05:32:43 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:43 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:43 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37", 0xfd, 0x6}], 0x0, 0x0) [ 1128.024630][T22385] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1128.093471][T22385] CPU: 1 PID: 22385 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1128.102627][T22385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1128.112696][T22385] Call Trace: [ 1128.116447][T22385] dump_stack+0x172/0x1f0 [ 1128.120800][T22385] dump_header+0x177/0x1152 [ 1128.125343][T22385] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1128.131163][T22385] ? ___ratelimit+0x2c8/0x595 [ 1128.135854][T22385] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1128.141678][T22385] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1128.147000][T22385] ? trace_hardirqs_on+0x67/0x240 [ 1128.152056][T22385] ? pagefault_out_of_memory+0x11c/0x11c [ 1128.157716][T22385] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1128.163543][T22385] ? ___ratelimit+0x60/0x595 [ 1128.168144][T22385] ? do_raw_spin_unlock+0x57/0x270 [ 1128.173278][T22385] oom_kill_process.cold+0x10/0x15 [ 1128.178404][T22385] out_of_memory+0x334/0x1340 [ 1128.183097][T22385] ? lock_downgrade+0x920/0x920 [ 1128.187965][T22385] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1128.193779][T22385] ? oom_killer_disable+0x280/0x280 [ 1128.198994][T22385] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1128.204546][T22385] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1128.210196][T22385] ? do_raw_spin_unlock+0x57/0x270 [ 1128.215315][T22385] ? _raw_spin_unlock+0x2d/0x50 [ 1128.220175][T22385] try_charge+0xf4b/0x1440 [ 1128.224613][T22385] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1128.230174][T22385] ? percpu_ref_tryget_live+0x111/0x290 [ 1128.235742][T22385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.241992][T22385] ? __kasan_check_read+0x11/0x20 [ 1128.247032][T22385] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1128.252585][T22385] mem_cgroup_try_charge+0x136/0x590 [ 1128.257873][T22385] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1128.264119][T22385] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1128.270017][T22385] __handle_mm_fault+0x1e34/0x3f20 [ 1128.275143][T22385] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1128.280702][T22385] ? __kasan_check_read+0x11/0x20 [ 1128.285746][T22385] handle_mm_fault+0x1b5/0x6c0 [ 1128.290527][T22385] __get_user_pages+0x7d4/0x1b30 [ 1128.295501][T22385] ? mark_held_locks+0xf0/0xf0 [ 1128.300291][T22385] ? follow_page_mask+0x1cf0/0x1cf0 [ 1128.305527][T22385] ? __mm_populate+0x270/0x380 [ 1128.310326][T22385] ? __kasan_check_write+0x14/0x20 [ 1128.315444][T22385] ? down_read+0x109/0x430 [ 1128.319866][T22385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1128.326116][T22385] populate_vma_page_range+0x20d/0x2a0 [ 1128.331585][T22385] __mm_populate+0x204/0x380 [ 1128.336180][T22385] ? populate_vma_page_range+0x2a0/0x2a0 [ 1128.341812][T22385] ? __kasan_check_write+0x14/0x20 [ 1128.346928][T22385] ? up_write+0x155/0x490 [ 1128.351258][T22385] ? ns_capable_common+0x93/0x100 [ 1128.356292][T22385] __x64_sys_mlockall+0x473/0x520 [ 1128.361322][T22385] do_syscall_64+0xfa/0x760 [ 1128.365844][T22385] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1128.371741][T22385] RIP: 0033:0x4598e9 05:32:43 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1128.375678][T22385] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1128.395289][T22385] RSP: 002b:00007fb275db4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1128.403708][T22385] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1128.411686][T22385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1128.419689][T22385] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1128.427670][T22385] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb275db56d4 [ 1128.435647][T22385] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1128.466069][T22385] memory: usage 307200kB, limit 307200kB, failcnt 21609 [ 1128.496763][T22385] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1128.504382][T22385] Memory cgroup stats for /syz5: [ 1128.504503][T22385] anon 288333824 [ 1128.504503][T22385] file 16654336 [ 1128.504503][T22385] kernel_stack 851968 [ 1128.504503][T22385] slab 5033984 [ 1128.504503][T22385] sock 0 [ 1128.504503][T22385] shmem 0 [ 1128.504503][T22385] file_mapped 16760832 [ 1128.504503][T22385] file_dirty 135168 [ 1128.504503][T22385] file_writeback 0 [ 1128.504503][T22385] anon_thp 153092096 [ 1128.504503][T22385] inactive_anon 245403648 [ 1128.504503][T22385] active_anon 1536000 [ 1128.504503][T22385] inactive_file 20480 [ 1128.504503][T22385] active_file 0 [ 1128.504503][T22385] unevictable 58556416 [ 1128.504503][T22385] slab_reclaimable 1757184 [ 1128.504503][T22385] slab_unreclaimable 3276800 [ 1128.504503][T22385] pgfault 1039533 [ 1128.504503][T22385] pgmajfault 132 [ 1128.504503][T22385] workingset_refault 25278 [ 1128.504503][T22385] workingset_activate 3399 [ 1128.504503][T22385] workingset_nodereclaim 0 [ 1128.504503][T22385] pgrefill 34645 [ 1128.504503][T22385] pgscan 46070 [ 1128.651840][T22385] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22381,uid=0 [ 1128.669854][T22385] Memory cgroup out of memory: Killed process 22381 (syz-executor.5) total-vm:72708kB, anon-rss:18156kB, file-rss:53364kB, shmem-rss:0kB, UID:0 pgtables:200704kB oom_score_adj:1000 [ 1128.688724][ T1065] oom_reaper: reaped process 22381 (syz-executor.5), now anon-rss:18176kB, file-rss:54332kB, shmem-rss:0kB 05:32:44 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200), 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:44 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', 0x0, 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:44 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37", 0xfd, 0x6}], 0x0, 0x0) 05:32:44 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37", 0xfd, 0x6}], 0x0, 0x0) 05:32:44 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', 0x0, 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:44 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600), 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:44 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd021786", 0x17c, 0x6}], 0x0, 0x0) 05:32:45 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', 0x0, 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:45 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r1}) read$char_usb(r1, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) 05:32:45 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd021786", 0x17c, 0x6}], 0x0, 0x0) 05:32:45 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, 0x0) 05:32:45 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:45 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:45 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd021786", 0x17c, 0x6}], 0x0, 0x0) 05:32:45 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, 0x0) 05:32:46 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f113503", 0x1bb, 0x6}], 0x0, 0x0) 05:32:46 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, 0x0) 05:32:47 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f113503", 0x1bb, 0x6}], 0x0, 0x0) 05:32:47 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:47 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1131.799386][ T26] kauditd_printk_skb: 23 callbacks suppressed [ 1131.799402][ T26] audit: type=1804 audit(1568179967.273:3117): pid=22544 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/461/bus" dev="sda1" ino=16653 res=1 [ 1131.834150][T22545] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1131.858120][T22550] 9pnet: Insufficient options for proto=fd [ 1131.889207][ T26] audit: type=1800 audit(1568179967.313:3118): pid=22544 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16653 res=0 05:32:47 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r1}) read$char_usb(r1, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) 05:32:47 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:47 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:47 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:47 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f113503", 0x1bb, 0x6}], 0x0, 0x0) 05:32:47 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1132.156515][ T26] audit: type=1804 audit(1568179967.623:3119): pid=22562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/462/bus" dev="sda1" ino=16689 res=1 [ 1132.206330][T22563] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1132.242192][T22572] 9pnet: Insufficient options for proto=fd [ 1132.261942][ T26] audit: type=1800 audit(1568179967.623:3120): pid=22562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16689 res=0 05:32:47 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:47 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b314951", 0x1db, 0x6}], 0x0, 0x0) 05:32:47 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1132.629211][T22586] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1132.640537][T22590] 9pnet: Insufficient options for proto=fd 05:32:48 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b314951", 0x1db, 0x6}], 0x0, 0x0) 05:32:48 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) [ 1132.958279][T22596] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1132.989522][ T26] audit: type=1804 audit(1568179968.463:3121): pid=22599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/400/bus" dev="sda1" ino=16878 res=1 [ 1133.047534][T22604] 9pnet: Insufficient options for proto=fd 05:32:48 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b314951", 0x1db, 0x6}], 0x0, 0x0) [ 1133.104071][ T26] audit: type=1800 audit(1568179968.483:3122): pid=22599 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16878 res=0 [ 1134.171070][T22613] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1134.181687][T22613] CPU: 1 PID: 22613 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1134.190803][T22613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1134.200870][T22613] Call Trace: [ 1134.204179][T22613] dump_stack+0x172/0x1f0 [ 1134.208513][T22613] dump_header+0x177/0x1152 [ 1134.213008][T22613] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1134.218828][T22613] ? ___ratelimit+0x2c8/0x595 [ 1134.223486][T22613] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1134.229299][T22613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1134.234571][T22613] ? trace_hardirqs_on+0x67/0x240 [ 1134.239594][T22613] ? pagefault_out_of_memory+0x11c/0x11c [ 1134.245219][T22613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1134.251015][T22613] ? ___ratelimit+0x60/0x595 [ 1134.255609][T22613] oom_kill_process.cold+0x10/0x15 [ 1134.260723][T22613] out_of_memory+0x334/0x1340 [ 1134.265405][T22613] ? lock_downgrade+0x920/0x920 [ 1134.270250][T22613] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1134.276063][T22613] ? oom_killer_disable+0x280/0x280 [ 1134.281254][T22613] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1134.286796][T22613] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1134.292429][T22613] ? do_raw_spin_unlock+0x57/0x270 [ 1134.297528][T22613] ? _raw_spin_unlock+0x2d/0x50 [ 1134.302366][T22613] try_charge+0xf4b/0x1440 [ 1134.306767][T22613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1134.312294][T22613] ? percpu_ref_tryget_live+0x111/0x290 [ 1134.317828][T22613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1134.324308][T22613] ? __kasan_check_read+0x11/0x20 [ 1134.329329][T22613] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1134.334895][T22613] mem_cgroup_try_charge+0x136/0x590 [ 1134.340165][T22613] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1134.346387][T22613] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1134.352003][T22613] __handle_mm_fault+0x1e34/0x3f20 [ 1134.357099][T22613] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1134.362631][T22613] ? __kasan_check_read+0x11/0x20 [ 1134.367696][T22613] handle_mm_fault+0x1b5/0x6c0 [ 1134.372447][T22613] __get_user_pages+0x7d4/0x1b30 [ 1134.377363][T22613] ? mark_held_locks+0xf0/0xf0 [ 1134.382115][T22613] ? follow_page_mask+0x1cf0/0x1cf0 [ 1134.387291][T22613] ? __mm_populate+0x270/0x380 [ 1134.392038][T22613] ? memset+0x32/0x40 [ 1134.396002][T22613] populate_vma_page_range+0x20d/0x2a0 [ 1134.401444][T22613] __mm_populate+0x204/0x380 [ 1134.406290][T22613] ? populate_vma_page_range+0x2a0/0x2a0 [ 1134.411903][T22613] ? up_write+0x1c8/0x490 [ 1134.416217][T22613] __x64_sys_mremap+0x7dc/0xb80 [ 1134.421050][T22613] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1134.427187][T22613] ? mremap_to+0x750/0x750 [ 1134.431585][T22613] ? __sanitizer_cov_trace_cmp2+0x11/0x20 [ 1134.437321][T22613] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1134.442761][T22613] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1134.448228][T22613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1134.454276][T22613] ? do_syscall_64+0x26/0x760 [ 1134.458950][T22613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1134.464218][T22613] ? trace_hardirqs_on+0x67/0x240 [ 1134.469222][T22613] do_syscall_64+0xfa/0x760 [ 1134.473714][T22613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1134.479585][T22613] RIP: 0033:0x4598e9 [ 1134.483474][T22613] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1134.503059][T22613] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1134.511455][T22613] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1134.519408][T22613] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1134.527359][T22613] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1134.535310][T22613] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb972f886d4 [ 1134.543276][T22613] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1134.553413][T22613] memory: usage 307200kB, limit 307200kB, failcnt 15343 [ 1134.561066][T22613] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1134.568213][T22613] Memory cgroup stats for /syz0: [ 1134.569210][T22613] anon 283865088 [ 1134.569210][T22613] file 18751488 [ 1134.569210][T22613] kernel_stack 917504 [ 1134.569210][T22613] slab 7311360 [ 1134.569210][T22613] sock 0 [ 1134.569210][T22613] shmem 0 [ 1134.569210][T22613] file_mapped 18653184 [ 1134.569210][T22613] file_dirty 0 [ 1134.569210][T22613] file_writeback 0 [ 1134.569210][T22613] anon_thp 46137344 [ 1134.569210][T22613] inactive_anon 259624960 [ 1134.569210][T22613] active_anon 1622016 [ 1134.569210][T22613] inactive_file 53248 [ 1134.569210][T22613] active_file 180224 [ 1134.569210][T22613] unevictable 41472000 [ 1134.569210][T22613] slab_reclaimable 2297856 [ 1134.569210][T22613] slab_unreclaimable 5013504 [ 1134.569210][T22613] pgfault 1076988 [ 1134.569210][T22613] pgmajfault 99 [ 1134.569210][T22613] workingset_refault 27951 [ 1134.569210][T22613] workingset_activate 1980 [ 1134.569210][T22613] workingset_nodereclaim 0 [ 1134.569210][T22613] pgrefill 30981 [ 1134.569210][T22613] pgscan 49831 [ 1134.663012][T22613] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22569,uid=0 [ 1134.679190][T22613] Memory cgroup out of memory: Killed process 22569 (syz-executor.0) total-vm:72832kB, anon-rss:13996kB, file-rss:54336kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1134.700221][ T1065] oom_reaper: reaped process 22569 (syz-executor.0), now anon-rss:13988kB, file-rss:54332kB, shmem-rss:0kB 05:32:50 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r3, 0x0, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000)=0x1800, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r1}) read$char_usb(r1, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, &(0x7f00000001c0)) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) 05:32:50 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) 05:32:50 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a3", 0x1eb, 0x6}], 0x0, 0x0) 05:32:50 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(0x0, 0x1, 0x80) 05:32:50 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:50 executing program 5: mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1135.557965][T22637] 9pnet: Insufficient options for proto=fd 05:32:51 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a3", 0x1eb, 0x6}], 0x0, 0x0) 05:32:51 executing program 5: mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:51 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) 05:32:51 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a3", 0x1eb, 0x6}], 0x0, 0x0) [ 1135.952043][T22660] 9pnet: Insufficient options for proto=fd 05:32:51 executing program 5: mlockall(0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:51 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2", 0x1f3, 0x6}], 0x0, 0x0) 05:32:52 executing program 0 (fault-call:4 fault-nth:0): mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:32:52 executing program 1 (fault-call:3 fault-nth:0): syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:52 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2", 0x1f3, 0x6}], 0x0, 0x0) 05:32:52 executing program 5: mlockall(0x1) r0 = creat(0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:32:52 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:52 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(0x0, 0x1, 0x80) [ 1137.304887][T22688] __ntfs_error: 23 callbacks suppressed [ 1137.304900][T22688] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1137.386886][T22702] FAULT_INJECTION: forcing a failure. [ 1137.386886][T22702] name failslab, interval 1, probability 0, space 0, times 1 [ 1137.483769][T22702] CPU: 1 PID: 22702 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1137.492926][T22702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1137.503178][T22702] Call Trace: [ 1137.506493][T22702] dump_stack+0x172/0x1f0 [ 1137.510854][T22702] should_fail.cold+0xa/0x15 [ 1137.515472][T22702] ? fault_create_debugfs_attr+0x180/0x180 [ 1137.521307][T22702] ? ___might_sleep+0x163/0x280 [ 1137.526177][T22702] __should_failslab+0x121/0x190 [ 1137.531305][T22702] should_failslab+0x9/0x14 [ 1137.535817][T22702] __kmalloc_track_caller+0x2dc/0x760 [ 1137.541204][T22702] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1137.547629][T22702] ? fput_many+0x12c/0x1a0 [ 1137.552051][T22702] ? strndup_user+0x77/0xd0 [ 1137.556567][T22702] memdup_user+0x26/0xb0 [ 1137.560820][T22702] strndup_user+0x77/0xd0 [ 1137.565159][T22702] ksys_mount+0x3c/0x150 [ 1137.569412][T22702] __x64_sys_mount+0xbe/0x150 [ 1137.574100][T22702] do_syscall_64+0xfa/0x760 [ 1137.578617][T22702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1137.584738][T22702] RIP: 0033:0x4598e9 [ 1137.588706][T22702] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1137.608322][T22702] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1137.616753][T22702] RAX: ffffffffffffffda RBX: 00007f7c594e1c90 RCX: 00000000004598e9 [ 1137.624740][T22702] RDX: 00000000200018c0 RSI: 0000000020001880 RDI: 0000000000000000 05:32:53 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2", 0x1f3, 0x6}], 0x0, 0x0) [ 1137.632723][T22702] RBP: 000000000075bfc8 R08: 0000000020001940 R09: 0000000000000000 [ 1137.640705][T22702] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1137.648687][T22702] R13: 00000000004c5e68 R14: 00000000004da9b0 R15: 0000000000000007 05:32:53 executing program 1 (fault-call:3 fault-nth:1): syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1137.847866][T22707] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 05:32:53 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ec", 0x1f7, 0x6}], 0x0, 0x0) [ 1138.069308][T22717] FAULT_INJECTION: forcing a failure. [ 1138.069308][T22717] name failslab, interval 1, probability 0, space 0, times 0 [ 1138.088576][ T26] audit: type=1804 audit(1568179973.563:3141): pid=22695 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/711/bus" dev="sda1" ino=16663 res=1 [ 1138.101728][T22717] CPU: 1 PID: 22717 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1138.122303][T22717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1138.122310][T22717] Call Trace: [ 1138.122341][T22717] dump_stack+0x172/0x1f0 [ 1138.122362][T22717] should_fail.cold+0xa/0x15 [ 1138.122377][T22717] ? fault_create_debugfs_attr+0x180/0x180 [ 1138.122399][T22717] ? ___might_sleep+0x163/0x280 [ 1138.122418][T22717] __should_failslab+0x121/0x190 [ 1138.122439][T22717] should_failslab+0x9/0x14 [ 1138.122450][T22717] kmem_cache_alloc_trace+0x2d3/0x790 [ 1138.122477][T22717] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1138.176373][T22717] ? _copy_from_user+0x12c/0x1a0 [ 1138.181329][T22717] copy_mount_options+0x5c/0x3f0 [ 1138.186375][T22717] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1138.192630][T22717] ksys_mount+0xa7/0x150 [ 1138.196889][T22717] __x64_sys_mount+0xbe/0x150 [ 1138.201581][T22717] do_syscall_64+0xfa/0x760 [ 1138.206102][T22717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1138.206308][ T26] audit: type=1800 audit(1568179973.603:3142): pid=22695 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16663 res=0 [ 1138.211987][T22717] RIP: 0033:0x4598e9 [ 1138.212005][T22717] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1138.212013][T22717] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1138.212027][T22717] RAX: ffffffffffffffda RBX: 00007f7c594e1c90 RCX: 00000000004598e9 [ 1138.212034][T22717] RDX: 00000000200018c0 RSI: 0000000020001880 RDI: 0000000000000000 [ 1138.212040][T22717] RBP: 000000000075bfc8 R08: 0000000020001940 R09: 0000000000000000 [ 1138.212047][T22717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1138.212054][T22717] R13: 00000000004c5e68 R14: 00000000004da9b0 R15: 0000000000000007 [ 1138.316652][T22721] FAULT_INJECTION: forcing a failure. [ 1138.316652][T22721] name failslab, interval 1, probability 0, space 0, times 0 [ 1138.330379][T22721] CPU: 0 PID: 22721 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1138.339505][T22721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1138.349575][T22721] Call Trace: [ 1138.352901][T22721] dump_stack+0x172/0x1f0 [ 1138.357260][T22721] should_fail.cold+0xa/0x15 [ 1138.361873][T22721] ? fault_create_debugfs_attr+0x180/0x180 [ 1138.367708][T22721] ? ___might_sleep+0x163/0x280 [ 1138.372583][T22721] __should_failslab+0x121/0x190 [ 1138.377535][T22721] should_failslab+0x9/0x14 [ 1138.382053][T22721] kmem_cache_alloc_trace+0x2d3/0x790 [ 1138.387437][T22721] ? __kasan_check_read+0x11/0x20 [ 1138.392476][T22721] alloc_pipe_info+0xb9/0x420 [ 1138.397183][T22721] splice_direct_to_actor+0x76b/0x970 [ 1138.402569][T22721] ? common_file_perm+0x238/0x720 [ 1138.407600][T22721] ? __lock_acquire+0x16f2/0x4a00 [ 1138.412642][T22721] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1138.418388][T22721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.424666][T22721] ? do_splice_to+0x180/0x180 [ 1138.429352][T22721] ? rw_verify_area+0x126/0x360 [ 1138.434225][T22721] do_splice_direct+0x1da/0x2a0 [ 1138.439094][T22721] ? splice_direct_to_actor+0x970/0x970 [ 1138.444650][T22721] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1138.450049][T22721] ? __this_cpu_preempt_check+0x3a/0x210 [ 1138.455703][T22721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1138.461955][T22721] ? __sb_start_write+0x1e5/0x460 [ 1138.466990][T22721] do_sendfile+0x597/0xd00 [ 1138.471425][T22721] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1138.476722][T22721] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1138.483066][T22721] ? fput+0x1b/0x20 [ 1138.486908][T22721] __x64_sys_sendfile64+0x1dd/0x220 [ 1138.492114][T22721] ? __ia32_sys_sendfile+0x230/0x230 [ 1138.497405][T22721] ? do_syscall_64+0x26/0x760 [ 1138.502102][T22721] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1138.507495][T22721] ? trace_hardirqs_on+0x67/0x240 [ 1138.512541][T22721] do_syscall_64+0xfa/0x760 [ 1138.517064][T22721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1138.522965][T22721] RIP: 0033:0x4598e9 [ 1138.526880][T22721] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1138.547110][T22721] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1138.555540][T22721] RAX: ffffffffffffffda RBX: 00007fb972f87c90 RCX: 00000000004598e9 [ 1138.563524][T22721] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1138.571515][T22721] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1138.579662][T22721] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb972f886d4 [ 1138.587621][T22721] R13: 00000000004c709e R14: 00000000004dc750 R15: 0000000000000005 [ 1138.613065][ T26] audit: type=1804 audit(1568179973.783:3143): pid=22721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/630/bus" dev="sda1" ino=16629 res=1 [ 1138.649433][ T26] audit: type=1800 audit(1568179973.783:3144): pid=22721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16629 res=0 [ 1138.698539][ T26] audit: type=1804 audit(1568179974.113:3145): pid=22693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/402/bus" dev="sda1" ino=16625 res=1 [ 1138.763574][ T26] audit: type=1800 audit(1568179974.113:3146): pid=22693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16625 res=0 05:32:54 executing program 5: mlockall(0x1) r0 = creat(0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1138.897705][T22725] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 05:32:54 executing program 1 (fault-call:3 fault-nth:2): syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1138.979325][T22703] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 05:32:54 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ec", 0x1f7, 0x6}], 0x0, 0x0) [ 1139.112906][T22703] CPU: 1 PID: 22703 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1139.122065][T22703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1139.132139][T22703] Call Trace: [ 1139.135442][T22703] dump_stack+0x172/0x1f0 [ 1139.135465][T22703] dump_header+0x177/0x1152 [ 1139.135488][T22703] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1139.150165][T22703] ? ___ratelimit+0x2c8/0x595 [ 1139.150184][T22703] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1139.150202][T22703] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1139.150216][T22703] ? trace_hardirqs_on+0x67/0x240 [ 1139.150234][T22703] ? pagefault_out_of_memory+0x11c/0x11c [ 1139.150253][T22703] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1139.150265][T22703] ? ___ratelimit+0x60/0x595 [ 1139.150277][T22703] ? do_raw_spin_unlock+0x57/0x270 [ 1139.150298][T22703] oom_kill_process.cold+0x10/0x15 [ 1139.150314][T22703] out_of_memory+0x334/0x1340 [ 1139.150327][T22703] ? lock_downgrade+0x920/0x920 [ 1139.150351][T22703] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1139.176705][T22703] ? oom_killer_disable+0x280/0x280 [ 1139.192068][T22739] FAULT_INJECTION: forcing a failure. [ 1139.192068][T22739] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1139.192173][T22703] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1139.236483][T22703] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1139.242113][T22703] ? do_raw_spin_unlock+0x57/0x270 [ 1139.247219][T22703] ? _raw_spin_unlock+0x2d/0x50 [ 1139.252154][T22703] try_charge+0xf4b/0x1440 [ 1139.256571][T22703] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1139.262387][T22703] ? percpu_ref_tryget_live+0x111/0x290 [ 1139.268056][T22703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1139.274316][T22703] ? __kasan_check_read+0x11/0x20 [ 1139.279346][T22703] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1139.284891][T22703] mem_cgroup_try_charge+0x136/0x590 [ 1139.290191][T22703] __add_to_page_cache_locked+0x43f/0xec0 [ 1139.295989][T22703] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1139.301957][T22703] ? __kasan_check_read+0x11/0x20 [ 1139.306980][T22703] ? unaccount_page_cache_page+0xda0/0xda0 [ 1139.312776][T22703] ? __alloc_pages_nodemask+0x658/0x900 [ 1139.318317][T22703] ? xas_descend+0x144/0x370 [ 1139.322901][T22703] ? shadow_lru_isolate+0x430/0x430 [ 1139.328108][T22703] add_to_page_cache_lru+0x1d8/0x790 [ 1139.333385][T22703] ? add_to_page_cache_locked+0x40/0x40 [ 1139.338929][T22703] ? __page_cache_alloc+0x116/0x490 [ 1139.344124][T22703] pagecache_get_page+0x3be/0x900 [ 1139.349148][T22703] filemap_fault+0x901/0x2b70 [ 1139.353818][T22703] ? mark_held_locks+0xf0/0xf0 [ 1139.358588][T22703] ? pagecache_get_page+0x900/0x900 [ 1139.364477][T22703] ? __kasan_check_write+0x14/0x20 [ 1139.369579][T22703] ? down_read+0x109/0x430 [ 1139.373987][T22703] ? down_read_killable+0x490/0x490 [ 1139.379175][T22703] ? lock_downgrade+0x920/0x920 [ 1139.384121][T22703] ext4_filemap_fault+0x86/0xb2 [ 1139.390890][T22703] __do_fault+0x111/0x540 [ 1139.395219][T22703] ? do_raw_spin_unlock+0x57/0x270 [ 1139.400343][T22703] __handle_mm_fault+0x2cb8/0x3f20 [ 1139.405463][T22703] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1139.411021][T22703] ? __kasan_check_read+0x11/0x20 [ 1139.416043][T22703] handle_mm_fault+0x1b5/0x6c0 [ 1139.420810][T22703] __get_user_pages+0x7d4/0x1b30 [ 1139.425748][T22703] ? mark_held_locks+0xf0/0xf0 [ 1139.430516][T22703] ? follow_page_mask+0x1cf0/0x1cf0 [ 1139.435703][T22703] ? __mm_populate+0x270/0x380 [ 1139.440466][T22703] ? __kasan_check_write+0x14/0x20 [ 1139.445567][T22703] ? down_read+0x109/0x430 [ 1139.449981][T22703] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1139.455696][T22703] populate_vma_page_range+0x20d/0x2a0 [ 1139.461163][T22703] __mm_populate+0x204/0x380 [ 1139.465752][T22703] ? populate_vma_page_range+0x2a0/0x2a0 [ 1139.471377][T22703] ? __kasan_check_write+0x14/0x20 [ 1139.476480][T22703] ? up_write+0x155/0x490 [ 1139.480802][T22703] ? ns_capable_common+0x93/0x100 [ 1139.485825][T22703] __x64_sys_mlockall+0x473/0x520 [ 1139.490846][T22703] do_syscall_64+0xfa/0x760 [ 1139.495345][T22703] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1139.501227][T22703] RIP: 0033:0x4598e9 [ 1139.505125][T22703] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1139.524716][T22703] RSP: 002b:00007fb972fa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1139.533126][T22703] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1139.541086][T22703] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1139.549044][T22703] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1139.557007][T22703] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb972fa96d4 [ 1139.564966][T22703] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1139.572973][T22739] CPU: 0 PID: 22739 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1139.582094][T22739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1139.592162][T22739] Call Trace: [ 1139.595473][T22739] dump_stack+0x172/0x1f0 [ 1139.599817][T22739] should_fail.cold+0xa/0x15 [ 1139.604424][T22739] ? fault_create_debugfs_attr+0x180/0x180 [ 1139.610237][T22739] ? __kasan_check_read+0x11/0x20 [ 1139.617387][T22739] ? __lock_acquire+0x16f2/0x4a00 [ 1139.622427][T22739] should_fail_alloc_page+0x50/0x60 [ 1139.627636][T22739] __alloc_pages_nodemask+0x1a1/0x900 [ 1139.633018][T22739] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1139.638654][T22739] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1139.644470][T22739] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1139.650117][T22739] ? fault_create_debugfs_attr+0x180/0x180 [ 1139.655930][T22739] cache_grow_begin+0x90/0xd20 [ 1139.660703][T22739] ? copy_mount_options+0x5c/0x3f0 [ 1139.665821][T22739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1139.672070][T22739] kmem_cache_alloc_trace+0x6b3/0x790 [ 1139.677469][T22739] copy_mount_options+0x5c/0x3f0 [ 1139.682423][T22739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1139.688699][T22739] ksys_mount+0xa7/0x150 [ 1139.688720][T22739] __x64_sys_mount+0xbe/0x150 [ 1139.697755][T22739] do_syscall_64+0xfa/0x760 [ 1139.702274][T22739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1139.708163][T22739] RIP: 0033:0x4598e9 [ 1139.712066][T22739] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1139.731677][T22739] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1139.740099][T22739] RAX: ffffffffffffffda RBX: 00007f7c594e1c90 RCX: 00000000004598e9 [ 1139.748080][T22739] RDX: 00000000200018c0 RSI: 0000000020001880 RDI: 0000000000000000 [ 1139.756060][T22739] RBP: 000000000075bfc8 R08: 0000000020001940 R09: 0000000000000000 [ 1139.764027][T22739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1139.772003][T22739] R13: 00000000004c5e68 R14: 00000000004da9b0 R15: 0000000000000007 [ 1139.817231][T22735] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1139.909496][T22703] memory: usage 306924kB, limit 307200kB, failcnt 17511 [ 1139.951463][T22703] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1139.982890][T22703] Memory cgroup stats for /syz0: [ 1139.983022][T22703] anon 298033152 [ 1139.983022][T22703] file 4931584 [ 1139.983022][T22703] kernel_stack 917504 [ 1139.983022][T22703] slab 6631424 [ 1139.983022][T22703] sock 0 [ 1139.983022][T22703] shmem 0 [ 1139.983022][T22703] file_mapped 5001216 [ 1139.983022][T22703] file_dirty 0 [ 1139.983022][T22703] file_writeback 0 [ 1139.983022][T22703] anon_thp 48234496 [ 1139.983022][T22703] inactive_anon 269942784 [ 1139.983022][T22703] active_anon 1486848 [ 1139.983022][T22703] inactive_file 0 [ 1139.983022][T22703] active_file 98304 [ 1139.983022][T22703] unevictable 31551488 [ 1139.983022][T22703] slab_reclaimable 1892352 [ 1139.983022][T22703] slab_unreclaimable 4739072 [ 1139.983022][T22703] pgfault 1086690 [ 1139.983022][T22703] pgmajfault 132 [ 1139.983022][T22703] workingset_refault 28875 [ 1139.983022][T22703] workingset_activate 1980 [ 1139.983022][T22703] workingset_nodereclaim 0 [ 1139.983022][T22703] pgrefill 35033 [ 1139.983022][T22703] pgscan 54533 [ 1139.983022][T22703] pgsteal 36690 [ 1140.119377][T22703] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22701,uid=0 [ 1140.162677][T22703] Memory cgroup out of memory: Killed process 22703 (syz-executor.0) total-vm:72708kB, anon-rss:17876kB, file-rss:40944kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1140.230552][ T1065] oom_reaper: reaped process 22703 (syz-executor.0), now anon-rss:17868kB, file-rss:40944kB, shmem-rss:0kB 05:32:55 executing program 0 (fault-call:4 fault-nth:1): mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:32:55 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(0x0, 0x1, 0x80) 05:32:55 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ec", 0x1f7, 0x6}], 0x0, 0x0) 05:32:55 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:55 executing program 1 (fault-call:3 fault-nth:3): syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:56 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd051", 0x1f9, 0x6}], 0x0, 0x0) [ 1140.588975][T22767] FAULT_INJECTION: forcing a failure. [ 1140.588975][T22767] name failslab, interval 1, probability 0, space 0, times 0 [ 1140.651558][T22767] CPU: 1 PID: 22767 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1140.660884][T22767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.670954][T22767] Call Trace: [ 1140.674269][T22767] dump_stack+0x172/0x1f0 [ 1140.678635][T22767] should_fail.cold+0xa/0x15 [ 1140.683272][T22767] ? fault_create_debugfs_attr+0x180/0x180 [ 1140.689106][T22767] ? ___might_sleep+0x163/0x280 [ 1140.693970][T22767] __should_failslab+0x121/0x190 [ 1140.698918][T22767] should_failslab+0x9/0x14 [ 1140.703443][T22767] kmem_cache_alloc+0x2aa/0x710 [ 1140.708314][T22767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.714563][T22767] getname_flags+0xd6/0x5b0 [ 1140.719095][T22767] user_path_at_empty+0x2f/0x50 [ 1140.723954][T22767] do_mount+0x150/0x1c30 [ 1140.728208][T22767] ? copy_mount_string+0x40/0x40 [ 1140.733160][T22767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.739426][T22767] ? copy_mount_options+0x2e8/0x3f0 [ 1140.744646][T22767] ksys_mount+0xdb/0x150 [ 1140.748899][T22767] __x64_sys_mount+0xbe/0x150 [ 1140.753591][T22767] do_syscall_64+0xfa/0x760 [ 1140.758105][T22767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1140.763990][T22767] RIP: 0033:0x4598e9 [ 1140.767888][T22767] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1140.787588][T22767] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 05:32:56 executing program 5: mlockall(0x1) r0 = creat(0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1140.796012][T22767] RAX: ffffffffffffffda RBX: 00007f7c594e1c90 RCX: 00000000004598e9 [ 1140.804134][T22767] RDX: 00000000200018c0 RSI: 0000000020001880 RDI: 0000000000000000 [ 1140.812116][T22767] RBP: 000000000075bfc8 R08: 0000000020001940 R09: 0000000000000000 [ 1140.820103][T22767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1140.828085][T22767] R13: 00000000004c5e68 R14: 00000000004da9b0 R15: 0000000000000007 [ 1140.935924][T22770] FAULT_INJECTION: forcing a failure. [ 1140.935924][T22770] name failslab, interval 1, probability 0, space 0, times 0 05:32:56 executing program 1 (fault-call:3 fault-nth:4): syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:56 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd051", 0x1f9, 0x6}], 0x0, 0x0) [ 1141.123939][T22770] CPU: 1 PID: 22770 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1141.133109][T22770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.143180][T22770] Call Trace: [ 1141.146519][T22770] dump_stack+0x172/0x1f0 [ 1141.150967][T22770] should_fail.cold+0xa/0x15 [ 1141.155590][T22770] ? fault_create_debugfs_attr+0x180/0x180 [ 1141.157850][T22760] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1141.161413][T22770] ? ___might_sleep+0x163/0x280 [ 1141.177557][T22770] __should_failslab+0x121/0x190 [ 1141.182509][T22770] should_failslab+0x9/0x14 [ 1141.187020][T22770] __kmalloc+0x2e0/0x770 [ 1141.191270][T22770] ? kmem_cache_alloc_trace+0x397/0x790 [ 1141.196828][T22770] ? __kasan_check_read+0x11/0x20 [ 1141.201862][T22770] ? alloc_pipe_info+0x199/0x420 [ 1141.206804][T22770] alloc_pipe_info+0x199/0x420 [ 1141.211572][T22770] splice_direct_to_actor+0x76b/0x970 [ 1141.211590][T22770] ? common_file_perm+0x238/0x720 [ 1141.211606][T22770] ? __lock_acquire+0x16f2/0x4a00 [ 1141.211622][T22770] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1141.211648][T22770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.211663][T22770] ? do_splice_to+0x180/0x180 [ 1141.211679][T22770] ? rw_verify_area+0x126/0x360 [ 1141.211699][T22770] do_splice_direct+0x1da/0x2a0 [ 1141.253366][T22770] ? splice_direct_to_actor+0x970/0x970 [ 1141.258923][T22770] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1141.264313][T22770] ? __this_cpu_preempt_check+0x3a/0x210 [ 1141.269956][T22770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.276210][T22770] ? __sb_start_write+0x1e5/0x460 [ 1141.281250][T22770] do_sendfile+0x597/0xd00 [ 1141.285687][T22770] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1141.290984][T22770] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1141.297233][T22770] ? fput+0x1b/0x20 [ 1141.301048][T22770] __x64_sys_sendfile64+0x1dd/0x220 [ 1141.306346][T22770] ? __ia32_sys_sendfile+0x230/0x230 [ 1141.311723][T22770] ? do_syscall_64+0x26/0x760 [ 1141.316409][T22770] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1141.321694][T22770] ? trace_hardirqs_on+0x67/0x240 [ 1141.326726][T22770] do_syscall_64+0xfa/0x760 [ 1141.331239][T22770] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1141.337127][T22770] RIP: 0033:0x4598e9 [ 1141.341023][T22770] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1141.360634][T22770] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1141.369059][T22770] RAX: ffffffffffffffda RBX: 00007fb972f87c90 RCX: 00000000004598e9 [ 1141.377037][T22770] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1141.385016][T22770] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1141.393170][T22770] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb972f886d4 [ 1141.401143][T22770] R13: 00000000004c709e R14: 00000000004dc750 R15: 0000000000000005 [ 1141.453450][T22785] FAULT_INJECTION: forcing a failure. [ 1141.453450][T22785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1141.466697][T22785] CPU: 1 PID: 22785 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1141.475823][T22785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.485888][T22785] Call Trace: [ 1141.489208][T22785] dump_stack+0x172/0x1f0 [ 1141.493576][T22785] should_fail.cold+0xa/0x15 [ 1141.498192][T22785] ? fault_create_debugfs_attr+0x180/0x180 [ 1141.504021][T22785] ? __kasan_check_read+0x11/0x20 [ 1141.509075][T22785] ? __lock_acquire+0x16f2/0x4a00 [ 1141.514148][T22785] should_fail_alloc_page+0x50/0x60 [ 1141.519366][T22785] __alloc_pages_nodemask+0x1a1/0x900 [ 1141.524768][T22785] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1141.530428][T22785] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1141.536174][T22785] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1141.541854][T22785] ? fault_create_debugfs_attr+0x180/0x180 [ 1141.548049][T22785] cache_grow_begin+0x90/0xd20 [ 1141.552834][T22785] ? getname_flags+0xd6/0x5b0 [ 1141.557536][T22785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1141.563801][T22785] kmem_cache_alloc+0x64e/0x710 [ 1141.568665][T22785] ? handle_mm_fault+0x1d3/0x6c0 [ 1141.573631][T22785] getname_flags+0xd6/0x5b0 [ 1141.578147][T22785] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1141.583804][T22785] user_path_at_empty+0x2f/0x50 [ 1141.588697][T22785] do_mount+0x150/0x1c30 [ 1141.592962][T22785] ? __do_page_fault+0x73e/0xdd0 [ 1141.597917][T22785] ? retint_kernel+0x2b/0x2b [ 1141.602535][T22785] ? copy_mount_string+0x40/0x40 [ 1141.607495][T22785] ? copy_mount_options+0x260/0x3f0 [ 1141.612708][T22785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.618969][T22785] ? copy_mount_options+0x2e8/0x3f0 [ 1141.624189][T22785] ksys_mount+0xdb/0x150 [ 1141.628509][T22785] __x64_sys_mount+0xbe/0x150 [ 1141.633214][T22785] do_syscall_64+0xfa/0x760 [ 1141.637743][T22785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1141.643643][T22785] RIP: 0033:0x4598e9 [ 1141.647549][T22785] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1141.667169][T22785] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1141.675605][T22785] RAX: ffffffffffffffda RBX: 00007f7c594e1c90 RCX: 00000000004598e9 [ 1141.683596][T22785] RDX: 00000000200018c0 RSI: 0000000020001880 RDI: 0000000000000000 [ 1141.691583][T22785] RBP: 000000000075bfc8 R08: 0000000020001940 R09: 0000000000000000 [ 1141.699573][T22785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1141.707564][T22785] R13: 00000000004c5e68 R14: 00000000004da9b0 R15: 0000000000000007 05:32:57 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd051", 0x1f9, 0x6}], 0x0, 0x0) [ 1141.841753][T22760] CPU: 1 PID: 22760 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1141.850910][T22760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.860983][T22760] Call Trace: [ 1141.864297][T22760] dump_stack+0x172/0x1f0 [ 1141.868647][T22760] dump_header+0x177/0x1152 [ 1141.873174][T22760] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1141.878993][T22760] ? ___ratelimit+0x2c8/0x595 [ 1141.884287][T22760] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1141.890106][T22760] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1141.895398][T22760] ? trace_hardirqs_on+0x67/0x240 [ 1141.900437][T22760] ? pagefault_out_of_memory+0x11c/0x11c [ 1141.906079][T22760] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1141.911894][T22760] ? ___ratelimit+0x60/0x595 [ 1141.916489][T22760] ? do_raw_spin_unlock+0x57/0x270 [ 1141.921703][T22760] oom_kill_process.cold+0x10/0x15 [ 1141.926826][T22760] out_of_memory+0x334/0x1340 [ 1141.931513][T22760] ? lock_downgrade+0x920/0x920 [ 1141.936377][T22760] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1141.942196][T22760] ? oom_killer_disable+0x280/0x280 [ 1141.947414][T22760] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1141.952981][T22760] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1141.958632][T22760] ? do_raw_spin_unlock+0x57/0x270 [ 1141.963796][T22760] ? _raw_spin_unlock+0x2d/0x50 [ 1141.968661][T22760] try_charge+0xf4b/0x1440 [ 1141.973095][T22760] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1141.978663][T22760] ? percpu_ref_tryget_live+0x111/0x290 [ 1141.984219][T22760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.990467][T22760] ? __kasan_check_read+0x11/0x20 [ 1141.995952][T22760] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1142.001510][T22760] mem_cgroup_try_charge+0x136/0x590 [ 1142.006818][T22760] __add_to_page_cache_locked+0x43f/0xec0 [ 1142.012549][T22760] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1142.018537][T22760] ? __kasan_check_read+0x11/0x20 [ 1142.023578][T22760] ? unaccount_page_cache_page+0xda0/0xda0 [ 1142.029395][T22760] ? __alloc_pages_nodemask+0x658/0x900 [ 1142.034963][T22760] ? xas_descend+0x144/0x370 [ 1142.039584][T22760] ? shadow_lru_isolate+0x430/0x430 [ 1142.044810][T22760] add_to_page_cache_lru+0x1d8/0x790 [ 1142.050115][T22760] ? add_to_page_cache_locked+0x40/0x40 [ 1142.055681][T22760] ? __page_cache_alloc+0x116/0x490 [ 1142.060894][T22760] pagecache_get_page+0x3be/0x900 [ 1142.065933][T22760] filemap_fault+0x901/0x2b70 [ 1142.070633][T22760] ? mark_held_locks+0xf0/0xf0 [ 1142.075419][T22760] ? pagecache_get_page+0x900/0x900 [ 1142.080654][T22760] ? __kasan_check_write+0x14/0x20 [ 1142.080673][T22760] ? down_read+0x109/0x430 [ 1142.080690][T22760] ? down_read_killable+0x490/0x490 [ 1142.080711][T22760] ? lock_downgrade+0x920/0x920 [ 1142.080735][T22760] ext4_filemap_fault+0x86/0xb2 [ 1142.080754][T22760] __do_fault+0x111/0x540 [ 1142.080767][T22760] ? do_raw_spin_unlock+0x57/0x270 [ 1142.080788][T22760] __handle_mm_fault+0x2cb8/0x3f20 [ 1142.080810][T22760] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1142.080841][T22760] ? __kasan_check_read+0x11/0x20 [ 1142.080863][T22760] handle_mm_fault+0x1b5/0x6c0 [ 1142.080884][T22760] __get_user_pages+0x7d4/0x1b30 [ 1142.139998][T22760] ? mark_held_locks+0xf0/0xf0 [ 1142.144797][T22760] ? follow_page_mask+0x1cf0/0x1cf0 [ 1142.150000][T22760] ? __mm_populate+0x270/0x380 [ 1142.154783][T22760] ? __kasan_check_write+0x14/0x20 [ 1142.159991][T22760] ? down_read+0x109/0x430 [ 1142.164422][T22760] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1142.170216][T22760] populate_vma_page_range+0x20d/0x2a0 [ 1142.175689][T22760] __mm_populate+0x204/0x380 [ 1142.180295][T22760] ? populate_vma_page_range+0x2a0/0x2a0 [ 1142.185953][T22760] ? __kasan_check_write+0x14/0x20 [ 1142.191081][T22760] ? up_write+0x155/0x490 [ 1142.195418][T22760] ? ns_capable_common+0x93/0x100 [ 1142.200457][T22760] __x64_sys_mlockall+0x473/0x520 [ 1142.205491][T22760] do_syscall_64+0xfa/0x760 [ 1142.210037][T22760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1142.215936][T22760] RIP: 0033:0x4598e9 [ 1142.219837][T22760] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1142.239445][T22760] RSP: 002b:00007fb972fa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1142.247867][T22760] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1142.255845][T22760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1142.263825][T22760] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1142.271801][T22760] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb972fa96d4 [ 1142.279799][T22760] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1142.331245][T22795] __ntfs_error: 9 callbacks suppressed [ 1142.331256][T22795] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1142.357161][T22760] memory: usage 307132kB, limit 307200kB, failcnt 17651 [ 1142.364470][T22760] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1142.371535][T22760] Memory cgroup stats for /syz0: [ 1142.371657][T22760] anon 298029056 [ 1142.371657][T22760] file 5066752 [ 1142.371657][T22760] kernel_stack 917504 [ 1142.371657][T22760] slab 6631424 [ 1142.371657][T22760] sock 0 [ 1142.371657][T22760] shmem 0 [ 1142.371657][T22760] file_mapped 5136384 [ 1142.371657][T22760] file_dirty 0 [ 1142.371657][T22760] file_writeback 0 [ 1142.371657][T22760] anon_thp 54525952 [ 1142.371657][T22760] inactive_anon 269955072 [ 1142.371657][T22760] active_anon 1486848 [ 1142.371657][T22760] inactive_file 49152 [ 1142.371657][T22760] active_file 98304 [ 1142.371657][T22760] unevictable 31657984 [ 1142.371657][T22760] slab_reclaimable 1892352 [ 1142.371657][T22760] slab_unreclaimable 4739072 [ 1142.371657][T22760] pgfault 1089231 [ 1142.371657][T22760] pgmajfault 165 [ 1142.371657][T22760] workingset_refault 28974 [ 1142.371657][T22760] workingset_activate 1980 [ 1142.371657][T22760] workingset_nodereclaim 0 [ 1142.371657][T22760] pgrefill 35033 [ 1142.371657][T22760] pgscan 54601 [ 1142.371657][T22760] pgsteal 36723 05:32:57 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x80) 05:32:58 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1142.472908][T22760] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22759,uid=0 [ 1142.489550][T22760] Memory cgroup out of memory: Killed process 22760 (syz-executor.0) total-vm:72708kB, anon-rss:17876kB, file-rss:38076kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 05:32:58 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:32:58 executing program 1 (fault-call:3 fault-nth:5): syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:32:58 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa}], 0x0, 0x0) 05:32:58 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1142.926464][T22812] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1142.992577][T22819] FAULT_INJECTION: forcing a failure. [ 1142.992577][T22819] name failslab, interval 1, probability 0, space 0, times 0 [ 1143.037513][T22819] CPU: 0 PID: 22819 Comm: syz-executor.1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1143.046672][T22819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1143.056745][T22819] Call Trace: [ 1143.060066][T22819] dump_stack+0x172/0x1f0 [ 1143.064420][T22819] should_fail.cold+0xa/0x15 [ 1143.069032][T22819] ? fault_create_debugfs_attr+0x180/0x180 [ 1143.074859][T22819] ? ___might_sleep+0x163/0x280 [ 1143.079728][T22819] __should_failslab+0x121/0x190 [ 1143.084672][T22819] should_failslab+0x9/0x14 [ 1143.089179][T22819] kmem_cache_alloc+0x2aa/0x710 [ 1143.094028][T22819] ? __kasan_check_read+0x11/0x20 [ 1143.099058][T22819] ? __lock_acquire+0x16f2/0x4a00 [ 1143.104089][T22819] ? find_held_lock+0x35/0x130 [ 1143.108862][T22819] __d_alloc+0x2e/0x8c0 [ 1143.113025][T22819] d_alloc+0x4d/0x280 [ 1143.117008][T22819] ? process_measurement+0x7fc/0x16b0 [ 1143.122398][T22819] d_alloc_parallel+0xf4/0x1c30 [ 1143.127252][T22819] ? __lock_acquire+0x16f2/0x4a00 [ 1143.132278][T22819] ? __kasan_check_read+0x11/0x20 [ 1143.137307][T22819] ? lockref_get_not_dead+0x70/0x90 [ 1143.142525][T22819] ? __d_lookup_rcu+0x6c0/0x6c0 [ 1143.147375][T22819] ? __lock_acquire+0x16f2/0x4a00 [ 1143.152400][T22819] ? unlazy_walk+0x1b6/0x560 [ 1143.157003][T22819] ? lockdep_init_map+0x1be/0x6d0 [ 1143.162047][T22819] ? lockdep_init_map+0x1be/0x6d0 [ 1143.167092][T22819] __lookup_slow+0x1ab/0x500 [ 1143.171857][T22819] ? vfs_unlink+0x620/0x620 [ 1143.176360][T22819] ? trailing_symlink+0x990/0x990 [ 1143.181366][T22819] ? path_init+0x18f0/0x18f0 [ 1143.185940][T22819] lookup_slow+0x58/0x80 [ 1143.190166][T22819] walk_component+0x747/0x2000 [ 1143.194911][T22819] ? inode_permission+0xb4/0x560 [ 1143.199833][T22819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1143.206055][T22819] ? path_init+0x18f0/0x18f0 [ 1143.210630][T22819] ? walk_component+0x2000/0x2000 [ 1143.215722][T22819] ? save_stack+0x20/0x90 [ 1143.220039][T22819] path_lookupat.isra.0+0x1f5/0x8d0 [ 1143.225223][T22819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1143.230754][T22819] ? path_parentat.isra.0+0x160/0x160 [ 1143.236113][T22819] ? cache_grow_end+0xa4/0x190 [ 1143.240860][T22819] ? find_held_lock+0x35/0x130 [ 1143.245604][T22819] ? cache_grow_end+0xa4/0x190 [ 1143.250371][T22819] filename_lookup+0x1b0/0x410 [ 1143.255118][T22819] ? debug_smp_processor_id+0x3c/0x214 [ 1143.260569][T22819] ? nd_jump_link+0x1d0/0x1d0 [ 1143.265251][T22819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1143.271475][T22819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1143.277718][T22819] ? __phys_addr_symbol+0x30/0x70 [ 1143.282747][T22819] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1143.288470][T22819] ? __check_object_size+0x3d/0x437 [ 1143.293680][T22819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1143.299918][T22819] ? strncpy_from_user+0x2b4/0x400 [ 1143.305026][T22819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1143.311251][T22819] ? getname_flags+0x277/0x5b0 [ 1143.316003][T22819] user_path_at_empty+0x43/0x50 [ 1143.320841][T22819] do_mount+0x150/0x1c30 [ 1143.325066][T22819] ? __do_page_fault+0x73e/0xdd0 [ 1143.329987][T22819] ? retint_kernel+0x2b/0x2b [ 1143.334559][T22819] ? copy_mount_string+0x40/0x40 [ 1143.339568][T22819] ? copy_mount_options+0x260/0x3f0 [ 1143.344753][T22819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1143.350986][T22819] ? copy_mount_options+0x2e8/0x3f0 [ 1143.356169][T22819] ksys_mount+0xdb/0x150 [ 1143.360398][T22819] __x64_sys_mount+0xbe/0x150 [ 1143.365076][T22819] do_syscall_64+0xfa/0x760 [ 1143.369565][T22819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1143.375437][T22819] RIP: 0033:0x4598e9 [ 1143.379316][T22819] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1143.399510][T22819] RSP: 002b:00007f7c594e1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1143.407902][T22819] RAX: ffffffffffffffda RBX: 00007f7c594e1c90 RCX: 00000000004598e9 [ 1143.415855][T22819] RDX: 00000000200018c0 RSI: 0000000020001880 RDI: 0000000000000000 [ 1143.423827][T22819] RBP: 000000000075bfc8 R08: 0000000020001940 R09: 0000000000000000 [ 1143.431780][T22819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c594e26d4 [ 1143.439731][T22819] R13: 00000000004c5e68 R14: 00000000004da9b0 R15: 0000000000000007 [ 1143.483083][ T26] audit: type=1804 audit(1568179978.953:3153): pid=22806 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/404/bus" dev="sda1" ino=16634 res=1 05:32:59 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa}], 0x0, 0x0) [ 1143.560814][ T26] audit: type=1800 audit(1568179978.953:3154): pid=22806 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16634 res=0 [ 1143.654136][ T26] audit: type=1804 audit(1568179979.093:3155): pid=22802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/713/bus" dev="sda1" ino=16625 res=1 [ 1143.737990][T22828] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1143.762074][ T26] audit: type=1800 audit(1568179979.093:3156): pid=22802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16625 res=0 05:32:59 executing program 4: syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000001600)=[{&(0x7f0000000500)="418587fad094b3d184d9737d313bb01d2258dfdc367e47339876a6edd2212b334ea130e1b18fadd3015535b71b3c4b25856fc1319950e6b962aeead547a50d167a2530e47271b7ecbca536d21cb084a9c2aaf41b5680fd701d7a7465cef1ffa320de5324ef52d5549e041b9b9c4c5e2c20f95ddaf2e453243307d10ddf17a1a00e593c861d0674fb4a0be74e5fb5da62f136817521cff89f65f5e9b5c85d045af118c9c163d4379e796d0a467fb4f3e76c8a0aca62638506a84024f056703b78ca3282fca9e8a991dd5b9b794bb90a6c0642129c08cd4c0ff496c241b4918cbc5df4f55b1fb311470d4f1c3dbd7a8c0d767641f49a162f8e7c4f4fad37954f9b969f96e97006fa39d23c057a628293b468294f9eaf514690919fa5f3afb8f74ece3f1b9211e9af8c04a0c70f9e56097b3e9c1e7b4c3cacb9ef328d8f0ec853ad425d75a89379335095a8cc0d75e8b39536dd1aa2e1092c4d35660e1b896a68614b39179a4f86ecb3aeedd4b6a8f768bf025cbb6c2c2d3525cd02178692725a4ba61b4e6a4d446eaac81311721bba56894ab87583439afba7ebe8c8df3f71226c781f0ea3dfc163a177af03f217004e5e69bd8092086bf72f11350369302fde990ed32713fa1ab267afbcf74f7f8c18c25d244db08513ed4b31495158f5655ca990e8d81c0e256cb216f0a344f591113c1aecd2f99f02ecd0517d", 0x1fa}], 0x0, 0x0) [ 1143.926474][ T26] audit: type=1804 audit(1568179979.393:3157): pid=22831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/632/bus" dev="sda1" ino=16680 res=1 [ 1144.017162][ T26] audit: type=1800 audit(1568179979.433:3158): pid=22831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16680 res=0 [ 1144.089552][T22831] syz-executor.0 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1144.119239][T22833] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 1144.167591][T22831] CPU: 1 PID: 22831 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1144.176749][T22831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.186821][T22831] Call Trace: [ 1144.190128][T22831] dump_stack+0x172/0x1f0 [ 1144.194474][T22831] dump_header+0x177/0x1152 [ 1144.199166][T22831] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1144.204978][T22831] ? ___ratelimit+0x2c8/0x595 [ 1144.209668][T22831] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1144.215491][T22831] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1144.220788][T22831] ? trace_hardirqs_on+0x67/0x240 [ 1144.225832][T22831] ? pagefault_out_of_memory+0x11c/0x11c [ 1144.231477][T22831] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1144.237293][T22831] ? ___ratelimit+0x60/0x595 [ 1144.241891][T22831] ? do_raw_spin_unlock+0x57/0x270 [ 1144.247014][T22831] oom_kill_process.cold+0x10/0x15 [ 1144.252143][T22831] out_of_memory+0x334/0x1340 [ 1144.256840][T22831] ? lock_downgrade+0x920/0x920 [ 1144.261708][T22831] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1144.267564][T22831] ? oom_killer_disable+0x280/0x280 [ 1144.272793][T22831] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1144.278351][T22831] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1144.284035][T22831] ? do_raw_spin_unlock+0x57/0x270 [ 1144.289173][T22831] ? _raw_spin_unlock+0x2d/0x50 [ 1144.294040][T22831] try_charge+0xf4b/0x1440 [ 1144.298471][T22831] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1144.304022][T22831] ? percpu_ref_tryget_live+0x111/0x290 [ 1144.309580][T22831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 05:32:59 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:32:59 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x80) [ 1144.315839][T22831] ? __kasan_check_read+0x11/0x20 [ 1144.321627][T22831] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1144.321648][T22831] mem_cgroup_try_charge+0x136/0x590 [ 1144.321676][T22831] __add_to_page_cache_locked+0x43f/0xec0 [ 1144.321695][T22831] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1144.321712][T22831] ? __kasan_check_read+0x11/0x20 [ 1144.321729][T22831] ? unaccount_page_cache_page+0xda0/0xda0 [ 1144.321743][T22831] ? __alloc_pages_nodemask+0x658/0x900 [ 1144.321760][T22831] ? xas_descend+0x144/0x370 [ 1144.321777][T22831] ? shadow_lru_isolate+0x430/0x430 [ 1144.321796][T22831] add_to_page_cache_lru+0x1d8/0x790 05:33:00 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1144.321811][T22831] ? add_to_page_cache_locked+0x40/0x40 [ 1144.321824][T22831] ? __page_cache_alloc+0x116/0x490 [ 1144.321839][T22831] pagecache_get_page+0x3be/0x900 [ 1144.321851][T22831] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1144.321866][T22831] grab_cache_page_write_begin+0x75/0xb0 [ 1144.321882][T22831] ext4_da_write_begin+0x2ec/0xb80 [ 1144.321902][T22831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1144.321916][T22831] ? ext4_write_begin+0xd20/0xd20 [ 1144.321929][T22831] ? iov_iter_zero+0xfa0/0xfa0 [ 1144.321947][T22831] generic_perform_write+0x23b/0x540 [ 1144.321968][T22831] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1144.321982][T22831] ? current_time+0x140/0x140 [ 1144.321996][T22831] ? generic_write_check_limits.isra.0+0x270/0x270 [ 1144.322012][T22831] __generic_file_write_iter+0x25e/0x630 [ 1144.322027][T22831] ext4_file_write_iter+0x317/0x13c0 [ 1144.322043][T22831] ? ext4_release_file+0x380/0x380 [ 1144.322055][T22831] ? __kasan_check_read+0x11/0x20 [ 1144.322068][T22831] ? __lock_acquire+0x16f2/0x4a00 [ 1144.322080][T22831] ? __kasan_check_read+0x11/0x20 [ 1144.322090][T22831] ? mark_lock+0xc2/0x1220 [ 1144.322104][T22831] do_iter_readv_writev+0x5f8/0x8f0 [ 1144.322118][T22831] ? no_seek_end_llseek_size+0x70/0x70 [ 1144.322132][T22831] ? apparmor_file_permission+0x25/0x30 [ 1144.322148][T22831] ? rw_verify_area+0x126/0x360 [ 1144.322160][T22831] do_iter_write+0x184/0x610 [ 1144.322172][T22831] ? __kmalloc+0x608/0x770 [ 1144.322186][T22831] vfs_iter_write+0x77/0xb0 [ 1144.322203][T22831] iter_file_splice_write+0x66d/0xbe0 [ 1144.322214][T22831] ? atime_needs_update+0x5f0/0x5f0 [ 1144.322235][T22831] ? page_cache_pipe_buf_release+0x180/0x180 [ 1144.322258][T22831] ? rw_verify_area+0x126/0x360 [ 1144.322270][T22831] ? page_cache_pipe_buf_release+0x180/0x180 [ 1144.322300][T22831] direct_splice_actor+0x123/0x190 [ 1144.322315][T22831] splice_direct_to_actor+0x366/0x970 [ 1144.322329][T22831] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1144.322345][T22831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1144.322356][T22831] ? do_splice_to+0x180/0x180 [ 1144.322368][T22831] ? rw_verify_area+0x126/0x360 [ 1144.322383][T22831] do_splice_direct+0x1da/0x2a0 [ 1144.322396][T22831] ? splice_direct_to_actor+0x970/0x970 [ 1144.322411][T22831] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1144.322427][T22831] ? __this_cpu_preempt_check+0x3a/0x210 [ 1144.322441][T22831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1144.322453][T22831] ? __sb_start_write+0x1e5/0x460 [ 1144.322465][T22831] do_sendfile+0x597/0xd00 [ 1144.322483][T22831] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1144.322494][T22831] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1144.322507][T22831] ? put_timespec64+0xda/0x140 [ 1144.322526][T22831] __x64_sys_sendfile64+0x1dd/0x220 [ 1144.322538][T22831] ? __ia32_sys_sendfile+0x230/0x230 [ 1144.322551][T22831] ? do_syscall_64+0x26/0x760 [ 1144.322562][T22831] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1144.322575][T22831] ? trace_hardirqs_on+0x67/0x240 [ 1144.322589][T22831] do_syscall_64+0xfa/0x760 [ 1144.322605][T22831] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1144.322615][T22831] RIP: 0033:0x4598e9 [ 1144.322628][T22831] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1144.322634][T22831] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1144.322645][T22831] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 1144.322651][T22831] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1144.322657][T22831] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1144.322664][T22831] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb972f886d4 [ 1144.322670][T22831] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff [ 1144.336084][T22831] memory: usage 307172kB, limit 307200kB, failcnt 17813 [ 1144.336096][T22831] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1144.336101][T22831] Memory cgroup stats for /syz0: [ 1144.336220][T22831] anon 298024960 [ 1144.336220][T22831] file 5201920 [ 1144.336220][T22831] kernel_stack 851968 [ 1144.336220][T22831] slab 6631424 [ 1144.336220][T22831] sock 0 [ 1144.336220][T22831] shmem 0 [ 1144.336220][T22831] file_mapped 5136384 [ 1144.336220][T22831] file_dirty 0 [ 1144.336220][T22831] file_writeback 0 [ 1144.336220][T22831] anon_thp 48234496 [ 1144.336220][T22831] inactive_anon 269881344 [ 1144.336220][T22831] active_anon 1486848 [ 1144.336220][T22831] inactive_file 184320 [ 1144.336220][T22831] active_file 98304 [ 1144.336220][T22831] unevictable 31645696 [ 1144.336220][T22831] slab_reclaimable 1892352 [ 1144.336220][T22831] slab_unreclaimable 4739072 [ 1144.336220][T22831] pgfault 1093323 [ 1144.336220][T22831] pgmajfault 165 [ 1144.336220][T22831] workingset_refault 29040 [ 1144.336220][T22831] workingset_activate 1980 [ 1144.336220][T22831] workingset_nodereclaim 0 [ 1144.336220][T22831] pgrefill 35100 [ 1144.336220][T22831] pgscan 54968 [ 1144.336220][T22831] pgsteal 36789 [ 1144.336239][T22831] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22817,uid=0 05:33:00 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:33:00 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(0x0, 0x1, 0x80) [ 1144.336350][T22831] Memory cgroup out of memory: Killed process 22831 (syz-executor.0) total-vm:72708kB, anon-rss:17876kB, file-rss:41180kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 05:33:00 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r1, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r1, r2, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) r3 = socket$inet6(0xa, 0x5, 0x0) connect$l2tp(r2, &(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x4e23, @empty}, 0x2, 0x2, 0x4, 0x1}}, 0x2e) fallocate(r0, 0x0, 0x0, 0x1000f4) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) ioctl$TIOCLINUX5(r4, 0x541c, &(0x7f0000000080)={0x5, 0x1, 0xf7, 0xfffffffffffffffc, 0x9}) accept4$packet(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x14, 0x81800) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r5, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) sendfile(r0, r5, 0x0, 0x8000fffffffe) 05:33:01 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x2, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:01 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:33:01 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x80) [ 1146.156031][T22857] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1146.241395][T22857] CPU: 0 PID: 22857 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1146.250547][T22857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1146.260609][T22857] Call Trace: [ 1146.263924][T22857] dump_stack+0x172/0x1f0 [ 1146.268272][T22857] dump_header+0x177/0x1152 [ 1146.272800][T22857] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1146.278607][T22857] ? ___ratelimit+0x2c8/0x595 [ 1146.283295][T22857] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1146.289116][T22857] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1146.294426][T22857] ? trace_hardirqs_on+0x67/0x240 [ 1146.299463][T22857] ? pagefault_out_of_memory+0x11c/0x11c [ 1146.305109][T22857] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1146.310930][T22857] ? ___ratelimit+0x60/0x595 [ 1146.315531][T22857] ? do_raw_spin_unlock+0x57/0x270 [ 1146.320666][T22857] oom_kill_process.cold+0x10/0x15 [ 1146.325798][T22857] out_of_memory+0x334/0x1340 [ 1146.330492][T22857] ? lock_downgrade+0x920/0x920 [ 1146.335367][T22857] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1146.341220][T22857] ? oom_killer_disable+0x280/0x280 [ 1146.346449][T22857] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1146.352018][T22857] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1146.357670][T22857] ? do_raw_spin_unlock+0x57/0x270 [ 1146.362804][T22857] ? _raw_spin_unlock+0x2d/0x50 [ 1146.367670][T22857] try_charge+0xf4b/0x1440 [ 1146.372108][T22857] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1146.377674][T22857] ? find_held_lock+0x35/0x130 [ 1146.382451][T22857] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1146.388015][T22857] ? lock_downgrade+0x920/0x920 [ 1146.392877][T22857] ? percpu_ref_tryget_live+0x111/0x290 [ 1146.398433][T22857] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1146.403903][T22857] ? memcg_kmem_put_cache+0x50/0x50 [ 1146.409116][T22857] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1146.414675][T22857] __memcg_kmem_charge+0x13a/0x3a0 [ 1146.419796][T22857] __alloc_pages_nodemask+0x4f7/0x900 [ 1146.425185][T22857] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1146.430909][T22857] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1146.436630][T22857] ? percpu_ref_put_many+0xb6/0x190 [ 1146.441840][T22857] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1146.447591][T22857] ? trace_hardirqs_on+0x67/0x240 [ 1146.452618][T22857] ? __kasan_check_read+0x11/0x20 [ 1146.457651][T22857] copy_process+0x3f8/0x6830 [ 1146.462272][T22857] ? psi_memstall_leave+0x12e/0x180 [ 1146.467493][T22857] ? __cleanup_sighand+0x60/0x60 [ 1146.472443][T22857] ? __kasan_check_read+0x11/0x20 [ 1146.477470][T22857] ? __lock_acquire+0x8a0/0x4a00 [ 1146.482415][T22857] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1146.487622][T22857] _do_fork+0x146/0xfa0 [ 1146.491815][T22857] ? copy_init_mm+0x20/0x20 [ 1146.496328][T22857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1146.502570][T22857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1146.508808][T22857] ? debug_smp_processor_id+0x3c/0x214 [ 1146.514272][T22857] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1146.520462][T22857] __x64_sys_clone+0x1ab/0x270 [ 1146.525227][T22857] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1146.531213][T22857] ? __ia32_sys_vfork+0xd0/0xd0 [ 1146.536074][T22857] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1146.542421][T22857] ? do_syscall_64+0x26/0x760 [ 1146.547102][T22857] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1146.552403][T22857] ? trace_hardirqs_on+0x67/0x240 [ 1146.557438][T22857] do_syscall_64+0xfa/0x760 [ 1146.561949][T22857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1146.567837][T22857] RIP: 0033:0x45c2b9 [ 1146.571734][T22857] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 05:33:02 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x3, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1146.591547][T22857] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1146.591565][T22857] RAX: ffffffffffffffda RBX: 00007fb972f67700 RCX: 000000000045c2b9 [ 1146.591573][T22857] RDX: 00007fb972f679d0 RSI: 00007fb972f66db0 RDI: 00000000003d0f00 [ 1146.591582][T22857] RBP: 00007ffc960a1610 R08: 00007fb972f67700 R09: 00007fb972f67700 [ 1146.591588][T22857] R10: 00007fb972f679d0 R11: 0000000000000202 R12: 0000000000000000 [ 1146.591605][T22857] R13: 00007ffc960a14af R14: 00007fb972f679c0 R15: 000000000075c07c [ 1146.667583][T22857] memory: usage 307200kB, limit 307200kB, failcnt 18204 [ 1146.683287][T22857] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1146.742013][T22857] Memory cgroup stats for /syz0: [ 1146.742160][T22857] anon 297934848 [ 1146.742160][T22857] file 5337088 [ 1146.742160][T22857] kernel_stack 917504 [ 1146.742160][T22857] slab 6496256 [ 1146.742160][T22857] sock 0 [ 1146.742160][T22857] shmem 0 [ 1146.742160][T22857] file_mapped 5271552 [ 1146.742160][T22857] file_dirty 0 [ 1146.742160][T22857] file_writeback 0 [ 1146.742160][T22857] anon_thp 46137344 [ 1146.742160][T22857] inactive_anon 269955072 [ 1146.742160][T22857] active_anon 1486848 [ 1146.742160][T22857] inactive_file 0 [ 1146.742160][T22857] active_file 98304 [ 1146.742160][T22857] unevictable 31920128 [ 1146.742160][T22857] slab_reclaimable 1892352 [ 1146.742160][T22857] slab_unreclaimable 4603904 [ 1146.742160][T22857] pgfault 1097976 [ 1146.742160][T22857] pgmajfault 165 [ 1146.742160][T22857] workingset_refault 29238 [ 1146.742160][T22857] workingset_activate 1980 [ 1146.742160][T22857] workingset_nodereclaim 0 [ 1146.742160][T22857] pgrefill 35433 [ 1146.742160][T22857] pgscan 55628 [ 1146.742160][T22857] pgsteal 36994 [ 1146.977459][T22857] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22857,uid=0 [ 1147.024688][T22857] Memory cgroup out of memory: Killed process 22857 (syz-executor.0) total-vm:72840kB, anon-rss:17852kB, file-rss:40368kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 05:33:02 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:33:02 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:33:02 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x4, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1147.227132][ T1065] oom_reaper: reaped process 22857 (syz-executor.0), now anon-rss:17836kB, file-rss:40380kB, shmem-rss:0kB [ 1147.555016][T22893] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 05:33:03 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f0000000140)) shmget$private(0x0, 0x2000, 0x200, &(0x7f0000ffe000/0x2000)=nil) [ 1147.662339][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 1147.662355][ T26] audit: type=1804 audit(1568179983.133:3171): pid=22883 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/406/bus" dev="sda1" ino=16668 res=1 [ 1147.696301][T22893] CPU: 0 PID: 22893 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1147.705439][T22893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1147.715511][T22893] Call Trace: [ 1147.718819][T22893] dump_stack+0x172/0x1f0 [ 1147.723172][T22893] dump_header+0x177/0x1152 [ 1147.727697][T22893] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1147.733505][T22893] ? ___ratelimit+0x2c8/0x595 [ 1147.738198][T22893] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1147.744018][T22893] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1147.749312][T22893] ? trace_hardirqs_on+0x67/0x240 [ 1147.754348][T22893] ? pagefault_out_of_memory+0x11c/0x11c [ 1147.759988][T22893] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1147.765797][T22893] ? ___ratelimit+0x60/0x595 [ 1147.770396][T22893] ? do_raw_spin_unlock+0x57/0x270 [ 1147.775519][T22893] oom_kill_process.cold+0x10/0x15 [ 1147.780639][T22893] out_of_memory+0x334/0x1340 [ 1147.785328][T22893] ? lock_downgrade+0x920/0x920 [ 1147.790191][T22893] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1147.796007][T22893] ? oom_killer_disable+0x280/0x280 [ 1147.801226][T22893] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1147.806795][T22893] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1147.812439][T22893] ? do_raw_spin_unlock+0x57/0x270 [ 1147.817557][T22893] ? _raw_spin_unlock+0x2d/0x50 [ 1147.822421][T22893] try_charge+0xf4b/0x1440 [ 1147.826850][T22893] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1147.832419][T22893] ? percpu_ref_tryget_live+0x111/0x290 [ 1147.837986][T22893] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1147.844244][T22893] ? __kasan_check_read+0x11/0x20 [ 1147.849293][T22893] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1147.854858][T22893] mem_cgroup_try_charge+0x136/0x590 [ 1147.860162][T22893] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1147.866422][T22893] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1147.872070][T22893] __handle_mm_fault+0x1e34/0x3f20 [ 1147.877199][T22893] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1147.882768][T22893] ? __kasan_check_read+0x11/0x20 [ 1147.887803][T22893] handle_mm_fault+0x1b5/0x6c0 [ 1147.892576][T22893] __get_user_pages+0x7d4/0x1b30 [ 1147.897514][T22893] ? mark_held_locks+0xf0/0xf0 [ 1147.902293][T22893] ? follow_page_mask+0x1cf0/0x1cf0 [ 1147.907494][T22893] ? __mm_populate+0x270/0x380 [ 1147.912274][T22893] ? memset+0x32/0x40 [ 1147.916271][T22893] populate_vma_page_range+0x20d/0x2a0 [ 1147.921769][T22893] __mm_populate+0x204/0x380 [ 1147.926369][T22893] ? populate_vma_page_range+0x2a0/0x2a0 [ 1147.932008][T22893] ? up_write+0x1c8/0x490 [ 1147.936346][T22893] __x64_sys_mremap+0x7dc/0xb80 [ 1147.941209][T22893] ? mremap_to+0x750/0x750 [ 1147.945640][T22893] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1147.951105][T22893] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1147.956572][T22893] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1147.962643][T22893] ? do_syscall_64+0x26/0x760 [ 1147.967347][T22893] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1147.972639][T22893] ? trace_hardirqs_on+0x67/0x240 [ 1147.977675][T22893] do_syscall_64+0xfa/0x760 [ 1147.982191][T22893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1147.988084][T22893] RIP: 0033:0x4598e9 [ 1147.991981][T22893] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1148.011596][T22893] RSP: 002b:00007fc354394c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1148.020031][T22893] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1148.028016][T22893] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1148.036012][T22893] RBP: 000000000075c070 R08: 0000000020130000 R09: 0000000000000000 [ 1148.043993][T22893] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543956d4 [ 1148.048897][ T26] audit: type=1800 audit(1568179983.163:3172): pid=22883 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16668 res=0 [ 1148.051964][T22893] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff 05:33:03 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x5, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1148.127796][ T26] audit: type=1804 audit(1568179983.163:3173): pid=22922 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/634/bus" dev="sda1" ino=16669 res=1 [ 1148.223190][T22893] memory: usage 307120kB, limit 307200kB, failcnt 34931 [ 1148.235754][ T26] audit: type=1800 audit(1568179983.163:3174): pid=22922 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16669 res=0 [ 1148.255839][T22893] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1148.284989][T22893] Memory cgroup stats for /syz4: [ 1148.285114][T22893] anon 301703168 [ 1148.285114][T22893] file 4755456 [ 1148.285114][T22893] kernel_stack 655360 [ 1148.285114][T22893] slab 4337664 [ 1148.285114][T22893] sock 0 [ 1148.285114][T22893] shmem 0 [ 1148.285114][T22893] file_mapped 4595712 [ 1148.285114][T22893] file_dirty 135168 [ 1148.285114][T22893] file_writeback 0 [ 1148.285114][T22893] anon_thp 211812352 [ 1148.285114][T22893] inactive_anon 254787584 [ 1148.285114][T22893] active_anon 4669440 [ 1148.285114][T22893] inactive_file 0 [ 1148.285114][T22893] active_file 192512 [ 1148.285114][T22893] unevictable 47013888 [ 1148.285114][T22893] slab_reclaimable 1486848 [ 1148.285114][T22893] slab_unreclaimable 2850816 [ 1148.285114][T22893] pgfault 1436193 [ 1148.285114][T22893] pgmajfault 561 [ 1148.285114][T22893] workingset_refault 64548 [ 1148.285114][T22893] workingset_activate 17523 [ 1148.285114][T22893] workingset_nodereclaim 0 [ 1148.285114][T22893] pgrefill 90199 [ 1148.285114][T22893] pgscan 118769 [ 1148.332005][ T26] audit: type=1804 audit(1568179983.573:3175): pid=22904 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/472/bus" dev="sda1" ino=16696 res=1 [ 1148.447465][T22893] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22850,uid=0 [ 1148.492052][T22893] Memory cgroup out of memory: Killed process 22893 (syz-executor.4) total-vm:72832kB, anon-rss:16748kB, file-rss:42816kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1148.548098][ T26] audit: type=1800 audit(1568179983.573:3176): pid=22904 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16696 res=0 [ 1148.577024][ T1065] oom_reaper: reaped process 22893 (syz-executor.4), now anon-rss:16732kB, file-rss:42816kB, shmem-rss:0kB [ 1148.591251][T22922] syz-executor.0 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1148.640885][T22922] CPU: 1 PID: 22922 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1148.650041][T22922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.660244][T22922] Call Trace: [ 1148.663556][T22922] dump_stack+0x172/0x1f0 [ 1148.667992][T22922] dump_header+0x177/0x1152 [ 1148.672515][T22922] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1148.678339][T22922] ? ___ratelimit+0x2c8/0x595 [ 1148.683036][T22922] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1148.688870][T22922] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1148.694177][T22922] ? trace_hardirqs_on+0x67/0x240 [ 1148.699224][T22922] ? pagefault_out_of_memory+0x11c/0x11c [ 1148.704870][T22922] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1148.710703][T22922] ? ___ratelimit+0x60/0x595 [ 1148.715314][T22922] ? do_raw_spin_unlock+0x57/0x270 [ 1148.720448][T22922] oom_kill_process.cold+0x10/0x15 [ 1148.725577][T22922] out_of_memory+0x334/0x1340 [ 1148.730264][T22922] ? lock_downgrade+0x920/0x920 [ 1148.735128][T22922] ? oom_killer_disable+0x280/0x280 [ 1148.740350][T22922] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1148.745904][T22922] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1148.751549][T22922] ? do_raw_spin_unlock+0x57/0x270 [ 1148.756674][T22922] ? _raw_spin_unlock+0x2d/0x50 [ 1148.761542][T22922] try_charge+0xf4b/0x1440 [ 1148.765993][T22922] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1148.771545][T22922] ? percpu_ref_tryget_live+0x111/0x290 [ 1148.777104][T22922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.783372][T22922] ? __kasan_check_read+0x11/0x20 [ 1148.788411][T22922] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1148.793969][T22922] mem_cgroup_try_charge+0x136/0x590 [ 1148.799278][T22922] __add_to_page_cache_locked+0x43f/0xec0 [ 1148.805005][T22922] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1148.810995][T22922] ? __kasan_check_read+0x11/0x20 [ 1148.816039][T22922] ? unaccount_page_cache_page+0xda0/0xda0 [ 1148.821856][T22922] ? __alloc_pages_nodemask+0x658/0x900 [ 1148.827426][T22922] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1148.833680][T22922] ? xas_start+0x166/0x560 [ 1148.838123][T22922] ? shadow_lru_isolate+0x430/0x430 [ 1148.843349][T22922] add_to_page_cache_lru+0x1d8/0x790 [ 1148.848650][T22922] ? add_to_page_cache_locked+0x40/0x40 [ 1148.854209][T22922] ? __page_cache_alloc+0x116/0x490 [ 1148.859425][T22922] pagecache_get_page+0x3be/0x900 [ 1148.864464][T22922] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1148.870053][T22922] grab_cache_page_write_begin+0x75/0xb0 [ 1148.875715][T22922] ext4_da_write_begin+0x2ec/0xb80 [ 1148.880848][T22922] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 1148.886665][T22922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.892918][T22922] ? ext4_write_begin+0xd20/0xd20 [ 1148.897968][T22922] ? iov_iter_zero+0xfa0/0xfa0 [ 1148.902748][T22922] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1148.908486][T22922] ? ktime_get_coarse_real_ts64+0x1ba/0x2b0 [ 1148.914388][T22922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.920643][T22922] generic_perform_write+0x23b/0x540 [ 1148.925930][T22922] ? timespec64_trunc+0x180/0x180 [ 1148.930977][T22922] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1148.930997][T22922] ? current_time+0x140/0x140 [ 1148.931014][T22922] ? generic_write_check_limits.isra.0+0x270/0x270 [ 1148.931034][T22922] __generic_file_write_iter+0x25e/0x630 [ 1148.931055][T22922] ext4_file_write_iter+0x317/0x13c0 [ 1148.931076][T22922] ? ext4_release_file+0x380/0x380 [ 1148.931095][T22922] ? __kasan_check_read+0x11/0x20 [ 1148.971316][T22922] ? __lock_acquire+0x16f2/0x4a00 [ 1148.976358][T22922] ? __kasan_check_read+0x11/0x20 [ 1148.981387][T22922] ? mark_lock+0xc2/0x1220 [ 1148.985817][T22922] do_iter_readv_writev+0x5f8/0x8f0 [ 1148.991034][T22922] ? no_seek_end_llseek_size+0x70/0x70 [ 1148.996497][T22922] ? apparmor_file_permission+0x25/0x30 [ 1149.002054][T22922] ? rw_verify_area+0x126/0x360 [ 1149.006920][T22922] do_iter_write+0x184/0x610 [ 1149.011518][T22922] ? __kmalloc+0x608/0x770 [ 1149.015943][T22922] vfs_iter_write+0x77/0xb0 [ 1149.020464][T22922] iter_file_splice_write+0x66d/0xbe0 [ 1149.025846][T22922] ? atime_needs_update+0x5f0/0x5f0 [ 1149.031068][T22922] ? page_cache_pipe_buf_release+0x180/0x180 [ 1149.037069][T22922] ? rw_verify_area+0x126/0x360 [ 1149.041935][T22922] ? page_cache_pipe_buf_release+0x180/0x180 [ 1149.047934][T22922] direct_splice_actor+0x123/0x190 [ 1149.053073][T22922] splice_direct_to_actor+0x366/0x970 [ 1149.058456][T22922] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1149.064017][T22922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.070270][T22922] ? do_splice_to+0x180/0x180 [ 1149.074998][T22922] ? rw_verify_area+0x126/0x360 [ 1149.079862][T22922] do_splice_direct+0x1da/0x2a0 [ 1149.084730][T22922] ? splice_direct_to_actor+0x970/0x970 [ 1149.090282][T22922] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1149.095675][T22922] ? __this_cpu_preempt_check+0x3a/0x210 [ 1149.101412][T22922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1149.107659][T22922] ? __sb_start_write+0x1e5/0x460 [ 1149.112695][T22922] do_sendfile+0x597/0xd00 [ 1149.117129][T22922] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1149.122424][T22922] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1149.128697][T22922] ? put_timespec64+0xda/0x140 [ 1149.133489][T22922] __x64_sys_sendfile64+0x1dd/0x220 [ 1149.138694][T22922] ? __ia32_sys_sendfile+0x230/0x230 [ 1149.144418][T22922] ? do_syscall_64+0x26/0x760 [ 1149.149106][T22922] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1149.154397][T22922] ? trace_hardirqs_on+0x67/0x240 [ 1149.159525][T22922] do_syscall_64+0xfa/0x760 [ 1149.164049][T22922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1149.169945][T22922] RIP: 0033:0x4598e9 [ 1149.173877][T22922] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:33:04 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x0) [ 1149.193497][T22922] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1149.201935][T22922] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 1149.209922][T22922] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1149.217904][T22922] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1149.225891][T22922] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb972f886d4 [ 1149.233871][T22922] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff 05:33:04 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(0x0, 0x1, 0x80) 05:33:04 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:33:04 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1149.265568][T22922] memory: usage 307200kB, limit 307200kB, failcnt 18285 [ 1149.286165][T22922] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1149.369605][T22922] Memory cgroup stats for /syz0: [ 1149.369734][T22922] anon 298037248 [ 1149.369734][T22922] file 5337088 [ 1149.369734][T22922] kernel_stack 917504 [ 1149.369734][T22922] slab 6361088 [ 1149.369734][T22922] sock 0 [ 1149.369734][T22922] shmem 0 [ 1149.369734][T22922] file_mapped 5271552 [ 1149.369734][T22922] file_dirty 0 [ 1149.369734][T22922] file_writeback 0 [ 1149.369734][T22922] anon_thp 46137344 [ 1149.369734][T22922] inactive_anon 269955072 [ 1149.369734][T22922] active_anon 1486848 [ 1149.369734][T22922] inactive_file 49152 [ 1149.369734][T22922] active_file 98304 [ 1149.369734][T22922] unevictable 31920128 [ 1149.369734][T22922] slab_reclaimable 1757184 [ 1149.369734][T22922] slab_unreclaimable 4603904 [ 1149.369734][T22922] pgfault 1102563 [ 1149.369734][T22922] pgmajfault 165 [ 1149.369734][T22922] workingset_refault 29271 [ 1149.369734][T22922] workingset_activate 1980 [ 1149.369734][T22922] workingset_nodereclaim 0 [ 1149.369734][T22922] pgrefill 35974 [ 1149.369734][T22922] pgscan 56164 [ 1149.369734][T22922] pgsteal 37027 [ 1149.452307][ T26] audit: type=1804 audit(1568179984.923:3177): pid=22951 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/473/bus" dev="sda1" ino=16666 res=1 05:33:05 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x6, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1149.647617][T22922] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22920,uid=0 [ 1149.649470][ T26] audit: type=1800 audit(1568179984.973:3178): pid=22951 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16666 res=0 [ 1149.757833][T22922] Memory cgroup out of memory: Killed process 22920 (syz-executor.0) total-vm:72840kB, anon-rss:17852kB, file-rss:37240kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1149.862761][ T1065] oom_reaper: reaped process 22920 (syz-executor.0), now anon-rss:17836kB, file-rss:37240kB, shmem-rss:0kB [ 1150.088632][ T26] audit: type=1804 audit(1568179985.563:3179): pid=22963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/484/bus" dev="sda1" ino=16708 res=1 05:33:05 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x7, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1150.223266][ T26] audit: type=1800 audit(1568179985.593:3180): pid=22963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16708 res=0 05:33:05 executing program 0: mlockall(0x1) r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r0, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r1 = socket$bt_hidp(0x1f, 0x3, 0x6) dup2(r0, r1) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1000f4) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r3, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r3, 0x0, 0x0, 0x1000f4) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r3, r4, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000200)=r3, 0x4) ioctl$VIDIOC_G_CTRL(r4, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$SIOCX25GSUBSCRIP(r4, 0x89e0, &(0x7f0000000140)={'eql\x00', 0x20000, 0x3}) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r2, r5, 0x0, 0x8000fffffffe) 05:33:06 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x8, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1151.232392][T22975] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1151.357401][T22975] CPU: 0 PID: 22975 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1151.366548][T22975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.376614][T22975] Call Trace: [ 1151.379923][T22975] dump_stack+0x172/0x1f0 [ 1151.384271][T22975] dump_header+0x177/0x1152 [ 1151.388884][T22975] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1151.394708][T22975] ? ___ratelimit+0x2c8/0x595 [ 1151.399397][T22975] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1151.405214][T22975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1151.410599][T22975] ? trace_hardirqs_on+0x67/0x240 [ 1151.415643][T22975] ? pagefault_out_of_memory+0x11c/0x11c [ 1151.421291][T22975] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1151.427109][T22975] ? ___ratelimit+0x60/0x595 [ 1151.431703][T22975] ? do_raw_spin_unlock+0x57/0x270 [ 1151.436833][T22975] oom_kill_process.cold+0x10/0x15 [ 1151.441958][T22975] out_of_memory+0x334/0x1340 [ 1151.446744][T22975] ? lock_downgrade+0x920/0x920 [ 1151.451608][T22975] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1151.457446][T22975] ? oom_killer_disable+0x280/0x280 [ 1151.457484][T22975] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1151.468203][T22975] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1151.475457][T22975] ? do_raw_spin_unlock+0x57/0x270 [ 1151.480610][T22975] ? _raw_spin_unlock+0x2d/0x50 [ 1151.485490][T22975] try_charge+0xf4b/0x1440 [ 1151.489928][T22975] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1151.495482][T22975] ? find_held_lock+0x35/0x130 [ 1151.500259][T22975] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1151.505827][T22975] ? lock_downgrade+0x920/0x920 [ 1151.510689][T22975] ? percpu_ref_tryget_live+0x111/0x290 [ 1151.516252][T22975] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1151.521730][T22975] ? memcg_kmem_put_cache+0x50/0x50 [ 1151.526946][T22975] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1151.532509][T22975] __memcg_kmem_charge+0x13a/0x3a0 [ 1151.537634][T22975] __alloc_pages_nodemask+0x4f7/0x900 [ 1151.543014][T22975] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1151.548577][T22975] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1151.554311][T22975] ? percpu_ref_put_many+0xb6/0x190 [ 1151.559528][T22975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1151.564844][T22975] ? trace_hardirqs_on+0x67/0x240 [ 1151.569872][T22975] ? __kasan_check_read+0x11/0x20 [ 1151.574940][T22975] copy_process+0x3f8/0x6830 [ 1151.579543][T22975] ? psi_memstall_leave+0x12e/0x180 [ 1151.584765][T22975] ? __cleanup_sighand+0x60/0x60 [ 1151.589722][T22975] ? __kasan_check_read+0x11/0x20 [ 1151.594755][T22975] ? __lock_acquire+0x8a0/0x4a00 [ 1151.599709][T22975] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1151.604925][T22975] _do_fork+0x146/0xfa0 [ 1151.609090][T22975] ? copy_init_mm+0x20/0x20 [ 1151.613610][T22975] ? lock_downgrade+0x920/0x920 [ 1151.618475][T22975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1151.624730][T22975] __x64_sys_clone+0x1ab/0x270 [ 1151.631333][T22975] ? __ia32_sys_vfork+0xd0/0xd0 [ 1151.636204][T22975] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 1151.641854][T22975] ? mem_cgroup_handle_over_high+0x21b/0x2a0 [ 1151.647858][T22975] ? do_syscall_64+0x26/0x760 [ 1151.652546][T22975] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1151.657844][T22975] ? trace_hardirqs_on+0x67/0x240 [ 1151.663322][T22975] do_syscall_64+0xfa/0x760 [ 1151.667847][T22975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1151.673737][T22975] RIP: 0033:0x45c2b9 [ 1151.677634][T22975] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1151.697256][T22975] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 05:33:07 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1151.705685][T22975] RAX: ffffffffffffffda RBX: 00007fb972f67700 RCX: 000000000045c2b9 [ 1151.713671][T22975] RDX: 00007fb972f679d0 RSI: 00007fb972f66db0 RDI: 00000000003d0f00 [ 1151.721674][T22975] RBP: 00007ffc960a1610 R08: 00007fb972f67700 R09: 00007fb972f67700 [ 1151.729657][T22975] R10: 00007fb972f679d0 R11: 0000000000000202 R12: 0000000000000000 [ 1151.737631][T22975] R13: 00007ffc960a14af R14: 00007fb972f679c0 R15: 000000000075c07c 05:33:07 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x9, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:07 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:33:07 executing program 4: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:33:07 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x0) [ 1152.088122][T22975] memory: usage 307192kB, limit 307200kB, failcnt 18614 [ 1152.100009][T22975] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1152.138210][T22975] Memory cgroup stats for /syz0: [ 1152.139041][T22975] anon 298008576 [ 1152.139041][T22975] file 5472256 [ 1152.139041][T22975] kernel_stack 851968 [ 1152.139041][T22975] slab 6225920 [ 1152.139041][T22975] sock 0 [ 1152.139041][T22975] shmem 0 [ 1152.139041][T22975] file_mapped 5406720 [ 1152.139041][T22975] file_dirty 0 [ 1152.139041][T22975] file_writeback 0 [ 1152.139041][T22975] anon_thp 48234496 [ 1152.139041][T22975] inactive_anon 270090240 [ 1152.139041][T22975] active_anon 1486848 [ 1152.139041][T22975] inactive_file 49152 [ 1152.139041][T22975] active_file 98304 [ 1152.139041][T22975] unevictable 32120832 [ 1152.139041][T22975] slab_reclaimable 1757184 [ 1152.139041][T22975] slab_unreclaimable 4468736 [ 1152.139041][T22975] pgfault 1106655 [ 1152.139041][T22975] pgmajfault 165 [ 1152.139041][T22975] workingset_refault 29337 [ 1152.139041][T22975] workingset_activate 1980 [ 1152.139041][T22975] workingset_nodereclaim 0 [ 1152.139041][T22975] pgrefill 36842 [ 1152.139041][T22975] pgscan 57298 [ 1152.139041][T22975] pgsteal 37162 05:33:07 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x10, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1152.454124][T22975] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22975,uid=0 [ 1152.484112][T22975] Memory cgroup out of memory: Killed process 22975 (syz-executor.0) total-vm:72840kB, anon-rss:17856kB, file-rss:40312kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1152.553185][ T1065] oom_reaper: reaped process 22975 (syz-executor.0), now anon-rss:17840kB, file-rss:40492kB, shmem-rss:0kB [ 1152.816133][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 1152.816150][ T26] audit: type=1804 audit(1568179988.283:3186): pid=23031 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/485/bus" dev="sda1" ino=16741 res=1 05:33:08 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x300, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1152.956585][ T26] audit: type=1800 audit(1568179988.323:3187): pid=23031 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16741 res=0 05:33:08 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x200200, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) ioctl$SIOCX25SENDCALLACCPT(0xffffffffffffffff, 0x89e9) [ 1153.171055][ T26] audit: type=1804 audit(1568179988.643:3188): pid=23010 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/474/bus" dev="sda1" ino=16671 res=1 [ 1153.290885][ T26] audit: type=1800 audit(1568179988.643:3189): pid=23010 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16671 res=0 05:33:08 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1153.407378][ T26] audit: type=1804 audit(1568179988.683:3190): pid=23020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/408/bus" dev="sda1" ino=16709 res=1 [ 1153.422719][T23031] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 05:33:09 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x500, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1153.537406][ T26] audit: type=1800 audit(1568179988.683:3191): pid=23020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16709 res=0 [ 1153.646389][T23031] CPU: 1 PID: 23031 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1153.655544][T23031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1153.665622][T23031] Call Trace: [ 1153.669134][T23031] dump_stack+0x172/0x1f0 [ 1153.673498][T23031] dump_header+0x177/0x1152 [ 1153.678024][T23031] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1153.683838][T23031] ? ___ratelimit+0x2c8/0x595 [ 1153.688612][T23031] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1153.694435][T23031] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1153.699742][T23031] ? trace_hardirqs_on+0x67/0x240 [ 1153.704785][T23031] ? pagefault_out_of_memory+0x11c/0x11c [ 1153.710457][T23031] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1153.716265][T23031] ? ___ratelimit+0x60/0x595 [ 1153.720858][T23031] ? do_raw_spin_unlock+0x57/0x270 [ 1153.726005][T23031] oom_kill_process.cold+0x10/0x15 [ 1153.731134][T23031] out_of_memory+0x334/0x1340 [ 1153.735818][T23031] ? lock_downgrade+0x920/0x920 [ 1153.740689][T23031] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1153.746506][T23031] ? oom_killer_disable+0x280/0x280 [ 1153.751722][T23031] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1153.758586][T23031] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1153.764254][T23031] ? do_raw_spin_unlock+0x57/0x270 [ 1153.769467][T23031] ? _raw_spin_unlock+0x2d/0x50 [ 1153.774328][T23031] try_charge+0xf4b/0x1440 [ 1153.778799][T23031] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1153.784352][T23031] ? percpu_ref_tryget_live+0x111/0x290 [ 1153.790786][T23031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.797053][T23031] ? __kasan_check_read+0x11/0x20 [ 1153.802363][T23031] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1153.807928][T23031] mem_cgroup_try_charge+0x136/0x590 [ 1153.813230][T23031] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1153.819510][T23031] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1153.825432][T23031] __handle_mm_fault+0x1e34/0x3f20 [ 1153.831376][T23031] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1153.836951][T23031] ? __kasan_check_read+0x11/0x20 [ 1153.841994][T23031] handle_mm_fault+0x1b5/0x6c0 [ 1153.846858][T23031] __get_user_pages+0x7d4/0x1b30 [ 1153.851804][T23031] ? mark_held_locks+0xf0/0xf0 [ 1153.856680][T23031] ? follow_page_mask+0x1cf0/0x1cf0 [ 1153.861906][T23031] ? __mm_populate+0x270/0x380 [ 1153.866704][T23031] ? memset+0x32/0x40 [ 1153.870800][T23031] populate_vma_page_range+0x20d/0x2a0 [ 1153.876291][T23031] __mm_populate+0x204/0x380 [ 1153.880906][T23031] ? populate_vma_page_range+0x2a0/0x2a0 [ 1153.886572][T23031] ? up_write+0x1c8/0x490 [ 1153.890918][T23031] __x64_sys_mremap+0x7dc/0xb80 [ 1153.895990][T23031] ? mremap_to+0x750/0x750 [ 1153.900534][T23031] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1153.906022][T23031] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1153.911505][T23031] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.917613][T23031] ? do_syscall_64+0x26/0x760 [ 1153.922395][T23031] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1153.927688][T23031] ? trace_hardirqs_on+0x67/0x240 [ 1153.932814][T23031] do_syscall_64+0xfa/0x760 [ 1153.937331][T23031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.943225][T23031] RIP: 0033:0x4598e9 05:33:09 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x0) [ 1153.947305][T23031] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1153.948574][ T26] audit: type=1804 audit(1568179989.423:3192): pid=23058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/719/bus" dev="sda1" ino=16661 res=1 [ 1153.966934][T23031] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1153.966950][T23031] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1153.966956][T23031] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1153.966964][T23031] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1153.966971][T23031] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1153.966979][T23031] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff 05:33:09 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1153.998116][T23031] memory: usage 307036kB, limit 307200kB, failcnt 35667 [ 1154.059798][T23031] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1154.066994][T23031] Memory cgroup stats for /syz4: [ 1154.067096][T23031] anon 301404160 [ 1154.067096][T23031] file 5181440 [ 1154.067096][T23031] kernel_stack 655360 [ 1154.067096][T23031] slab 4198400 [ 1154.067096][T23031] sock 0 [ 1154.067096][T23031] shmem 0 [ 1154.067096][T23031] file_mapped 5001216 [ 1154.067096][T23031] file_dirty 135168 [ 1154.067096][T23031] file_writeback 0 [ 1154.067096][T23031] anon_thp 211812352 [ 1154.067096][T23031] inactive_anon 254898176 [ 1154.067096][T23031] active_anon 4669440 [ 1154.067096][T23031] inactive_file 0 [ 1154.067096][T23031] active_file 155648 [ 1154.067096][T23031] unevictable 47128576 [ 1154.067096][T23031] slab_reclaimable 1486848 [ 1154.067096][T23031] slab_unreclaimable 2711552 [ 1154.067096][T23031] pgfault 1447941 [ 1154.067096][T23031] pgmajfault 594 [ 1154.067096][T23031] workingset_refault 66132 [ 1154.067096][T23031] workingset_activate 18315 [ 1154.067096][T23031] workingset_nodereclaim 0 [ 1154.067096][T23031] pgrefill 91778 [ 1154.067096][T23031] pgscan 120885 [ 1154.385686][T23031] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23014,uid=0 [ 1154.461511][T23031] Memory cgroup out of memory: Killed process 23031 (syz-executor.4) total-vm:72832kB, anon-rss:16484kB, file-rss:43240kB, shmem-rss:0kB, UID:0 pgtables:180224kB oom_score_adj:1000 [ 1154.497824][T23042] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1154.534258][T23042] CPU: 1 PID: 23042 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1154.543409][T23042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.553569][T23042] Call Trace: [ 1154.556965][T23042] dump_stack+0x172/0x1f0 [ 1154.561396][T23042] dump_header+0x177/0x1152 [ 1154.565930][T23042] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1154.572277][T23042] ? ___ratelimit+0x2c8/0x595 [ 1154.577148][T23042] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1154.583062][T23042] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1154.588373][T23042] ? trace_hardirqs_on+0x67/0x240 [ 1154.593425][T23042] ? pagefault_out_of_memory+0x11c/0x11c [ 1154.599077][T23042] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1154.604923][T23042] ? ___ratelimit+0x60/0x595 [ 1154.609559][T23042] ? do_raw_spin_unlock+0x57/0x270 [ 1154.615473][T23042] oom_kill_process.cold+0x10/0x15 [ 1154.620693][T23042] out_of_memory+0x334/0x1340 [ 1154.625379][T23042] ? lock_downgrade+0x920/0x920 [ 1154.630244][T23042] ? oom_killer_disable+0x280/0x280 [ 1154.635895][T23042] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1154.641459][T23042] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1154.648037][T23042] ? do_raw_spin_unlock+0x57/0x270 [ 1154.653165][T23042] ? _raw_spin_unlock+0x2d/0x50 [ 1154.658294][T23042] try_charge+0xf4b/0x1440 [ 1154.662739][T23042] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1154.668317][T23042] ? percpu_ref_tryget_live+0x111/0x290 [ 1154.673977][T23042] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.680372][T23042] ? __kasan_check_read+0x11/0x20 [ 1154.685504][T23042] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1154.691060][T23042] mem_cgroup_try_charge+0x136/0x590 [ 1154.696360][T23042] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1154.702632][T23042] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1154.708287][T23042] __handle_mm_fault+0x1e34/0x3f20 [ 1154.713425][T23042] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1154.719008][T23042] ? __kasan_check_read+0x11/0x20 [ 1154.724672][T23042] handle_mm_fault+0x1b5/0x6c0 [ 1154.729447][T23042] __do_page_fault+0x536/0xdd0 [ 1154.734256][T23042] do_page_fault+0x38/0x590 [ 1154.738770][T23042] page_fault+0x39/0x40 [ 1154.742924][T23042] RIP: 0033:0x41122f [ 1154.747014][T23042] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1154.766882][T23042] RSP: 002b:00007ffc960a1440 EFLAGS: 00010206 [ 1154.772978][T23042] RAX: 00007fb972f47000 RBX: 0000000000020000 RCX: 000000000045993a 05:33:10 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x600, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1154.781060][T23042] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1154.789465][T23042] RBP: 00007ffc960a1520 R08: ffffffffffffffff R09: 0000000000000000 [ 1154.797438][T23042] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc960a1610 [ 1154.805413][T23042] R13: 00007fb972f67700 R14: 0000000000000002 R15: 000000000075c07c 05:33:10 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:33:10 executing program 4: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1154.952803][T23042] memory: usage 307200kB, limit 307200kB, failcnt 18767 [ 1155.019313][T23042] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1155.057016][T23042] Memory cgroup stats for /syz0: [ 1155.057141][T23042] anon 298074112 [ 1155.057141][T23042] file 5607424 [ 1155.057141][T23042] kernel_stack 851968 [ 1155.057141][T23042] slab 6225920 [ 1155.057141][T23042] sock 0 [ 1155.057141][T23042] shmem 0 [ 1155.057141][T23042] file_mapped 5541888 [ 1155.057141][T23042] file_dirty 0 [ 1155.057141][T23042] file_writeback 0 [ 1155.057141][T23042] anon_thp 50331648 [ 1155.057141][T23042] inactive_anon 270057472 [ 1155.057141][T23042] active_anon 1486848 [ 1155.057141][T23042] inactive_file 49152 [ 1155.057141][T23042] active_file 98304 [ 1155.057141][T23042] unevictable 32145408 [ 1155.057141][T23042] slab_reclaimable 1757184 [ 1155.057141][T23042] slab_unreclaimable 4468736 [ 1155.057141][T23042] pgfault 1110252 [ 1155.057141][T23042] pgmajfault 165 [ 1155.057141][T23042] workingset_refault 29436 [ 1155.057141][T23042] workingset_activate 1980 [ 1155.057141][T23042] workingset_nodereclaim 0 [ 1155.057141][T23042] pgrefill 36875 [ 1155.057141][T23042] pgscan 57400 [ 1155.057141][T23042] pgsteal 37228 [ 1155.154124][ T26] audit: type=1804 audit(1568179990.533:3193): pid=23068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/409/bus" dev="sda1" ino=16711 res=1 [ 1155.157422][T23042] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23042,uid=0 [ 1155.220990][ T26] audit: type=1800 audit(1568179990.533:3194): pid=23068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16711 res=0 [ 1155.392726][T23042] Memory cgroup out of memory: Killed process 23042 (syz-executor.0) total-vm:72840kB, anon-rss:17856kB, file-rss:39288kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 05:33:10 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x700, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1155.472275][ T1065] oom_reaper: reaped process 23042 (syz-executor.0), now anon-rss:17848kB, file-rss:40600kB, shmem-rss:0kB [ 1155.667340][ T26] audit: type=1804 audit(1568179991.133:3195): pid=23105 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/486/bus" dev="sda1" ino=16746 res=1 05:33:11 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:33:11 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x200000, 0x0) pwrite64(r0, &(0x7f0000000000)="c1e0f902afd33c1f15bac3ee27738afdf6666b", 0x13, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r2, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r2, 0x0, 0x0, 0x1000f4) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r2, r3, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4) recvfrom$rxrpc(r2, &(0x7f0000000040)=""/82, 0x52, 0x10230, &(0x7f0000000140)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e24, 0x0, @mcast2, 0x9}}, 0x24) 05:33:11 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x900, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:11 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x0) [ 1156.219120][T23105] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1156.338314][T23105] CPU: 1 PID: 23105 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1156.347557][T23105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1156.357625][T23105] Call Trace: [ 1156.360940][T23105] dump_stack+0x172/0x1f0 [ 1156.365287][T23105] dump_header+0x177/0x1152 [ 1156.369812][T23105] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1156.375631][T23105] ? ___ratelimit+0x2c8/0x595 [ 1156.380335][T23105] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1156.386241][T23105] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1156.391533][T23105] ? trace_hardirqs_on+0x67/0x240 [ 1156.396566][T23105] ? pagefault_out_of_memory+0x11c/0x11c [ 1156.402212][T23105] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1156.408137][T23105] ? ___ratelimit+0x60/0x595 [ 1156.413036][T23105] ? do_raw_spin_unlock+0x57/0x270 [ 1156.418166][T23105] oom_kill_process.cold+0x10/0x15 [ 1156.423308][T23105] out_of_memory+0x334/0x1340 [ 1156.427994][T23105] ? lock_downgrade+0x920/0x920 [ 1156.432869][T23105] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1156.438691][T23105] ? oom_killer_disable+0x280/0x280 [ 1156.444175][T23105] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1156.449740][T23105] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1156.455419][T23105] ? do_raw_spin_unlock+0x57/0x270 [ 1156.461760][T23105] ? _raw_spin_unlock+0x2d/0x50 [ 1156.466630][T23105] try_charge+0xf4b/0x1440 [ 1156.471594][T23105] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1156.477153][T23105] ? percpu_ref_tryget_live+0x111/0x290 [ 1156.482718][T23105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1156.490789][T23105] ? __kasan_check_read+0x11/0x20 [ 1156.495936][T23105] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1156.501595][T23105] mem_cgroup_try_charge+0x136/0x590 [ 1156.506901][T23105] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1156.513243][T23105] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1156.518904][T23105] __handle_mm_fault+0x1e34/0x3f20 [ 1156.524048][T23105] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1156.529634][T23105] ? __kasan_check_read+0x11/0x20 [ 1156.534684][T23105] handle_mm_fault+0x1b5/0x6c0 [ 1156.539553][T23105] __get_user_pages+0x7d4/0x1b30 [ 1156.544503][T23105] ? mark_held_locks+0xf0/0xf0 [ 1156.549294][T23105] ? follow_page_mask+0x1cf0/0x1cf0 [ 1156.554621][T23105] ? __mm_populate+0x270/0x380 [ 1156.559414][T23105] ? memset+0x32/0x40 [ 1156.563509][T23105] populate_vma_page_range+0x20d/0x2a0 [ 1156.569004][T23105] __mm_populate+0x204/0x380 [ 1156.573613][T23105] ? populate_vma_page_range+0x2a0/0x2a0 [ 1156.579817][T23105] ? up_write+0x1c8/0x490 [ 1156.584164][T23105] __x64_sys_mremap+0x7dc/0xb80 [ 1156.589037][T23105] ? mremap_to+0x750/0x750 [ 1156.593643][T23105] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1156.599111][T23105] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1156.604584][T23105] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1156.610659][T23105] ? do_syscall_64+0x26/0x760 [ 1156.615468][T23105] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1156.620945][T23105] ? trace_hardirqs_on+0x67/0x240 [ 1156.625993][T23105] do_syscall_64+0xfa/0x760 [ 1156.630522][T23105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1156.637034][T23105] RIP: 0033:0x4598e9 [ 1156.640942][T23105] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1156.660654][T23105] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1156.669095][T23105] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1156.677087][T23105] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1156.685287][T23105] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1156.693499][T23105] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1156.701630][T23105] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1156.897433][T23105] memory: usage 307108kB, limit 307200kB, failcnt 36046 [ 1156.910691][T23105] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1156.927051][T23105] Memory cgroup stats for /syz4: [ 1156.927173][T23105] anon 301318144 [ 1156.927173][T23105] file 5246976 [ 1156.927173][T23105] kernel_stack 655360 [ 1156.927173][T23105] slab 4198400 [ 1156.927173][T23105] sock 0 [ 1156.927173][T23105] shmem 0 [ 1156.927173][T23105] file_mapped 5136384 [ 1156.927173][T23105] file_dirty 135168 [ 1156.927173][T23105] file_writeback 0 [ 1156.927173][T23105] anon_thp 216006656 [ 1156.927173][T23105] inactive_anon 256868352 [ 1156.927173][T23105] active_anon 4669440 [ 1156.927173][T23105] inactive_file 0 [ 1156.927173][T23105] active_file 40960 [ 1156.927173][T23105] unevictable 44953600 [ 1156.927173][T23105] slab_reclaimable 1486848 [ 1156.927173][T23105] slab_unreclaimable 2711552 05:33:12 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1156.927173][T23105] pgfault 1452792 [ 1156.927173][T23105] pgmajfault 594 [ 1156.927173][T23105] workingset_refault 66693 [ 1156.927173][T23105] workingset_activate 18678 [ 1156.927173][T23105] workingset_nodereclaim 0 [ 1156.927173][T23105] pgrefill 92301 [ 1156.927173][T23105] pgscan 121429 [ 1157.067741][T23105] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23086,uid=0 [ 1157.088818][T23105] Memory cgroup out of memory: Killed process 23105 (syz-executor.4) total-vm:72832kB, anon-rss:16416kB, file-rss:43304kB, shmem-rss:0kB, UID:0 pgtables:180224kB oom_score_adj:1000 05:33:12 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x1020, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1157.167122][ T1065] oom_reaper: reaped process 23105 (syz-executor.4), now anon-rss:16400kB, file-rss:43304kB, shmem-rss:0kB [ 1157.167180][T23118] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1157.214565][T23118] CPU: 1 PID: 23118 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1157.225638][T23118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1157.235706][T23118] Call Trace: [ 1157.239010][T23118] dump_stack+0x172/0x1f0 [ 1157.243351][T23118] dump_header+0x177/0x1152 [ 1157.247865][T23118] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1157.253676][T23118] ? ___ratelimit+0x2c8/0x595 [ 1157.258355][T23118] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1157.264178][T23118] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1157.269493][T23118] ? trace_hardirqs_on+0x67/0x240 [ 1157.274659][T23118] ? pagefault_out_of_memory+0x11c/0x11c [ 1157.280299][T23118] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1157.286331][T23118] ? ___ratelimit+0x60/0x595 [ 1157.290925][T23118] ? do_raw_spin_unlock+0x57/0x270 [ 1157.296131][T23118] oom_kill_process.cold+0x10/0x15 [ 1157.301256][T23118] out_of_memory+0x334/0x1340 [ 1157.305956][T23118] ? lock_downgrade+0x920/0x920 [ 1157.312739][T23118] ? oom_killer_disable+0x280/0x280 [ 1157.317952][T23118] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1157.323500][T23118] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1157.329142][T23118] ? do_raw_spin_unlock+0x57/0x270 [ 1157.334264][T23118] ? _raw_spin_unlock+0x2d/0x50 [ 1157.339215][T23118] try_charge+0xf4b/0x1440 [ 1157.343652][T23118] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1157.349203][T23118] ? find_held_lock+0x35/0x130 [ 1157.353978][T23118] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1157.359540][T23118] ? lock_downgrade+0x920/0x920 [ 1157.364412][T23118] ? percpu_ref_tryget_live+0x111/0x290 [ 1157.369968][T23118] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1157.375463][T23118] ? memcg_kmem_put_cache+0x50/0x50 [ 1157.380672][T23118] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1157.386226][T23118] __memcg_kmem_charge+0x13a/0x3a0 [ 1157.391341][T23118] __alloc_pages_nodemask+0x4f7/0x900 [ 1157.396720][T23118] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1157.402271][T23118] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1157.407993][T23118] ? percpu_ref_put_many+0xb6/0x190 [ 1157.413204][T23118] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1157.418496][T23118] ? trace_hardirqs_on+0x67/0x240 [ 1157.423523][T23118] ? __kasan_check_read+0x11/0x20 [ 1157.428558][T23118] copy_process+0x3f8/0x6830 [ 1157.433157][T23118] ? psi_memstall_leave+0x12e/0x180 [ 1157.438375][T23118] ? __cleanup_sighand+0x60/0x60 [ 1157.443317][T23118] ? __kasan_check_read+0x11/0x20 [ 1157.448366][T23118] ? __lock_acquire+0x8a0/0x4a00 [ 1157.453305][T23118] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1157.458515][T23118] _do_fork+0x146/0xfa0 05:33:12 executing program 4: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1157.462677][T23118] ? copy_init_mm+0x20/0x20 [ 1157.467194][T23118] ? lock_downgrade+0x920/0x920 [ 1157.472058][T23118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1157.478320][T23118] __x64_sys_clone+0x1ab/0x270 [ 1157.483093][T23118] ? __ia32_sys_vfork+0xd0/0xd0 [ 1157.487954][T23118] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 1157.493602][T23118] ? mem_cgroup_handle_over_high+0x21b/0x2a0 [ 1157.499595][T23118] ? do_syscall_64+0x26/0x760 [ 1157.504282][T23118] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1157.509574][T23118] ? trace_hardirqs_on+0x67/0x240 05:33:12 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1157.514603][T23118] do_syscall_64+0xfa/0x760 [ 1157.519118][T23118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1157.525008][T23118] RIP: 0033:0x45c2b9 [ 1157.528907][T23118] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1157.548521][T23118] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1157.556940][T23118] RAX: ffffffffffffffda RBX: 00007fb972f88700 RCX: 000000000045c2b9 [ 1157.564916][T23118] RDX: 00007fb972f889d0 RSI: 00007fb972f87db0 RDI: 00000000003d0f00 [ 1157.572880][T23118] RBP: 00007ffc960a1610 R08: 00007fb972f88700 R09: 00007fb972f88700 [ 1157.580839][T23118] R10: 00007fb972f889d0 R11: 0000000000000202 R12: 0000000000000000 [ 1157.588795][T23118] R13: 00007ffc960a14af R14: 00007fb972f889c0 R15: 000000000075bfd4 [ 1157.601425][T23118] memory: usage 307200kB, limit 307200kB, failcnt 18932 [ 1157.608584][T23118] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1157.615646][T23118] Memory cgroup stats for /syz0: [ 1157.615761][T23118] anon 297938944 [ 1157.615761][T23118] file 5607424 [ 1157.615761][T23118] kernel_stack 851968 [ 1157.615761][T23118] slab 6090752 [ 1157.615761][T23118] sock 0 [ 1157.615761][T23118] shmem 0 [ 1157.615761][T23118] file_mapped 5541888 [ 1157.615761][T23118] file_dirty 0 [ 1157.615761][T23118] file_writeback 0 [ 1157.615761][T23118] anon_thp 46137344 [ 1157.615761][T23118] inactive_anon 269983744 [ 1157.615761][T23118] active_anon 1486848 [ 1157.615761][T23118] inactive_file 0 [ 1157.615761][T23118] active_file 98304 [ 1157.615761][T23118] unevictable 32243712 [ 1157.615761][T23118] slab_reclaimable 1622016 [ 1157.615761][T23118] slab_unreclaimable 4468736 [ 1157.615761][T23118] pgfault 1114839 [ 1157.615761][T23118] pgmajfault 198 [ 1157.615761][T23118] workingset_refault 29535 [ 1157.615761][T23118] workingset_activate 1980 [ 1157.615761][T23118] workingset_nodereclaim 0 [ 1157.615761][T23118] pgrefill 36875 [ 1157.615761][T23118] pgscan 57468 [ 1157.615761][T23118] pgsteal 37296 [ 1157.713543][T23118] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23118,uid=0 [ 1157.851490][T23118] Memory cgroup out of memory: Killed process 23118 (syz-executor.0) total-vm:72708kB, anon-rss:17852kB, file-rss:40676kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1157.904497][ T1065] oom_reaper: reaped process 23118 (syz-executor.0), now anon-rss:17844kB, file-rss:40676kB, shmem-rss:0kB 05:33:13 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x2000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:13 executing program 0: mlockall(0x1) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0xd0804, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r1, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) connect$l2tp(r0, &(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @remote}, 0x4, 0x1, 0x3, 0x3}}, 0x2e) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r3, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r3, 0x0, 0x0, 0x1000f4) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r3, r4, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000200)=r3, 0x4) ioctl$VIDIOC_G_CTRL(r4, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) pipe2(&(0x7f0000000180), 0x40000) ioctl$KDSKBMODE(r4, 0x4b45, &(0x7f0000000000)=0x411) fallocate(r2, 0x0, 0x0, 0x1000f4) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r2, r5, 0x0, 0x8000fffffffe) [ 1158.433164][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 1158.433179][ T26] audit: type=1804 audit(1568179993.903:3202): pid=23170 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/487/bus" dev="sda1" ino=16749 res=1 05:33:14 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1158.550603][ T26] audit: type=1800 audit(1568179993.933:3203): pid=23170 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16749 res=0 05:33:14 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x2010, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:14 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x0) [ 1158.935631][T23167] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1159.044246][T23167] CPU: 0 PID: 23167 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1159.053433][T23167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1159.063502][T23167] Call Trace: [ 1159.066825][T23167] dump_stack+0x172/0x1f0 [ 1159.071173][T23167] dump_header+0x177/0x1152 [ 1159.075701][T23167] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1159.081519][T23167] ? ___ratelimit+0x2c8/0x595 [ 1159.086211][T23167] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1159.092029][T23167] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1159.097325][T23167] ? trace_hardirqs_on+0x67/0x240 [ 1159.102371][T23167] ? pagefault_out_of_memory+0x11c/0x11c [ 1159.108024][T23167] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1159.113840][T23167] ? ___ratelimit+0x60/0x595 [ 1159.118436][T23167] ? do_raw_spin_unlock+0x57/0x270 [ 1159.123557][T23167] oom_kill_process.cold+0x10/0x15 [ 1159.128680][T23167] out_of_memory+0x334/0x1340 [ 1159.133367][T23167] ? lock_downgrade+0x920/0x920 [ 1159.138228][T23167] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1159.144051][T23167] ? oom_killer_disable+0x280/0x280 [ 1159.149269][T23167] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1159.154825][T23167] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1159.160478][T23167] ? do_raw_spin_unlock+0x57/0x270 [ 1159.165603][T23167] ? _raw_spin_unlock+0x2d/0x50 [ 1159.170466][T23167] try_charge+0xf4b/0x1440 [ 1159.174896][T23167] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1159.180438][T23167] ? percpu_ref_tryget_live+0x111/0x290 [ 1159.185989][T23167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1159.192238][T23167] ? __kasan_check_read+0x11/0x20 [ 1159.197283][T23167] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1159.202837][T23167] mem_cgroup_try_charge+0x136/0x590 [ 1159.208135][T23167] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1159.214385][T23167] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1159.220033][T23167] __handle_mm_fault+0x1e34/0x3f20 [ 1159.225165][T23167] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1159.230725][T23167] ? __kasan_check_read+0x11/0x20 [ 1159.235762][T23167] handle_mm_fault+0x1b5/0x6c0 [ 1159.240532][T23167] __do_page_fault+0x536/0xdd0 [ 1159.245321][T23167] do_page_fault+0x38/0x590 [ 1159.249843][T23167] page_fault+0x39/0x40 [ 1159.254036][T23167] RIP: 0033:0x45c29d [ 1159.257941][T23167] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1159.277577][T23167] RSP: 002b:00007ffc960a13f8 EFLAGS: 00010202 [ 1159.283655][T23167] RAX: ffffffffffffffea RBX: 00007fb972f67700 RCX: 00007fb972f67700 05:33:14 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(0x0, 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1159.291640][T23167] RDX: 00000000003d0f00 RSI: 00007fb972f66db0 RDI: 0000000000410620 [ 1159.299631][T23167] RBP: 00007ffc960a1610 R08: 00007fb972f679d0 R09: 00007fb972f67700 [ 1159.307629][T23167] R10: 00007fb972f66dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1159.315614][T23167] R13: 00007ffc960a14af R14: 00007fb972f679c0 R15: 000000000075c07c [ 1159.327583][T23167] memory: usage 307200kB, limit 307200kB, failcnt 19100 [ 1159.337461][T23167] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1159.353590][ T26] audit: type=1804 audit(1568179994.823:3204): pid=23177 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/722/bus" dev="sda1" ino=16677 res=1 [ 1159.356198][T23167] Memory cgroup stats for /syz0: [ 1159.356312][T23167] anon 298000384 [ 1159.356312][T23167] file 5877760 [ 1159.356312][T23167] kernel_stack 851968 [ 1159.356312][T23167] slab 5955584 [ 1159.356312][T23167] sock 0 [ 1159.356312][T23167] shmem 0 [ 1159.356312][T23167] file_mapped 5677056 [ 1159.356312][T23167] file_dirty 0 [ 1159.356312][T23167] file_writeback 0 [ 1159.356312][T23167] anon_thp 52428800 [ 1159.356312][T23167] inactive_anon 269848576 [ 1159.356312][T23167] active_anon 1486848 [ 1159.356312][T23167] inactive_file 49152 [ 1159.356312][T23167] active_file 98304 [ 1159.356312][T23167] unevictable 32247808 [ 1159.356312][T23167] slab_reclaimable 1486848 [ 1159.356312][T23167] slab_unreclaimable 4468736 [ 1159.356312][T23167] pgfault 1117875 [ 1159.356312][T23167] pgmajfault 198 [ 1159.356312][T23167] workingset_refault 29601 [ 1159.356312][T23167] workingset_activate 1980 [ 1159.356312][T23167] workingset_nodereclaim 0 [ 1159.356312][T23167] pgrefill 36908 [ 1159.356312][T23167] pgscan 57668 [ 1159.356312][T23167] pgsteal 37330 [ 1159.409130][T23167] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23167,uid=0 [ 1159.519966][T23167] Memory cgroup out of memory: Killed process 23167 (syz-executor.0) total-vm:72840kB, anon-rss:17856kB, file-rss:38200kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1159.549483][ T26] audit: type=1800 audit(1568179994.823:3205): pid=23177 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16677 res=0 [ 1159.571359][ T1065] oom_reaper: reaped process 23167 (syz-executor.0), now anon-rss:17844kB, file-rss:40732kB, shmem-rss:0kB 05:33:15 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x3f00, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:15 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x9e, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:33:15 executing program 4 (fault-call:5 fault-nth:0): openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1160.022069][ T26] audit: type=1804 audit(1568179995.493:3206): pid=23190 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/411/bus" dev="sda1" ino=16751 res=1 05:33:15 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x4000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1160.165241][ T26] audit: type=1800 audit(1568179995.523:3207): pid=23190 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16751 res=0 05:33:16 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1160.622525][ T26] audit: type=1804 audit(1568179996.093:3208): pid=23229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/488/bus" dev="sda1" ino=16606 res=1 [ 1160.633573][T23229] FAULT_INJECTION: forcing a failure. [ 1160.633573][T23229] name failslab, interval 1, probability 0, space 0, times 0 [ 1160.742126][ T26] audit: type=1800 audit(1568179996.093:3209): pid=23229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16606 res=0 [ 1160.757959][T23216] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 05:33:16 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xedc0, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1160.845581][ T26] audit: type=1804 audit(1568179996.233:3210): pid=23238 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/639/bus" dev="sda1" ino=16666 res=1 [ 1160.917525][T23216] CPU: 1 PID: 23216 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1160.926796][T23216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1160.937226][T23216] Call Trace: [ 1160.940546][T23216] dump_stack+0x172/0x1f0 [ 1160.944899][T23216] dump_header+0x177/0x1152 [ 1160.949558][T23216] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1160.955717][T23216] ? ___ratelimit+0x2c8/0x595 [ 1160.960401][T23216] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1160.966222][T23216] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1160.971521][T23216] ? trace_hardirqs_on+0x67/0x240 [ 1160.976552][T23216] ? pagefault_out_of_memory+0x11c/0x11c [ 1160.982196][T23216] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1160.983072][ T26] audit: type=1800 audit(1568179996.233:3211): pid=23238 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16666 res=0 [ 1160.988134][T23216] ? ___ratelimit+0x60/0x595 [ 1160.988149][T23216] ? do_raw_spin_unlock+0x57/0x270 [ 1160.988168][T23216] oom_kill_process.cold+0x10/0x15 [ 1160.988183][T23216] out_of_memory+0x334/0x1340 [ 1160.988197][T23216] ? lock_downgrade+0x920/0x920 [ 1160.988216][T23216] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1160.988231][T23216] ? oom_killer_disable+0x280/0x280 [ 1160.988255][T23216] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1160.988269][T23216] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1160.988286][T23216] ? do_raw_spin_unlock+0x57/0x270 [ 1160.988306][T23216] ? _raw_spin_unlock+0x2d/0x50 05:33:16 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1161.066834][T23216] try_charge+0xf4b/0x1440 [ 1161.071273][T23216] ? lockdep_hardirqs_on+0x3e0/0x5d0 [ 1161.076952][T23216] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1161.082517][T23216] ? find_held_lock+0x35/0x130 [ 1161.087293][T23216] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1161.092853][T23216] ? lock_downgrade+0x920/0x920 [ 1161.097716][T23216] ? percpu_ref_tryget_live+0x111/0x290 [ 1161.103462][T23216] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1161.108934][T23216] ? memcg_kmem_put_cache+0x50/0x50 [ 1161.114141][T23216] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1161.119683][T23216] __memcg_kmem_charge+0x13a/0x3a0 [ 1161.119701][T23216] __alloc_pages_nodemask+0x4f7/0x900 [ 1161.119717][T23216] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1161.119730][T23216] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1161.119743][T23216] ? percpu_ref_put_many+0xb6/0x190 [ 1161.119762][T23216] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1161.146880][T23216] ? trace_hardirqs_on+0x67/0x240 [ 1161.146897][T23216] ? __kasan_check_read+0x11/0x20 [ 1161.146917][T23216] copy_process+0x3f8/0x6830 [ 1161.146936][T23216] ? psi_memstall_leave+0x12e/0x180 [ 1161.172026][T23216] ? __cleanup_sighand+0x60/0x60 [ 1161.176978][T23216] ? __kasan_check_read+0x11/0x20 [ 1161.182011][T23216] ? __lock_acquire+0x8a0/0x4a00 [ 1161.186952][T23216] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1161.192181][T23216] _do_fork+0x146/0xfa0 [ 1161.196341][T23216] ? copy_init_mm+0x20/0x20 [ 1161.200988][T23216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1161.207232][T23216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1161.213596][T23216] ? debug_smp_processor_id+0x3c/0x214 05:33:16 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x0) [ 1161.219160][T23216] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1161.225329][T23216] __x64_sys_clone+0x1ab/0x270 [ 1161.230118][T23216] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1161.236107][T23216] ? __ia32_sys_vfork+0xd0/0xd0 [ 1161.240972][T23216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1161.247233][T23216] ? do_syscall_64+0x26/0x760 [ 1161.251931][T23216] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1161.257231][T23216] ? trace_hardirqs_on+0x67/0x240 [ 1161.262259][T23216] do_syscall_64+0xfa/0x760 [ 1161.262320][T23216] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1161.273387][T23216] RIP: 0033:0x45c2b9 [ 1161.273403][T23216] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1161.273410][T23216] RSP: 002b:00007ffe7a181cd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1161.273421][T23216] RAX: ffffffffffffffda RBX: 00007fc354374700 RCX: 000000000045c2b9 [ 1161.273428][T23216] RDX: 00007fc3543749d0 RSI: 00007fc354373db0 RDI: 00000000003d0f00 [ 1161.273435][T23216] RBP: 00007ffe7a181ef0 R08: 00007fc354374700 R09: 00007fc354374700 [ 1161.273442][T23216] R10: 00007fc3543749d0 R11: 0000000000000202 R12: 0000000000000000 [ 1161.273448][T23216] R13: 00007ffe7a181d8f R14: 00007fc3543749c0 R15: 000000000075c124 [ 1161.608600][T23229] CPU: 0 PID: 23229 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1161.617758][T23229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1161.627917][T23229] Call Trace: [ 1161.631234][T23229] dump_stack+0x172/0x1f0 [ 1161.635590][T23229] should_fail.cold+0xa/0x15 [ 1161.640294][T23229] ? fault_create_debugfs_attr+0x180/0x180 [ 1161.646128][T23229] ? ___might_sleep+0x163/0x280 [ 1161.651004][T23229] __should_failslab+0x121/0x190 [ 1161.655962][T23229] should_failslab+0x9/0x14 [ 1161.660485][T23229] kmem_cache_alloc_trace+0x2d3/0x790 [ 1161.665874][T23229] ? __kasan_check_read+0x11/0x20 [ 1161.671439][T23229] alloc_pipe_info+0xb9/0x420 [ 1161.676427][T23229] splice_direct_to_actor+0x76b/0x970 [ 1161.681846][T23229] ? common_file_perm+0x238/0x720 [ 1161.686907][T23229] ? __lock_acquire+0x16f2/0x4a00 [ 1161.691959][T23229] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1161.697625][T23229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1161.703918][T23229] ? do_splice_to+0x180/0x180 [ 1161.708618][T23229] ? rw_verify_area+0x126/0x360 [ 1161.713663][T23229] do_splice_direct+0x1da/0x2a0 [ 1161.718538][T23229] ? splice_direct_to_actor+0x970/0x970 [ 1161.724097][T23229] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1161.729790][T23229] ? __this_cpu_preempt_check+0x3a/0x210 [ 1161.735961][T23229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1161.742224][T23229] ? __sb_start_write+0x1e5/0x460 [ 1161.747265][T23229] do_sendfile+0x597/0xd00 [ 1161.751707][T23229] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1161.757006][T23229] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1161.763265][T23229] ? fput+0x1b/0x20 [ 1161.767091][T23229] __x64_sys_sendfile64+0x1dd/0x220 [ 1161.772300][T23229] ? __ia32_sys_sendfile+0x230/0x230 [ 1161.777603][T23229] ? do_syscall_64+0x26/0x760 [ 1161.782295][T23229] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1161.787619][T23229] ? trace_hardirqs_on+0x67/0x240 [ 1161.793648][T23229] do_syscall_64+0xfa/0x760 [ 1161.793675][T23229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1161.793687][T23229] RIP: 0033:0x4598e9 [ 1161.793708][T23229] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1161.828213][T23229] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1161.837161][T23229] RAX: ffffffffffffffda RBX: 00007fc3543b5c90 RCX: 00000000004598e9 [ 1161.845671][T23229] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1161.853739][T23229] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1161.861718][T23229] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1161.869875][T23229] R13: 00000000004c709e R14: 00000000004dc750 R15: 0000000000000005 [ 1161.903141][T23216] memory: usage 307112kB, limit 307200kB, failcnt 36662 [ 1161.913343][T23216] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1161.927037][T23216] Memory cgroup stats for /syz4: [ 1161.927149][T23216] anon 302772224 [ 1161.927149][T23216] file 3989504 [ 1161.927149][T23216] kernel_stack 655360 [ 1161.927149][T23216] slab 3928064 [ 1161.927149][T23216] sock 0 [ 1161.927149][T23216] shmem 0 [ 1161.927149][T23216] file_mapped 3919872 [ 1161.927149][T23216] file_dirty 135168 [ 1161.927149][T23216] file_writeback 0 [ 1161.927149][T23216] anon_thp 211812352 [ 1161.927149][T23216] inactive_anon 254775296 [ 1161.927149][T23216] active_anon 4669440 [ 1161.927149][T23216] inactive_file 69632 [ 1161.927149][T23216] active_file 45056 [ 1161.927149][T23216] unevictable 47353856 [ 1161.927149][T23216] slab_reclaimable 1351680 [ 1161.927149][T23216] slab_unreclaimable 2576384 [ 1161.927149][T23216] pgfault 1463616 [ 1161.927149][T23216] pgmajfault 594 [ 1161.927149][T23216] workingset_refault 67947 [ 1161.927149][T23216] workingset_activate 19008 [ 1161.927149][T23216] workingset_nodereclaim 0 [ 1161.927149][T23216] pgrefill 93788 [ 1161.927149][T23216] pgscan 123504 [ 1162.040885][T23216] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 1162.040897][T23216] ,cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23216,uid=0 [ 1162.066773][T23216] Memory cgroup out of memory: Killed process 23216 (syz-executor.4) total-vm:72972kB, anon-rss:17820kB, file-rss:40692kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1162.094123][ T1065] oom_reaper: reaped process 23216 (syz-executor.4), now anon-rss:17796kB, file-rss:41160kB, shmem-rss:0kB [ 1162.126390][T23238] syz-executor.0 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1162.167598][T23238] CPU: 1 PID: 23238 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1162.176751][T23238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1162.186820][T23238] Call Trace: [ 1162.190125][T23238] dump_stack+0x172/0x1f0 [ 1162.194470][T23238] dump_header+0x177/0x1152 [ 1162.199682][T23238] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1162.205491][T23238] ? ___ratelimit+0x2c8/0x595 [ 1162.210171][T23238] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1162.216507][T23238] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1162.221800][T23238] ? trace_hardirqs_on+0x67/0x240 [ 1162.226832][T23238] ? pagefault_out_of_memory+0x11c/0x11c [ 1162.232649][T23238] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1162.238465][T23238] ? ___ratelimit+0x60/0x595 [ 1162.243072][T23238] ? do_raw_spin_unlock+0x57/0x270 [ 1162.248221][T23238] oom_kill_process.cold+0x10/0x15 [ 1162.253342][T23238] out_of_memory+0x334/0x1340 [ 1162.258169][T23238] ? lock_downgrade+0x920/0x920 [ 1162.263040][T23238] ? oom_killer_disable+0x280/0x280 [ 1162.268524][T23238] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1162.274108][T23238] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1162.280545][T23238] ? do_raw_spin_unlock+0x57/0x270 [ 1162.285671][T23238] ? _raw_spin_unlock+0x2d/0x50 [ 1162.290541][T23238] try_charge+0xf4b/0x1440 [ 1162.295105][T23238] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1162.300681][T23238] ? percpu_ref_tryget_live+0x111/0x290 [ 1162.306244][T23238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1162.312673][T23238] ? __kasan_check_read+0x11/0x20 [ 1162.317717][T23238] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1162.323277][T23238] mem_cgroup_try_charge+0x136/0x590 [ 1162.329033][T23238] __add_to_page_cache_locked+0x43f/0xec0 [ 1162.334765][T23238] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1162.340876][T23238] ? __kasan_check_read+0x11/0x20 [ 1162.345926][T23238] ? unaccount_page_cache_page+0xda0/0xda0 [ 1162.351738][T23238] ? __alloc_pages_nodemask+0x658/0x900 [ 1162.357296][T23238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1162.363548][T23238] ? xas_start+0x166/0x560 [ 1162.368066][T23238] ? shadow_lru_isolate+0x430/0x430 [ 1162.373291][T23238] add_to_page_cache_lru+0x1d8/0x790 [ 1162.378591][T23238] ? add_to_page_cache_locked+0x40/0x40 [ 1162.384328][T23238] ? __page_cache_alloc+0x116/0x490 [ 1162.389533][T23238] pagecache_get_page+0x3be/0x900 [ 1162.394619][T23238] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1162.400182][T23238] grab_cache_page_write_begin+0x75/0xb0 [ 1162.405828][T23238] ext4_da_write_begin+0x2ec/0xb80 [ 1162.410957][T23238] ? rcu_lockdep_current_cpu_online+0xe3/0x130 05:33:17 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1162.417500][T23238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1162.423846][T23238] ? ext4_write_begin+0xd20/0xd20 [ 1162.428999][T23238] ? iov_iter_zero+0xfa0/0xfa0 [ 1162.433779][T23238] generic_perform_write+0x23b/0x540 [ 1162.439108][T23238] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1162.447186][T23238] ? current_time+0x140/0x140 [ 1162.451882][T23238] ? generic_write_check_limits.isra.0+0x270/0x270 [ 1162.458516][T23238] __generic_file_write_iter+0x25e/0x630 05:33:17 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1162.464169][T23238] ext4_file_write_iter+0x317/0x13c0 [ 1162.469481][T23238] ? ext4_release_file+0x380/0x380 [ 1162.474619][T23238] ? __kasan_check_read+0x11/0x20 [ 1162.480702][T23238] ? __lock_acquire+0x16f2/0x4a00 [ 1162.485750][T23238] ? __kasan_check_read+0x11/0x20 [ 1162.490783][T23238] ? mark_lock+0xc2/0x1220 [ 1162.495215][T23238] do_iter_readv_writev+0x5f8/0x8f0 [ 1162.500429][T23238] ? no_seek_end_llseek_size+0x70/0x70 [ 1162.505911][T23238] ? apparmor_file_permission+0x25/0x30 [ 1162.511482][T23238] ? rw_verify_area+0x126/0x360 [ 1162.516355][T23238] do_iter_write+0x184/0x610 [ 1162.520976][T23238] ? __kmalloc+0x608/0x770 [ 1162.525497][T23238] vfs_iter_write+0x77/0xb0 [ 1162.530021][T23238] iter_file_splice_write+0x66d/0xbe0 [ 1162.535401][T23238] ? atime_needs_update+0x5f0/0x5f0 [ 1162.540638][T23238] ? page_cache_pipe_buf_release+0x180/0x180 [ 1162.546637][T23238] ? rw_verify_area+0x126/0x360 [ 1162.551581][T23238] ? page_cache_pipe_buf_release+0x180/0x180 [ 1162.557827][T23238] direct_splice_actor+0x123/0x190 [ 1162.563034][T23238] splice_direct_to_actor+0x366/0x970 [ 1162.568418][T23238] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1162.574508][T23238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1162.580848][T23238] ? do_splice_to+0x180/0x180 [ 1162.585556][T23238] ? rw_verify_area+0x126/0x360 [ 1162.590435][T23238] do_splice_direct+0x1da/0x2a0 [ 1162.595649][T23238] ? splice_direct_to_actor+0x970/0x970 [ 1162.601296][T23238] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1162.607117][T23238] ? __this_cpu_preempt_check+0x3a/0x210 [ 1162.612783][T23238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1162.619301][T23238] ? __sb_start_write+0x1e5/0x460 [ 1162.624342][T23238] do_sendfile+0x597/0xd00 [ 1162.628789][T23238] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1162.634082][T23238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1162.640851][T23238] ? put_timespec64+0xda/0x140 [ 1162.645724][T23238] __x64_sys_sendfile64+0x1dd/0x220 [ 1162.650948][T23238] ? __ia32_sys_sendfile+0x230/0x230 [ 1162.656247][T23238] ? do_syscall_64+0x26/0x760 [ 1162.660959][T23238] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1162.666252][T23238] ? trace_hardirqs_on+0x67/0x240 [ 1162.671288][T23238] do_syscall_64+0xfa/0x760 [ 1162.675810][T23238] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1162.681785][T23238] RIP: 0033:0x4598e9 [ 1162.685696][T23238] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1162.706104][T23238] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1162.714539][T23238] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 1162.722540][T23238] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1162.730553][T23238] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1162.739319][T23238] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fb972f886d4 [ 1162.747436][T23238] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff [ 1162.759462][T23238] memory: usage 307172kB, limit 307200kB, failcnt 19184 [ 1162.766783][T23238] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1162.774238][T23238] Memory cgroup stats for /syz0: [ 1162.774372][T23238] anon 297992192 [ 1162.774372][T23238] file 5730304 [ 1162.774372][T23238] kernel_stack 851968 [ 1162.774372][T23238] slab 5955584 [ 1162.774372][T23238] sock 0 [ 1162.774372][T23238] shmem 0 [ 1162.774372][T23238] file_mapped 5677056 [ 1162.774372][T23238] file_dirty 0 [ 1162.774372][T23238] file_writeback 0 [ 1162.774372][T23238] anon_thp 46137344 [ 1162.774372][T23238] inactive_anon 270041088 05:33:18 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xff00, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1162.774372][T23238] active_anon 1486848 [ 1162.774372][T23238] inactive_file 49152 [ 1162.774372][T23238] active_file 98304 [ 1162.774372][T23238] unevictable 32374784 [ 1162.774372][T23238] slab_reclaimable 1486848 [ 1162.774372][T23238] slab_unreclaimable 4468736 [ 1162.774372][T23238] pgfault 1122495 [ 1162.774372][T23238] pgmajfault 198 [ 1162.774372][T23238] workingset_refault 29634 [ 1162.774372][T23238] workingset_activate 1980 [ 1162.774372][T23238] workingset_nodereclaim 0 [ 1162.774372][T23238] pgrefill 37106 [ 1162.774372][T23238] pgscan 57899 [ 1162.774372][T23238] pgsteal 37363 [ 1163.167117][T23238] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23208,uid=0 [ 1163.236012][T23238] Memory cgroup out of memory: Killed process 23238 (syz-executor.0) total-vm:72840kB, anon-rss:17880kB, file-rss:41704kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 05:33:18 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:33:18 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xfeffff, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1163.484731][T23269] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1163.577058][T23269] CPU: 1 PID: 23269 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1163.586406][T23269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1163.596477][T23269] Call Trace: [ 1163.599788][T23269] dump_stack+0x172/0x1f0 [ 1163.604156][T23269] dump_header+0x177/0x1152 [ 1163.608670][T23269] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1163.614480][T23269] ? ___ratelimit+0x2c8/0x595 [ 1163.619173][T23269] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 05:33:19 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) lstat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r1, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./bus/file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000140)="6c492789496c69255512cc73b0743352ee738b252e8ea1d5ec322fe671b6da2a000d06e159623f4d5880274a3f49e89c15a237cb185afd1e8fe55c46c8c7efa55511965488767d456bf7d53545dcb6ff98669271b8e68b89411defcfcd3c8d16462e084d5dcfd06ed548c7c572d163c9176ee4ff846fd34cab0e94d5b6ea23ec3e99f2aaadabbffa1f6a1e511297b14db0b0de25298d4388cd8a2cdb6a9d1ba9807685f27d47057af61c71f9dbe4b73cb3a65f26ac3c361a0751ba123d526a5306fef95b78ad2d930dda08b0f3619fc8878c27f98eb79bc294934f66ce083416c96db4b835d5e487d3d91380b39dcd05c4bd4e297c6cc32ebc0573030d087001937ce018f99fdb75e332adc93a897c44cf918ae86889f6de6809c87f5babe3e048a4d972d3c1828be61b70a3773d1984792fb88da50733cf7e59b181b2c9ef3adb7923de587d5fd03f874e3edef4bfe2d33dabfee2d0ab9799bc2cc8037933b05addf75fa626726fb28986ad180c0002776462da20870f77f9f4618861bb65582d53b738dcdc60070aa6a86db54362532071a359d2edadc64004e17d8360ae07c6b7da2ff3c48072cfb834c3f1fb787148406a22bb68dcf9465082e9db880589d370f17aef070fc2107185e6331052feeec8a367e21a9c1cdfa00a6b777e1f4bb6fb9fe84a0b96e426961165648b740447ae8ecc74b68ee94809c91152e4df16a99e6108089bc48a7479e952f85873a8d4d8c34ef135bea68d3377e60e76723be0c2dcdf5def47637115ddcb5b95667e5ed25b74bab52d003506cd65a83eb49bada20ff145c7cc6116b744d6ad4bd6dcfc00e6756843ad25ed9503d264b1b32c2cfbc7f46b4cf501aa662fdc3c36cc2223e50325ee48fc5fa2e16ff764f336000f7d45bc3d60d468f7213ea1d249587bfb641fd093dafbefec66ed7135a4e9b764b6c62bd0503219bd153a26593960466d592993167f4ec28fbf8801ff7e11be9f508ec7f18bd6b2420e15f4bb3e521cf8b76f76e9c254bbd1a4473bd056fc9198e1725113a115bc86fdf21d0229cbcffb9421c8758e94646f53727c027f35f57bcda10c147a308406b902a5f50a2192bd09c50e443eb6ccdb2f8c27a462ac7aa6cd333cfc1ec9cb8095e46b48ad3ef9c807bc6b96f8b2dbf6c17cabd390ac30eb138a90499f3d00d94887800375447858fbcb8b5d09f6886789bb52de1d4c6a59dd18e01543b890579a5f3e5ce1f582bdb6e32f7e612a5d0a73e68b871f1715c6fd57d6e670d3e37a1285e7357e78b02fc80bebc3703053c1a8a2f06ac18434f41e43784df2aa3a773aa4cc65f487bcf50fb5a9fc7be8ccd5eadd3da08de9ba2465b8cfba88ee004c166da10eff818922012aae4f0103d0a6a39677b021977f70aff04c5249c95e617a12fc7e32a91d033c3b453ec16855c0687b757eb0309287d6c3148df600641da31663777af07d36e5f05d74f07477d588a3dd2efb93f402ae83b4165401c63d6015bf37f6619a424a351656993ba96c8b015ce968f9f4f467f007772dddd8710726e0374894f4de7ae0ff47d8888509a35ada65e28cee17ba03d42622936a0250dbb4ab52c520421c2b0915d3e945c4cf816db4ce1dd6449a96401fc5c49c72e73e4221ee9d76e72171128b137009ea48782d26ea1925523eb951b290d2460b067f4f3c419e8034da93abbcfb1897d07a0c097d1921b3b7bc0421f5f17c933205c61a746caf0da0278ba618b6e890e2bc0ed29444ff910768be670e2369faf1e54568c1099c92e48f7f83264e39b6c44feb47a167e90dd4c9670b9671da266bfb8ed4aedef79eebb069d993dbb99023a5a516e2893890cec4ade2e84ba3b685eb7d5f1c80178cac72246d776a0fd36b849ce5163487fa7bb59c48b86c55c2a75ea80385b538f588152f65950b914c2ce38328606c3e0fc28086f479785d8e3f0c4950e4867449f8ddc84813dcee6e9a8e78801757cc6cee76582828df9f6adba83ac91bf2c7e5de01052d39d1a0bb5def9312d2cd1e898971b1bbb1c8144a5271c97ba36a6372211dc9175aa91839cfc6595e6d89abf75e4cbaa9ee758b6f322fb969ea739bdf6a9aec82821f4f870719904e398b81750af7fe7217ec9963a367a443500cf42f59135381d83e772ba394d6b02a453d91b02707cd76d089b0f0691c513c2924de1d8a7264867f3daf1048382e6298991c03a480236282dc05a69146b31663125b92f973fce3ec1b4a5a1c622d80b3ff873b9dbe77b741c8714d7e811b17bf528b36b6fada0921c1162a22d327b4b547bfcb4c2abc5c9670aeef4347fba350ea74f5b2ddfbe5eeef3316e3ea774b787b77f87c91de9c15a32ccfaf4eb07678f10fb7248daec163880bf6dc04243214e6bb4cce087c5a16aa12c383cfca5b66c1fd046a70f9943a4e1eeeac4b2f5d2f587a2c25f2f03aee141b8aaa7a04b032aaee138a56d07cd8bb503fb39d6d37074ae07901db0b4747bbc26f455bb13cd70268977c0a898588f583ac1b95ca2e6a32476e13640511aa84833123e412f1c8c6726b44d2c3c98e68592bfd729a6a5edcdc9b21ab6855031270b4d762ac9a12a539448e4b98da4b13bec1b563dbf715f41ac3506082204de60d2f9f8523361d46e317bb20e4c6f0f78dc039c5238301cd26549ec2904be4482c11b8f78205ac5332703525bd981526945494592985dce0b939a394c64688a4751e944306f7620428ea1ce90949ace80fb16c9464e5fe736dc4536c461a162530699fe089d96a096fd17c339d88ec62d6f647ac2f379976837d8b5eea71f1c88e2a37fc2fb6d2785057f56d05cc295daeaa022a925b7d9f98656bb27eaf1c4296f87a7db860feed28e17f2e15dde80218b102582d7e5b618cda4937bc529ad247f57596383491dc5364372bbfaf2ae454498a81519b9dc024bf26edc13855fe9b89e4665d0d053d477787a32d87a48b198945259c381c88af314200628574afb72665f9b3e8ec454e2d16d139c198788aa20650b06974aef60a1e8997b54fa1e7f7dd8a024ca7dfeab0c702490f899358754ae6591a9ec956d7f0598840741bcd259a476f8c983772b2aca078b262d2ff9180c1c4baf7ea40c5a894a04a121d368d3387ab24378aaa24bf2d7667dc2d4f523dc6953f212ad5bbfb399033f89a52193d435080210e6c355b8643d86024df7114af47a8314a70cce9d40a1a6f552c5df8b2a10b4d8c56bcf21a73e138283873fd9eafcd47ba3af6e9fc882c88fbc59c80cdb394405865f64b42cbf6a0b8c1f440a4f4688d0b0978562765adc3466ffec48e3284458bd3ae15f66a99f3a53d4f26529d6557e5b7485293eb744367fa5fe5f661733b851f2b3ccb86ea7af75bd2bb2f271e1a33b362921ce3e4461baaad861841792fe61a3bdde252261ea9cce46a77f46028847b0b5b2f584c22f9482fd8f7816bc0d80de5228933d45332dc8288763f8581b2fbc3132fc0c5996f029f17a4f8e100da01fbe68d5a91419fde6f53560aacf25dde48e650795baf093e084abfcb4292549a0ae1b9d2a55a8deee67366c82c61db470fca21cdcb7dd54373b41ba6aaac5a348db6f21db6037f0798f15d97a07eba51a92938348a076991d75387781ad6b68cb62a8684748e5ef20c49b0044d0bc3d6f15435b3bdbf2ee3f9f0705ac6e0dd63ffe65cf48e0a71f0712956eaaf23def03e6194a687dc8a9eb8ccdfb29c5280c736766870d4775b18fdb71375bcd5c75f6863f81e20bdc2ecd069f464b8fa6e98eb8d51cb0ec89a65342ed7b4de3954a540299f1ba724b932b14bc785fa9d70fb02af89b7fdd83c838d55752f9ef370094fe5840fa7830a58427b3c5e2ccad0df11954cf0593d231208efc70d6c90f7e520857e43aa322997bbfa55a2b28cdd0ea64b2f6002ee087e88efa3da6a0be92b8b636af946c027b2892de2f36064d48df3af42d42f9e7c67c43578d59d94ec20dd22573c30d43a0c3a209d82cf2a28de10d7a0a011b757bccf9ee9c69944ab7187f0baba7d0fe0782f4f9931265b77f93177970d14e29fa0f7a838188c1051aa4dd3f17764e437cee924cb61373c799be358d475dfaf15fd9b567cacf9568c76b032ff94f9cf3cf899ca6ba7b5153abdaaab2fefbed97eb72d755e5cf1c304e6ef12f3ff8e54389929c3615bf96a0c03ba3794380f4c62085903e82cdde055b84d969afdfa64d29b6883b6e86b23139c451b6c6e899fdedd1472a25a795f7e32722e78313674e7d1982130403d52aa33c303d7a46153ff0e0133efb5cb3607e869d6a37c83fc3738577f710f9b4218cf4d15963e4d799da93b006d6775135f97a02370086d9fa11b7e682d5ad67896e8076a7ce87ecfb3aa60912b49752c0971c56151fb4f1af65f068f692b59eddfb55341c25f140afec7eb9618c59201a286c45344638bea251255124fe2c5e744de613ff1a77ae3ebd0bf47bc6be0f28d23c41c8d5f7d4841ed5122cf9683b0e343a037b7742357c1494149cfb8b279eb2b11df5eedaeedbc78a79ed0243ccf2703cd4b0781090045a9c280ae107ed85a4b644ede1b1599ea1ad539b6847f5da78b2fb6076e74567cd0537bf973bd32837b003e398d2b4c8caf4708d65a55e7f869c0c3fa87f9d1d91c006fd50f7991f8ea5c621e7fc81b86b059c9b8ea533c320a98f38ea154bf7fc48dccaf0f030b4b68b4d1243ec157d2df25775e993245f3702ced13c94591b1aa0a45759aeace5db76d85ad261aa7676fa4b534ded6523bb0bdf4c153ea57997f4eaa6ad43742196b19bd3a09203bbc88f5ce89792a678f9636072773020752ea48cee8ed77b2072100b87c217cb5f026f05dca8b9609d19efb65bc9e16d405108b3be968db2e226b335af1348404d0f199da7bf5142a731da3a9ed73cf4d8db421e0b75c348e7a74d7bec36b6640ce2ece8de2e54cf8733ea339c4bdca2a97867151e6b0db0bd358be2e4a003eb14e159abf23ae89f8ef2d262f2df866aa03b925a564c81e59cee77cb3c289db326a03e061cbce798695b322f09a2dcb2b24e0b441f595caa8f480a032f08805265be84844b51a3216a891842140aedea035e652c8d1d7f9b078659fa51e4a3e2d6249cb3b86b3ed940121ba45290f7a1ab568a2936b0015de3ba587617044502290f0febfb905164f116681b0fb8882bde5f7886236fe8c89ff2fb9a60f9413a322d0527528be650e9b0e8c7da0fbf12f5f50b81ca63fb89f7b96004c610cb80d340b9ff5664256bbe475acf6ba063e82cbbc87b1a00ef6b6b13770e80d785df560e2c770c27c43796cdbb4c8663e4f52118e768bf9c2d8da1c385a319842060c18e9a940e86961be4e748f75a36d5800fb8f5f6978d6287424010d851ddbe52322ab58f5c9a197465d9b338335cc8921db2c848e714aa7d4d1f901000cb0c7b645fa196bc674f272342436a8a165df81f7af6342b8734db692a8cfbdae6bfb6a507cef292327bef11a3828992c181b174a62b9a04a0044e57f5e83d9c4f22b00ca0e315a7dbe3c47e8d3981502c404d0e71dbdaecfbd1162b8c638a5eebddf559d0b6fe6fb69447ffa2c1dcd705426c44e2c16c810128cc3c509943aa4bba3589e0405ecfa7d91f450388ac2a04b64518c83b509c99d856f26fd33e7ffdb42fb0ac08b112aca75864de73e985c1080afdfa8b0af5e3a2f4b9b6d9331eae2f33f7801eb40168fcba979179d17cfaf160b1da32492a9c497832981cf81aa277128f19569da5f8c009b92c7abfbf8ec2973d7438c0f52fe2f12bb35", 0x1000, 0x6}], 0x24000, &(0x7f0000001140)={[{@session={'session', 0x3d, 0x2}}, {@gid={'gid', 0x3d, r1}}]}) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r2, 0x0, 0x8000fffffffe) ioctl$RTC_PIE_OFF(r0, 0x7006) [ 1163.624989][T23269] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1163.630280][T23269] ? trace_hardirqs_on+0x67/0x240 [ 1163.635321][T23269] ? pagefault_out_of_memory+0x11c/0x11c [ 1163.640994][T23269] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1163.646814][T23269] ? ___ratelimit+0x60/0x595 [ 1163.651415][T23269] ? do_raw_spin_unlock+0x57/0x270 [ 1163.656543][T23269] oom_kill_process.cold+0x10/0x15 [ 1163.661752][T23269] out_of_memory+0x334/0x1340 [ 1163.667481][T23269] ? lock_downgrade+0x920/0x920 [ 1163.672360][T23269] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1163.678194][T23269] ? oom_killer_disable+0x280/0x280 [ 1163.683420][T23269] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1163.688975][T23269] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1163.694619][T23269] ? do_raw_spin_unlock+0x57/0x270 [ 1163.699734][T23269] ? _raw_spin_unlock+0x2d/0x50 [ 1163.704596][T23269] try_charge+0xf4b/0x1440 [ 1163.709028][T23269] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1163.714579][T23269] ? find_held_lock+0x35/0x130 [ 1163.719358][T23269] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1163.724916][T23269] ? lock_downgrade+0x920/0x920 [ 1163.729788][T23269] ? percpu_ref_tryget_live+0x111/0x290 [ 1163.735351][T23269] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1163.740823][T23269] ? memcg_kmem_put_cache+0x50/0x50 [ 1163.746060][T23269] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1163.751615][T23269] __memcg_kmem_charge+0x13a/0x3a0 [ 1163.756749][T23269] __alloc_pages_nodemask+0x4f7/0x900 [ 1163.762911][T23269] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1163.768467][T23269] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1163.774191][T23269] ? percpu_ref_put_many+0xb6/0x190 [ 1163.780472][T23269] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1163.785766][T23269] ? trace_hardirqs_on+0x67/0x240 [ 1163.790793][T23269] ? __kasan_check_read+0x11/0x20 [ 1163.795838][T23269] copy_process+0x3f8/0x6830 [ 1163.800435][T23269] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1163.806225][T23269] ? __cleanup_sighand+0x60/0x60 [ 1163.811202][T23269] ? __kasan_check_read+0x11/0x20 [ 1163.816243][T23269] ? __lock_acquire+0x8a0/0x4a00 [ 1163.821216][T23269] ? _raw_spin_unlock_irq+0x74/0x90 05:33:19 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) [ 1163.826689][T23269] _do_fork+0x146/0xfa0 [ 1163.831915][T23269] ? copy_init_mm+0x20/0x20 [ 1163.836435][T23269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1163.842820][T23269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1163.849068][T23269] ? debug_smp_processor_id+0x3c/0x214 [ 1163.854544][T23269] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1163.860715][T23269] __x64_sys_clone+0x1ab/0x270 [ 1163.865664][T23269] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1163.871752][T23269] ? __ia32_sys_vfork+0xd0/0xd0 [ 1163.876612][T23269] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1163.882898][T23269] ? do_syscall_64+0x26/0x760 [ 1163.887585][T23269] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1163.892881][T23269] ? trace_hardirqs_on+0x67/0x240 [ 1163.897915][T23269] do_syscall_64+0xfa/0x760 [ 1163.902430][T23269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1163.908323][T23269] RIP: 0033:0x45c2b9 [ 1163.910680][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 1163.910694][ T26] audit: type=1804 audit(1568179999.383:3215): pid=23292 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/724/bus" dev="sda1" ino=16634 res=1 [ 1163.912213][T23269] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1163.912222][T23269] RSP: 002b:00007ffe7a181cd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1163.912236][T23269] RAX: ffffffffffffffda RBX: 00007fc354395700 RCX: 000000000045c2b9 [ 1163.912245][T23269] RDX: 00007fc3543959d0 RSI: 00007fc354394db0 RDI: 00000000003d0f00 [ 1163.912254][T23269] RBP: 00007ffe7a181ef0 R08: 00007fc354395700 R09: 00007fc354395700 [ 1163.912262][T23269] R10: 00007fc3543959d0 R11: 0000000000000202 R12: 0000000000000000 [ 1163.912275][T23269] R13: 00007ffe7a181d8f R14: 00007fc3543959c0 R15: 000000000075c07c [ 1163.923230][ T26] audit: type=1800 audit(1568179999.393:3216): pid=23292 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16634 res=0 [ 1164.087370][T23269] memory: usage 307200kB, limit 307200kB, failcnt 36885 [ 1164.109636][T23269] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1164.158142][T23269] Memory cgroup stats for /syz4: [ 1164.158273][T23269] anon 302854144 [ 1164.158273][T23269] file 4124672 [ 1164.158273][T23269] kernel_stack 655360 [ 1164.158273][T23269] slab 3928064 [ 1164.158273][T23269] sock 0 [ 1164.158273][T23269] shmem 0 [ 1164.158273][T23269] file_mapped 4190208 [ 1164.158273][T23269] file_dirty 135168 [ 1164.158273][T23269] file_writeback 0 [ 1164.158273][T23269] anon_thp 211812352 [ 1164.158273][T23269] inactive_anon 254849024 [ 1164.158273][T23269] active_anon 4669440 [ 1164.158273][T23269] inactive_file 69632 [ 1164.158273][T23269] active_file 45056 [ 1164.158273][T23269] unevictable 47579136 [ 1164.158273][T23269] slab_reclaimable 1351680 [ 1164.158273][T23269] slab_unreclaimable 2576384 [ 1164.158273][T23269] pgfault 1467708 [ 1164.158273][T23269] pgmajfault 594 [ 1164.158273][T23269] workingset_refault 68145 [ 1164.158273][T23269] workingset_activate 19008 [ 1164.158273][T23269] workingset_nodereclaim 0 [ 1164.158273][T23269] pgrefill 94019 [ 1164.158273][T23269] pgscan 123946 05:33:19 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x1000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1164.469692][T23269] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23269,uid=0 [ 1164.494887][ T26] audit: type=1804 audit(1568179999.463:3217): pid=23270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/480/bus" dev="sda1" ino=16653 res=1 [ 1164.750199][T23269] Memory cgroup out of memory: Killed process 23269 (syz-executor.4) total-vm:72840kB, anon-rss:17852kB, file-rss:40440kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1164.768518][ T26] audit: type=1804 audit(1568180000.223:3218): pid=23315 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/640/bus" dev="sda1" ino=16667 res=1 05:33:20 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1164.857973][T23298] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 05:33:20 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1164.890757][ T26] audit: type=1800 audit(1568180000.223:3219): pid=23315 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16667 res=0 [ 1164.966803][ T26] audit: type=1804 audit(1568180000.413:3220): pid=23303 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/413/bus" dev="sda1" ino=16634 res=1 [ 1164.967455][T23298] CPU: 0 PID: 23298 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1165.000942][T23298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1165.011026][T23298] Call Trace: [ 1165.014333][T23298] dump_stack+0x172/0x1f0 [ 1165.018704][T23298] dump_header+0x177/0x1152 [ 1165.023220][T23298] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1165.029029][T23298] ? ___ratelimit+0x2c8/0x595 [ 1165.033720][T23298] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1165.038228][ T26] audit: type=1800 audit(1568180000.413:3221): pid=23303 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16634 res=0 [ 1165.039538][T23298] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1165.065406][T23298] ? trace_hardirqs_on+0x67/0x240 [ 1165.070451][T23298] ? pagefault_out_of_memory+0x11c/0x11c [ 1165.076102][T23298] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1165.081936][T23298] ? ___ratelimit+0x60/0x595 [ 1165.086556][T23298] ? do_raw_spin_unlock+0x57/0x270 [ 1165.091688][T23298] oom_kill_process.cold+0x10/0x15 [ 1165.096816][T23298] out_of_memory+0x334/0x1340 [ 1165.101511][T23298] ? lock_downgrade+0x920/0x920 [ 1165.106367][T23298] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1165.112177][T23298] ? oom_killer_disable+0x280/0x280 05:33:20 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000040)='./bus/file0\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1165.117402][T23298] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1165.122962][T23298] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1165.128606][T23298] ? do_raw_spin_unlock+0x57/0x270 [ 1165.133731][T23298] ? _raw_spin_unlock+0x2d/0x50 [ 1165.138599][T23298] try_charge+0xf4b/0x1440 [ 1165.143023][T23298] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1165.148553][T23298] ? find_held_lock+0x35/0x130 [ 1165.153407][T23298] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1165.158939][T23298] ? lock_downgrade+0x920/0x920 [ 1165.163788][T23298] ? percpu_ref_tryget_live+0x111/0x290 [ 1165.169361][T23298] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1165.174819][T23298] ? memcg_kmem_put_cache+0x50/0x50 [ 1165.180018][T23298] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1165.185569][T23298] __memcg_kmem_charge+0x13a/0x3a0 [ 1165.190682][T23298] __alloc_pages_nodemask+0x4f7/0x900 [ 1165.196080][T23298] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1165.201631][T23298] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1165.207347][T23298] ? percpu_ref_put_many+0xb6/0x190 [ 1165.212549][T23298] ? lockdep_hardirqs_on+0x418/0x5d0 05:33:20 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) [ 1165.217836][T23298] ? trace_hardirqs_on+0x67/0x240 [ 1165.222866][T23298] ? __kasan_check_read+0x11/0x20 [ 1165.227897][T23298] copy_process+0x3f8/0x6830 [ 1165.232486][T23298] ? psi_memstall_leave+0x12e/0x180 [ 1165.237700][T23298] ? __cleanup_sighand+0x60/0x60 [ 1165.242640][T23298] ? __kasan_check_read+0x11/0x20 [ 1165.247673][T23298] ? __lock_acquire+0x8a0/0x4a00 [ 1165.252612][T23298] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1165.257821][T23298] _do_fork+0x146/0xfa0 [ 1165.261983][T23298] ? copy_init_mm+0x20/0x20 [ 1165.266498][T23298] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.272742][T23298] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1165.278983][T23298] ? debug_smp_processor_id+0x3c/0x214 [ 1165.284441][T23298] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1165.290585][T23298] __x64_sys_clone+0x1ab/0x270 [ 1165.295337][T23298] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1165.301405][T23298] ? __ia32_sys_vfork+0xd0/0xd0 [ 1165.306266][T23298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1165.312500][T23298] ? do_syscall_64+0x26/0x760 [ 1165.317171][T23298] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1165.322441][T23298] ? trace_hardirqs_on+0x67/0x240 [ 1165.327448][T23298] do_syscall_64+0xfa/0x760 [ 1165.331939][T23298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1165.337858][T23298] RIP: 0033:0x45c2b9 [ 1165.341745][T23298] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1165.361340][T23298] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1165.369738][T23298] RAX: ffffffffffffffda RBX: 00007fb972f67700 RCX: 000000000045c2b9 [ 1165.377698][T23298] RDX: 00007fb972f679d0 RSI: 00007fb972f66db0 RDI: 00000000003d0f00 [ 1165.385649][T23298] RBP: 00007ffc960a1610 R08: 00007fb972f67700 R09: 00007fb972f67700 [ 1165.393596][T23298] R10: 00007fb972f679d0 R11: 0000000000000202 R12: 0000000000000000 [ 1165.401546][T23298] R13: 00007ffc960a14af R14: 00007fb972f679c0 R15: 000000000075c07c [ 1165.411179][T23298] memory: usage 307200kB, limit 307200kB, failcnt 19336 [ 1165.418269][T23298] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1165.425193][T23298] Memory cgroup stats for /syz0: [ 1165.425310][T23298] anon 297902080 [ 1165.425310][T23298] file 5730304 [ 1165.425310][T23298] kernel_stack 917504 [ 1165.425310][T23298] slab 5955584 [ 1165.425310][T23298] sock 0 [ 1165.425310][T23298] shmem 0 [ 1165.425310][T23298] file_mapped 5677056 [ 1165.425310][T23298] file_dirty 0 [ 1165.425310][T23298] file_writeback 0 [ 1165.425310][T23298] anon_thp 46137344 [ 1165.425310][T23298] inactive_anon 270041088 [ 1165.425310][T23298] active_anon 1486848 [ 1165.425310][T23298] inactive_file 49152 [ 1165.425310][T23298] active_file 98304 [ 1165.425310][T23298] unevictable 32374784 [ 1165.425310][T23298] slab_reclaimable 1486848 [ 1165.425310][T23298] slab_unreclaimable 4468736 [ 1165.425310][T23298] pgfault 1127082 [ 1165.425310][T23298] pgmajfault 198 [ 1165.425310][T23298] workingset_refault 29700 [ 1165.425310][T23298] workingset_activate 2013 [ 1165.425310][T23298] workingset_nodereclaim 0 [ 1165.425310][T23298] pgrefill 37470 [ 1165.425310][T23298] pgscan 58333 [ 1165.425310][T23298] pgsteal 37432 [ 1165.522002][T23298] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23298,uid=0 [ 1165.554090][T23298] Memory cgroup out of memory: Killed process 23298 (syz-executor.0) total-vm:72840kB, anon-rss:17852kB, file-rss:37240kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 05:33:21 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x2000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1165.762431][ T1065] oom_reaper: reaped process 23298 (syz-executor.0), now anon-rss:17836kB, file-rss:40756kB, shmem-rss:0kB 05:33:21 executing program 0: socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x7fffffff, 0x101000) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0xffffffffffffffc1, 0x5}]}) [ 1166.158814][ T26] audit: type=1804 audit(1568180001.633:3222): pid=23324 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/725/bus" dev="sda1" ino=16667 res=1 05:33:21 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x3000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1166.303592][ T26] audit: type=1800 audit(1568180001.633:3223): pid=23324 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16667 res=0 [ 1166.336783][T23326] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1166.378548][T23326] CPU: 0 PID: 23326 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1166.387697][T23326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1166.397763][T23326] Call Trace: [ 1166.401068][T23326] dump_stack+0x172/0x1f0 [ 1166.405417][T23326] dump_header+0x177/0x1152 [ 1166.409933][T23326] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1166.415746][T23326] ? ___ratelimit+0x2c8/0x595 [ 1166.420455][T23326] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1166.426269][T23326] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1166.431562][T23326] ? trace_hardirqs_on+0x67/0x240 [ 1166.436597][T23326] ? pagefault_out_of_memory+0x11c/0x11c [ 1166.442241][T23326] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1166.448057][T23326] ? ___ratelimit+0x60/0x595 [ 1166.452650][T23326] ? do_raw_spin_unlock+0x57/0x270 [ 1166.457772][T23326] oom_kill_process.cold+0x10/0x15 [ 1166.462935][T23326] out_of_memory+0x334/0x1340 [ 1166.467627][T23326] ? lock_downgrade+0x920/0x920 [ 1166.472488][T23326] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1166.478305][T23326] ? oom_killer_disable+0x280/0x280 [ 1166.483532][T23326] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1166.489084][T23326] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1166.494735][T23326] ? do_raw_spin_unlock+0x57/0x270 [ 1166.499869][T23326] ? _raw_spin_unlock+0x2d/0x50 [ 1166.504734][T23326] try_charge+0xf4b/0x1440 [ 1166.509172][T23326] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1166.514718][T23326] ? percpu_ref_tryget_live+0x111/0x290 [ 1166.520272][T23326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1166.526518][T23326] ? __kasan_check_read+0x11/0x20 [ 1166.531594][T23326] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1166.537167][T23326] mem_cgroup_try_charge+0x136/0x590 [ 1166.542461][T23326] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1166.548714][T23326] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1166.554444][T23326] __handle_mm_fault+0x1e34/0x3f20 [ 1166.559566][T23326] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1166.565443][T23326] ? __kasan_check_read+0x11/0x20 [ 1166.570492][T23326] handle_mm_fault+0x1b5/0x6c0 [ 1166.575360][T23326] __do_page_fault+0x536/0xdd0 [ 1166.580225][T23326] do_page_fault+0x38/0x590 [ 1166.584733][T23326] page_fault+0x39/0x40 [ 1166.588885][T23326] RIP: 0033:0x41122f [ 1166.592783][T23326] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1166.612480][T23326] RSP: 002b:00007ffe7a181d20 EFLAGS: 00010206 [ 1166.618560][T23326] RAX: 00007fc354375000 RBX: 0000000000020000 RCX: 000000000045993a [ 1166.626539][T23326] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1166.634712][T23326] RBP: 00007ffe7a181e00 R08: ffffffffffffffff R09: 0000000000000000 [ 1166.642686][T23326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7a181ef0 [ 1166.650668][T23326] R13: 00007fc354395700 R14: 0000000000000002 R15: 000000000075c07c [ 1166.685146][ T26] audit: type=1804 audit(1568180002.153:3224): pid=23330 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/414/bus" dev="sda1" ino=16606 res=1 [ 1166.809240][T23326] memory: usage 307184kB, limit 307200kB, failcnt 37153 [ 1166.863455][T23326] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1166.914053][T23326] Memory cgroup stats for /syz4: [ 1166.914178][T23326] anon 302845952 [ 1166.914178][T23326] file 4259840 [ 1166.914178][T23326] kernel_stack 655360 [ 1166.914178][T23326] slab 3928064 [ 1166.914178][T23326] sock 0 [ 1166.914178][T23326] shmem 0 [ 1166.914178][T23326] file_mapped 4190208 [ 1166.914178][T23326] file_dirty 135168 [ 1166.914178][T23326] file_writeback 0 [ 1166.914178][T23326] anon_thp 209715200 [ 1166.914178][T23326] inactive_anon 254767104 [ 1166.914178][T23326] active_anon 4669440 05:33:22 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1166.914178][T23326] inactive_file 69632 [ 1166.914178][T23326] active_file 0 [ 1166.914178][T23326] unevictable 47665152 [ 1166.914178][T23326] slab_reclaimable 1351680 [ 1166.914178][T23326] slab_unreclaimable 2576384 [ 1166.914178][T23326] pgfault 1472361 [ 1166.914178][T23326] pgmajfault 627 [ 1166.914178][T23326] workingset_refault 68310 [ 1166.914178][T23326] workingset_activate 19008 [ 1166.914178][T23326] workingset_nodereclaim 0 [ 1166.914178][T23326] pgrefill 94184 [ 1166.914178][T23326] pgscan 124212 [ 1167.277552][T23326] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23326,uid=0 05:33:22 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x4000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:22 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:33:23 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1167.562684][T23326] Memory cgroup out of memory: Killed process 23326 (syz-executor.4) total-vm:72840kB, anon-rss:17820kB, file-rss:41376kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1167.600204][ T1065] oom_reaper: reaped process 23326 (syz-executor.4), now anon-rss:17812kB, file-rss:41404kB, shmem-rss:0kB [ 1167.634587][T23347] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1167.660636][T23347] CPU: 1 PID: 23347 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1167.669778][T23347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1167.679842][T23347] Call Trace: [ 1167.684105][T23347] dump_stack+0x172/0x1f0 [ 1167.688455][T23347] dump_header+0x177/0x1152 [ 1167.693009][T23347] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1167.693022][T23347] ? ___ratelimit+0x2c8/0x595 [ 1167.693033][T23347] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1167.693056][T23347] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1167.714606][T23347] ? trace_hardirqs_on+0x67/0x240 [ 1167.719642][T23347] ? pagefault_out_of_memory+0x11c/0x11c [ 1167.725286][T23347] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1167.731211][T23347] ? ___ratelimit+0x60/0x595 [ 1167.735811][T23347] ? do_raw_spin_unlock+0x57/0x270 [ 1167.740930][T23347] oom_kill_process.cold+0x10/0x15 [ 1167.746211][T23347] out_of_memory+0x334/0x1340 [ 1167.751065][T23347] ? lock_downgrade+0x920/0x920 [ 1167.755926][T23347] ? oom_killer_disable+0x280/0x280 [ 1167.761141][T23347] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1167.766689][T23347] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1167.772329][T23347] ? do_raw_spin_unlock+0x57/0x270 [ 1167.778577][T23347] ? _raw_spin_unlock+0x2d/0x50 [ 1167.783439][T23347] try_charge+0xf4b/0x1440 [ 1167.787880][T23347] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1167.793433][T23347] ? percpu_ref_tryget_live+0x111/0x290 [ 1167.798993][T23347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1167.805244][T23347] ? __kasan_check_read+0x11/0x20 [ 1167.810285][T23347] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1167.815838][T23347] mem_cgroup_try_charge+0x136/0x590 [ 1167.821137][T23347] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1167.827386][T23347] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1167.833030][T23347] __handle_mm_fault+0x1e34/0x3f20 [ 1167.838151][T23347] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1167.843714][T23347] ? __kasan_check_read+0x11/0x20 [ 1167.848768][T23347] handle_mm_fault+0x1b5/0x6c0 [ 1167.853555][T23347] __do_page_fault+0x536/0xdd0 [ 1167.858347][T23347] do_page_fault+0x38/0x590 [ 1167.862860][T23347] page_fault+0x39/0x40 [ 1167.867019][T23347] RIP: 0033:0x45c29d [ 1167.870916][T23347] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1167.890531][T23347] RSP: 002b:00007ffc960a13f8 EFLAGS: 00010202 [ 1167.896603][T23347] RAX: ffffffffffffffea RBX: 00007fb972f67700 RCX: 00007fb972f67700 [ 1167.904578][T23347] RDX: 00000000003d0f00 RSI: 00007fb972f66db0 RDI: 0000000000410620 [ 1167.912547][T23347] RBP: 00007ffc960a1610 R08: 00007fb972f679d0 R09: 00007fb972f67700 [ 1167.920523][T23347] R10: 00007fb972f66dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1167.928497][T23347] R13: 00007ffc960a14af R14: 00007fb972f679c0 R15: 000000000075c07c [ 1168.137434][T23347] memory: usage 307200kB, limit 307200kB, failcnt 19477 [ 1168.150786][T23347] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1168.173016][T23347] Memory cgroup stats for /syz0: [ 1168.173133][T23347] anon 297988096 [ 1168.173133][T23347] file 5865472 [ 1168.173133][T23347] kernel_stack 917504 [ 1168.173133][T23347] slab 5955584 [ 1168.173133][T23347] sock 0 [ 1168.173133][T23347] shmem 0 [ 1168.173133][T23347] file_mapped 5812224 [ 1168.173133][T23347] file_dirty 0 [ 1168.173133][T23347] file_writeback 0 [ 1168.173133][T23347] anon_thp 46137344 [ 1168.173133][T23347] inactive_anon 270041088 [ 1168.173133][T23347] active_anon 1486848 [ 1168.173133][T23347] inactive_file 49152 [ 1168.173133][T23347] active_file 98304 [ 1168.173133][T23347] unevictable 32374784 [ 1168.173133][T23347] slab_reclaimable 1486848 05:33:23 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) 05:33:23 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x5000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1168.173133][T23347] slab_unreclaimable 4468736 [ 1168.173133][T23347] pgfault 1131702 [ 1168.173133][T23347] pgmajfault 198 [ 1168.173133][T23347] workingset_refault 29799 [ 1168.173133][T23347] workingset_activate 2013 [ 1168.173133][T23347] workingset_nodereclaim 0 [ 1168.173133][T23347] pgrefill 37735 [ 1168.173133][T23347] pgscan 58698 [ 1168.173133][T23347] pgsteal 37531 05:33:23 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000040)) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = gettid() r2 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r2, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r2, 0x0, 0x0, 0x1000f4) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r2, r3, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000080)=0x0) getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r5, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) kcmp(r1, r4, 0x5, 0xffffffffffffffff, r5) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1168.585400][T23347] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23347,uid=0 [ 1168.735822][T23347] Memory cgroup out of memory: Killed process 23347 (syz-executor.0) total-vm:72840kB, anon-rss:17820kB, file-rss:37812kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1168.803628][ T1065] oom_reaper: reaped process 23347 (syz-executor.0), now anon-rss:17868kB, file-rss:41828kB, shmem-rss:0kB 05:33:24 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x6000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:24 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1169.084524][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 1169.084539][ T26] audit: type=1804 audit(1568180004.553:3235): pid=23393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/727/bus" dev="sda1" ino=16689 res=1 05:33:24 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:33:24 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x260100, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1169.288287][ T26] audit: type=1800 audit(1568180004.613:3236): pid=23393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16689 res=0 05:33:24 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x7000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1169.427342][ T26] audit: type=1804 audit(1568180004.633:3237): pid=23421 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/491/bus" dev="sda1" ino=16635 res=1 [ 1169.523507][ T26] audit: type=1800 audit(1568180004.633:3238): pid=23421 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16635 res=0 [ 1169.675538][T23413] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1169.715337][T23413] CPU: 1 PID: 23413 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1169.724524][T23413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1169.734590][T23413] Call Trace: [ 1169.737899][T23413] dump_stack+0x172/0x1f0 [ 1169.742240][T23413] dump_header+0x177/0x1152 [ 1169.746807][T23413] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1169.752615][T23413] ? ___ratelimit+0x2c8/0x595 [ 1169.757294][T23413] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1169.763113][T23413] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1169.768412][T23413] ? trace_hardirqs_on+0x67/0x240 [ 1169.773446][T23413] ? pagefault_out_of_memory+0x11c/0x11c [ 1169.779084][T23413] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1169.784893][T23413] ? ___ratelimit+0x60/0x595 [ 1169.789484][T23413] ? do_raw_spin_unlock+0x57/0x270 [ 1169.794596][T23413] oom_kill_process.cold+0x10/0x15 [ 1169.799710][T23413] out_of_memory+0x334/0x1340 [ 1169.804389][T23413] ? lock_downgrade+0x920/0x920 [ 1169.809246][T23413] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1169.815077][T23413] ? oom_killer_disable+0x280/0x280 [ 1169.820303][T23413] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1169.825863][T23413] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1169.831505][T23413] ? do_raw_spin_unlock+0x57/0x270 [ 1169.836626][T23413] ? _raw_spin_unlock+0x2d/0x50 [ 1169.841494][T23413] try_charge+0xf4b/0x1440 [ 1169.845952][T23413] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1169.851505][T23413] ? percpu_ref_tryget_live+0x111/0x290 [ 1169.857058][T23413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1169.863758][T23413] ? __kasan_check_read+0x11/0x20 [ 1169.868791][T23413] ? get_mem_cgroup_from_mm+0x156/0x320 05:33:25 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1169.874342][T23413] mem_cgroup_try_charge+0x136/0x590 [ 1169.879633][T23413] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1169.885887][T23413] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1169.891537][T23413] __handle_mm_fault+0x1e34/0x3f20 [ 1169.896661][T23413] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1169.902230][T23413] ? __kasan_check_read+0x11/0x20 [ 1169.907277][T23413] handle_mm_fault+0x1b5/0x6c0 [ 1169.912043][T23413] __get_user_pages+0x7d4/0x1b30 [ 1169.916989][T23413] ? mark_held_locks+0xf0/0xf0 [ 1169.921766][T23413] ? follow_page_mask+0x1cf0/0x1cf0 [ 1169.926961][T23413] ? __mm_populate+0x270/0x380 [ 1169.931734][T23413] ? memset+0x32/0x40 [ 1169.935725][T23413] populate_vma_page_range+0x20d/0x2a0 [ 1169.941191][T23413] __mm_populate+0x204/0x380 [ 1169.945792][T23413] ? populate_vma_page_range+0x2a0/0x2a0 [ 1169.951426][T23413] ? up_write+0x1c8/0x490 [ 1169.955764][T23413] __x64_sys_mremap+0x7dc/0xb80 [ 1169.961281][T23413] ? mremap_to+0x750/0x750 [ 1169.965717][T23413] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1169.971181][T23413] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1169.976642][T23413] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1169.982708][T23413] ? do_syscall_64+0x26/0x760 [ 1169.987390][T23413] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1169.992677][T23413] ? trace_hardirqs_on+0x67/0x240 [ 1169.997710][T23413] do_syscall_64+0xfa/0x760 [ 1170.002227][T23413] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1170.008126][T23413] RIP: 0033:0x4598e9 [ 1170.012023][T23413] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1170.031625][T23413] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1170.040041][T23413] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1170.048014][T23413] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1170.055986][T23413] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1170.064619][T23413] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1170.072591][T23413] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1170.095111][T23413] memory: usage 307200kB, limit 307200kB, failcnt 37510 [ 1170.102460][T23413] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1170.110136][T23413] Memory cgroup stats for /syz4: [ 1170.110257][T23413] anon 302166016 [ 1170.110257][T23413] file 4734976 [ 1170.110257][T23413] kernel_stack 655360 [ 1170.110257][T23413] slab 3928064 [ 1170.110257][T23413] sock 0 [ 1170.110257][T23413] shmem 0 [ 1170.110257][T23413] file_mapped 4730880 [ 1170.110257][T23413] file_dirty 135168 [ 1170.110257][T23413] file_writeback 0 [ 1170.110257][T23413] anon_thp 211812352 [ 1170.110257][T23413] inactive_anon 254902272 [ 1170.110257][T23413] active_anon 4669440 [ 1170.110257][T23413] inactive_file 32768 [ 1170.110257][T23413] active_file 180224 [ 1170.110257][T23413] unevictable 47443968 [ 1170.110257][T23413] slab_reclaimable 1351680 [ 1170.110257][T23413] slab_unreclaimable 2576384 [ 1170.110257][T23413] pgfault 1478400 [ 1170.110257][T23413] pgmajfault 660 [ 1170.110257][T23413] workingset_refault 68508 [ 1170.110257][T23413] workingset_activate 19008 [ 1170.110257][T23413] workingset_nodereclaim 0 [ 1170.110257][T23413] pgrefill 94283 [ 1170.110257][T23413] pgscan 124681 [ 1170.229230][ T26] audit: type=1804 audit(1568180005.703:3239): pid=23432 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/416/bus" dev="sda1" ino=16610 res=1 [ 1170.235407][T23413] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23394,uid=0 [ 1170.297363][ T26] audit: type=1800 audit(1568180005.723:3240): pid=23432 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16610 res=0 [ 1170.322901][T23413] Memory cgroup out of memory: Killed process 23394 (syz-executor.4) total-vm:72832kB, anon-rss:17016kB, file-rss:40952kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 05:33:25 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x8000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1170.364982][ T1065] oom_reaper: reaped process 23394 (syz-executor.4), now anon-rss:17064kB, file-rss:42872kB, shmem-rss:0kB [ 1170.365083][T23433] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1170.477344][T23433] CPU: 1 PID: 23433 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1170.486496][T23433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1170.496561][T23433] Call Trace: [ 1170.499868][T23433] dump_stack+0x172/0x1f0 [ 1170.504217][T23433] dump_header+0x177/0x1152 [ 1170.508732][T23433] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1170.514545][T23433] ? ___ratelimit+0x2c8/0x595 [ 1170.519228][T23433] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1170.525039][T23433] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1170.530322][T23433] ? trace_hardirqs_on+0x67/0x240 [ 1170.535363][T23433] ? pagefault_out_of_memory+0x11c/0x11c [ 1170.540998][T23433] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1170.546806][T23433] ? ___ratelimit+0x60/0x595 [ 1170.551400][T23433] ? do_raw_spin_unlock+0x57/0x270 [ 1170.556517][T23433] oom_kill_process.cold+0x10/0x15 [ 1170.561639][T23433] out_of_memory+0x334/0x1340 [ 1170.566321][T23433] ? lock_downgrade+0x920/0x920 [ 1170.571183][T23433] ? oom_killer_disable+0x280/0x280 [ 1170.576396][T23433] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1170.581947][T23433] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1170.587594][T23433] ? do_raw_spin_unlock+0x57/0x270 [ 1170.592709][T23433] ? _raw_spin_unlock+0x2d/0x50 [ 1170.597596][T23433] try_charge+0xf4b/0x1440 [ 1170.602022][T23433] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1170.607566][T23433] ? find_held_lock+0x35/0x130 [ 1170.612333][T23433] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1170.617888][T23433] ? lock_downgrade+0x920/0x920 [ 1170.622740][T23433] ? percpu_ref_tryget_live+0x111/0x290 [ 1170.628296][T23433] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1170.633756][T23433] ? memcg_kmem_put_cache+0x50/0x50 [ 1170.638967][T23433] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1170.644522][T23433] __memcg_kmem_charge+0x13a/0x3a0 [ 1170.649643][T23433] __alloc_pages_nodemask+0x4f7/0x900 [ 1170.655026][T23433] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1170.660607][T23433] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1170.666340][T23433] ? percpu_ref_put_many+0xb6/0x190 [ 1170.671556][T23433] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1170.676848][T23433] ? trace_hardirqs_on+0x67/0x240 [ 1170.681907][T23433] ? __kasan_check_read+0x11/0x20 [ 1170.686944][T23433] copy_process+0x3f8/0x6830 [ 1170.691555][T23433] ? psi_memstall_leave+0x12e/0x180 [ 1170.696779][T23433] ? __cleanup_sighand+0x60/0x60 [ 1170.701724][T23433] ? __kasan_check_read+0x11/0x20 [ 1170.706756][T23433] ? __lock_acquire+0x8a0/0x4a00 [ 1170.711712][T23433] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1170.716922][T23433] _do_fork+0x146/0xfa0 [ 1170.721088][T23433] ? copy_init_mm+0x20/0x20 [ 1170.725607][T23433] ? lock_downgrade+0x920/0x920 [ 1170.730466][T23433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1170.736722][T23433] __x64_sys_clone+0x1ab/0x270 [ 1170.741526][T23433] ? __ia32_sys_vfork+0xd0/0xd0 [ 1170.746388][T23433] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 1170.752036][T23433] ? mem_cgroup_handle_over_high+0x21b/0x2a0 [ 1170.758025][T23433] ? do_syscall_64+0x26/0x760 [ 1170.763752][T23433] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1170.769048][T23433] ? trace_hardirqs_on+0x67/0x240 [ 1170.774085][T23433] do_syscall_64+0xfa/0x760 [ 1170.778603][T23433] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1170.784633][T23433] RIP: 0033:0x45c2b9 [ 1170.788532][T23433] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1170.808148][T23433] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1170.816830][T23433] RAX: ffffffffffffffda RBX: 00007fb972f88700 RCX: 000000000045c2b9 05:33:26 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:33:26 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r2, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r2, 0x0, 0x0, 0x1000f4) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r2, r3, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4) write$apparmor_exec(r2, &(0x7f0000000140)={'exec ', '\x81)\x00'}, 0x8) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) ioctl$VIDIOC_G_CTRL(r1, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) setsockopt$CAIFSO_REQ_PARAM(r1, 0x116, 0x80, &(0x7f0000000240)="d17c22a2dbb867f35609fbd00061baf40b668d09815d02cc879299e2534efb6b2625493103138e5f79b18e32d13f254de89ce6e5b247c74b93e10b84d524645e89a897391f46f42edb5bfeb0649d7573b1e42c97bfb08202417ee11ff22b08d1caa644f86de4c9cedfc1b96dbdb0e1e0209f088a491df348d513ab83590555411bbf6d844b11e55ba965dddacc07a9c0d40c282963ed2ee233d551f853559d73c4c779101aa9feaddb7e857dce6d91a8db469790a86970b991ae376075c423aa21e49ef33966209fd13033", 0xcb) mlockall(0x1) r4 = creat(&(0x7f0000000100)='./bus\x00', 0x10) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0x0) fallocate(r4, 0x0, 0x0, 0x1000f4) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) r6 = semget(0x1, 0x2, 0xc0) semctl$IPC_RMID(r6, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r4, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, [0x9d71]}) ioctl$KVM_DEASSIGN_DEV_IRQ(r8, 0x4040ae75, &(0x7f0000000080)={0x4, 0x80, 0x4, 0x400}) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1170.824807][T23433] RDX: 00007fb972f889d0 RSI: 00007fb972f87db0 RDI: 00000000003d0f00 [ 1170.832780][T23433] RBP: 00007ffc960a1610 R08: 00007fb972f88700 R09: 00007fb972f88700 [ 1170.840757][T23433] R10: 00007fb972f889d0 R11: 0000000000000202 R12: 0000000000000000 [ 1170.848738][T23433] R13: 00007ffc960a14af R14: 00007fb972f889c0 R15: 000000000075bfd4 [ 1170.891231][T23433] memory: usage 307128kB, limit 307200kB, failcnt 19719 [ 1170.898436][T23433] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1170.926129][T23433] Memory cgroup stats for /syz0: [ 1170.926247][T23433] anon 298000384 [ 1170.926247][T23433] file 6000640 [ 1170.926247][T23433] kernel_stack 851968 [ 1170.926247][T23433] slab 5955584 [ 1170.926247][T23433] sock 0 [ 1170.926247][T23433] shmem 0 [ 1170.926247][T23433] file_mapped 5947392 [ 1170.926247][T23433] file_dirty 0 [ 1170.926247][T23433] file_writeback 0 [ 1170.926247][T23433] anon_thp 48234496 [ 1170.926247][T23433] inactive_anon 270041088 [ 1170.926247][T23433] active_anon 1486848 [ 1170.926247][T23433] inactive_file 49152 [ 1170.926247][T23433] active_file 98304 [ 1170.926247][T23433] unevictable 32567296 [ 1170.926247][T23433] slab_reclaimable 1486848 [ 1170.926247][T23433] slab_unreclaimable 4468736 [ 1170.926247][T23433] pgfault 1135827 [ 1170.926247][T23433] pgmajfault 198 [ 1170.926247][T23433] workingset_refault 29898 [ 1170.926247][T23433] workingset_activate 2013 [ 1170.926247][T23433] workingset_nodereclaim 0 [ 1170.926247][T23433] pgrefill 38131 [ 1170.926247][T23433] pgscan 59127 [ 1170.926247][T23433] pgsteal 37597 [ 1171.050798][ T26] audit: type=1804 audit(1568180006.523:3241): pid=23461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/492/bus" dev="sda1" ino=16737 res=1 [ 1171.092740][ T26] audit: type=1800 audit(1568180006.553:3242): pid=23461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16737 res=0 [ 1171.117161][T23433] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23433,uid=0 [ 1171.138012][ T26] audit: type=1804 audit(1568180006.613:3243): pid=23462 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/492/bus" dev="sda1" ino=16737 res=1 [ 1171.190193][T23433] Memory cgroup out of memory: Killed process 23433 (syz-executor.0) total-vm:72708kB, anon-rss:17852kB, file-rss:40376kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 05:33:26 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1171.237947][ T26] audit: type=1804 audit(1568180006.663:3244): pid=23461 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/492/bus" dev="sda1" ino=16737 res=1 [ 1171.278050][ T1065] oom_reaper: reaped process 23433 (syz-executor.0), now anon-rss:17868kB, file-rss:41340kB, shmem-rss:0kB 05:33:26 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x9000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:27 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r1, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r1, r2, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r3, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r3, 0x0, 0x0, 0x1000f4) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r3, r4, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000200)=r3, 0x4) ioctl$VIDIOC_G_CTRL(r4, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) r5 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r5, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r5, 0x0, 0x0, 0x1000f4) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r5, r6, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000200)=r5, 0x4) getsockname$packet(r5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000480)=@delqdisc={0x118, 0x25, 0x400, 0x70bd2c, 0x25dfdbff, {0x0, r7, {0xd, 0xfff3}, {0xfff9, 0xa}, {0xfff4, 0xe}}, [@qdisc_kind_options=@q_sfq={{0x8, 0x1, 'sfq\x00'}, {0x48, 0x2, {{0x8, 0x2, 0xfffffffffffffffc, 0x7, 0x1}, 0x200, 0x1, 0xfff, 0x2, 0xfffffffffffffffd, 0x12, 0xb, 0x9, 0x7, {0xbb0b, 0x40, 0xfff, 0x3, 0x3, 0x895e}}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x3}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x33}, @TCA_RATE={0x8, 0x5, {0x100000001, 0x80000001}}, @TCA_RATE={0x8, 0x5, {0x1, 0x7ec}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x400040000}, @TCA_STAB={0x7c, 0x8, [{{0x1c, 0x1, {0xb84e, 0x56, 0x3, 0xefd, 0x1, 0x7, 0x1, 0x4}}, {0xc, 0x2, [0xa00000000000000, 0x7f, 0x0, 0x7ff]}}, {{0x1c, 0x1, {0xff, 0x101, 0x2, 0x3f, 0x0, 0x601, 0x1, 0x4}}, {0xc, 0x2, [0x4000, 0x7, 0x4, 0x25eb]}}, {{0x1c, 0x1, {0x1, 0x5, 0x16900000000, 0x7, 0x609b065eedfd44c5, 0x1ff, 0x3, 0x4}}, {0xc, 0x2, [0x6b, 0x6, 0x2, 0xffffffffffffffe1]}}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x20440c0}, 0x1) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000140)="367e712ce8d6d57c96c32aad7bc8d9fb7fec44d62bfb21f61258d5593248da6f267e79f6585c7c90e96838f53f761a400da9e049e1d3b7130f9e7f3b8ceaf705be3b446ec2e615cced990663bb73edf24628e628e95ce8b57b30fd0047e4ab125d6591acadb9b0eb670690831c370b3c684944b1bf8ed658158ab026a86f992d0670ca3fe03c5aabb8267f14007f9c2ac012a214de308a0068329c00636aa240a7fe532dc735b4c2ed2e31866d6ff520be30033350312f48d967395fa505d4a3a5576670f78b5fb995ef027d149966bcc936156f7819a6eae7ae2554208a331e1254ac364c434a7b") r8 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r8, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r8, 0x0, 0x0, 0x1000f4) r9 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r8, r9, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r8, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000000200)=r8, 0x4) ioctl$VIDIOC_G_CTRL(r9, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$SG_SET_COMMAND_Q(r9, 0x2271, &(0x7f0000000000)) r10 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r10, 0x0, 0x8000fffffffe) 05:33:27 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x10000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 05:33:27 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1172.359194][T23481] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1172.378624][T23481] CPU: 1 PID: 23481 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1172.387757][T23481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1172.397814][T23481] Call Trace: [ 1172.401122][T23481] dump_stack+0x172/0x1f0 [ 1172.405463][T23481] dump_header+0x177/0x1152 [ 1172.409984][T23481] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1172.415800][T23481] ? ___ratelimit+0x2c8/0x595 [ 1172.420505][T23481] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1172.426327][T23481] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1172.431623][T23481] ? trace_hardirqs_on+0x67/0x240 [ 1172.436657][T23481] ? pagefault_out_of_memory+0x11c/0x11c [ 1172.442303][T23481] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1172.448116][T23481] ? ___ratelimit+0x60/0x595 [ 1172.452707][T23481] ? do_raw_spin_unlock+0x57/0x270 [ 1172.457827][T23481] oom_kill_process.cold+0x10/0x15 [ 1172.462953][T23481] out_of_memory+0x334/0x1340 [ 1172.467637][T23481] ? lock_downgrade+0x920/0x920 [ 1172.472516][T23481] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1172.478331][T23481] ? oom_killer_disable+0x280/0x280 [ 1172.483567][T23481] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1172.489114][T23481] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1172.494754][T23481] ? do_raw_spin_unlock+0x57/0x270 [ 1172.500075][T23481] ? _raw_spin_unlock+0x2d/0x50 [ 1172.504937][T23481] try_charge+0xf4b/0x1440 [ 1172.509373][T23481] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1172.514920][T23481] ? percpu_ref_tryget_live+0x111/0x290 [ 1172.520473][T23481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1172.526718][T23481] ? __kasan_check_read+0x11/0x20 [ 1172.531757][T23481] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1172.537306][T23481] mem_cgroup_try_charge+0x136/0x590 [ 1172.542595][T23481] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1172.548841][T23481] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1172.554489][T23481] __handle_mm_fault+0x1e34/0x3f20 [ 1172.559617][T23481] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1172.565181][T23481] ? __kasan_check_read+0x11/0x20 [ 1172.570215][T23481] handle_mm_fault+0x1b5/0x6c0 [ 1172.574997][T23481] __do_page_fault+0x536/0xdd0 [ 1172.579776][T23481] do_page_fault+0x38/0x590 [ 1172.584282][T23481] page_fault+0x39/0x40 [ 1172.588439][T23481] RIP: 0033:0x45c29d [ 1172.592331][T23481] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1172.611934][T23481] RSP: 002b:00007ffc960a13f8 EFLAGS: 00010202 [ 1172.618009][T23481] RAX: ffffffffffffffea RBX: 00007fb972f67700 RCX: 00007fb972f67700 [ 1172.625988][T23481] RDX: 00000000003d0f00 RSI: 00007fb972f66db0 RDI: 0000000000410620 [ 1172.633978][T23481] RBP: 00007ffc960a1610 R08: 00007fb972f679d0 R09: 00007fb972f67700 [ 1172.641958][T23481] R10: 00007fb972f66dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1172.649942][T23481] R13: 00007ffc960a14af R14: 00007fb972f679c0 R15: 000000000075c07c 05:33:28 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) 05:33:28 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x20000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1173.137691][T23481] memory: usage 307200kB, limit 307200kB, failcnt 19863 [ 1173.150658][T23481] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1173.184114][T23481] Memory cgroup stats for /syz0: [ 1173.184224][T23481] anon 297984000 [ 1173.184224][T23481] file 6000640 [ 1173.184224][T23481] kernel_stack 917504 [ 1173.184224][T23481] slab 5955584 [ 1173.184224][T23481] sock 0 [ 1173.184224][T23481] shmem 0 [ 1173.184224][T23481] file_mapped 6082560 [ 1173.184224][T23481] file_dirty 0 [ 1173.184224][T23481] file_writeback 0 [ 1173.184224][T23481] anon_thp 48234496 [ 1173.184224][T23481] inactive_anon 269975552 [ 1173.184224][T23481] active_anon 1486848 [ 1173.184224][T23481] inactive_file 184320 [ 1173.184224][T23481] active_file 98304 [ 1173.184224][T23481] unevictable 32550912 [ 1173.184224][T23481] slab_reclaimable 1486848 [ 1173.184224][T23481] slab_unreclaimable 4468736 [ 1173.184224][T23481] pgfault 1139919 [ 1173.184224][T23481] pgmajfault 198 [ 1173.184224][T23481] workingset_refault 29931 [ 1173.184224][T23481] workingset_activate 2013 [ 1173.184224][T23481] workingset_nodereclaim 0 [ 1173.184224][T23481] pgrefill 38164 [ 1173.184224][T23481] pgscan 59292 [ 1173.184224][T23481] pgsteal 37663 05:33:28 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1173.331589][T23481] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23481,uid=0 05:33:28 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x20100000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1173.382551][T23481] Memory cgroup out of memory: Killed process 23481 (syz-executor.0) total-vm:72840kB, anon-rss:17852kB, file-rss:40316kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1173.543595][T23461] syz-executor.4 invoked oom-killer: gfp_mask=0x40cd0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=1000 [ 1173.576901][T23461] CPU: 1 PID: 23461 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1173.587008][T23461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1173.597057][T23461] Call Trace: [ 1173.600465][T23461] dump_stack+0x172/0x1f0 [ 1173.604811][T23461] dump_header+0x177/0x1152 [ 1173.609336][T23461] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1173.615151][T23461] ? ___ratelimit+0x2c8/0x595 [ 1173.619841][T23461] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1173.625659][T23461] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1173.630949][T23461] ? trace_hardirqs_on+0x67/0x240 [ 1173.635983][T23461] ? pagefault_out_of_memory+0x11c/0x11c [ 1173.641629][T23461] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1173.647439][T23461] ? ___ratelimit+0x60/0x595 [ 1173.652027][T23461] ? do_raw_spin_unlock+0x57/0x270 [ 1173.657148][T23461] oom_kill_process.cold+0x10/0x15 [ 1173.662272][T23461] out_of_memory+0x334/0x1340 [ 1173.666982][T23461] ? lock_downgrade+0x920/0x920 [ 1173.671840][T23461] ? oom_killer_disable+0x280/0x280 [ 1173.677054][T23461] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1173.682730][T23461] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1173.688381][T23461] ? do_raw_spin_unlock+0x57/0x270 [ 1173.693512][T23461] ? _raw_spin_unlock+0x2d/0x50 [ 1173.698553][T23461] try_charge+0xf4b/0x1440 [ 1173.702996][T23461] ? __lock_acquire+0x800/0x4a00 [ 1173.707947][T23461] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1173.713499][T23461] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1173.719490][T23461] ? cache_grow_begin+0x122/0xd20 [ 1173.724702][T23461] ? find_held_lock+0x35/0x130 [ 1173.729472][T23461] ? cache_grow_begin+0x122/0xd20 [ 1173.734516][T23461] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1173.739548][T23536] 9pnet: Insufficient options for proto=fd [ 1173.739984][T23461] ? memcg_kmem_put_cache+0x50/0x50 [ 1173.751071][T23461] ? __kasan_check_read+0x11/0x20 [ 1173.756109][T23461] cache_grow_begin+0x629/0xd20 [ 1173.760972][T23461] ? __sanitizer_cov_trace_cmp2+0x11/0x20 [ 1173.766700][T23461] ? mempolicy_slab_node+0x139/0x390 [ 1173.771999][T23461] fallback_alloc+0x1fd/0x2d0 [ 1173.776688][T23461] ____cache_alloc_node+0x1bc/0x1d0 [ 1173.781892][T23461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1173.788754][T23461] kmem_cache_alloc+0x1ef/0x710 05:33:29 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1173.793625][T23461] alloc_inode+0x16f/0x1e0 [ 1173.798055][T23461] new_inode_pseudo+0x19/0xf0 [ 1173.802743][T23461] new_inode+0x1f/0x40 [ 1173.806830][T23461] debugfs_get_inode+0x1a/0x130 [ 1173.811693][T23461] __debugfs_create_file+0xb7/0x3f0 [ 1173.816902][T23461] debugfs_create_file+0x5a/0x70 [ 1173.821862][T23461] kvm_dev_ioctl+0xa04/0x1650 [ 1173.826561][T23461] ? kvm_debugfs_release+0x90/0x90 [ 1173.831699][T23461] ? kvm_debugfs_release+0x90/0x90 [ 1173.836830][T23461] do_vfs_ioctl+0xdb6/0x13e0 05:33:29 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r2, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r2, 0x0, 0x0, 0x1000f4) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r2, r3, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) r4 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r4, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r4, 0x0, 0x0, 0x1000f4) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r4, r5, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000200)=r4, 0x4) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, &(0x7f0000000000)={0x8, 0x8, 0x1, r4}) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1173.841425][T23461] ? ioctl_preallocate+0x210/0x210 [ 1173.846523][T23461] ? __fget+0x384/0x560 [ 1173.850690][T23461] ? ksys_dup3+0x3e0/0x3e0 [ 1173.855266][T23461] ? nsecs_to_jiffies+0x30/0x30 [ 1173.860132][T23461] ? tomoyo_file_ioctl+0x23/0x30 [ 1173.865083][T23461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1173.871332][T23461] ? security_file_ioctl+0x8d/0xc0 [ 1173.876454][T23461] ksys_ioctl+0xab/0xd0 [ 1173.880623][T23461] __x64_sys_ioctl+0x73/0xb0 [ 1173.885224][T23461] do_syscall_64+0xfa/0x760 [ 1173.889740][T23461] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1173.895636][T23461] RIP: 0033:0x4598e9 [ 1173.899572][T23461] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1173.919181][T23461] RSP: 002b:00007fc3543d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1173.927692][T23461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1173.935677][T23461] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000009 [ 1173.943652][T23461] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1173.951630][T23461] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc3543d76d4 [ 1173.959606][T23461] R13: 00000000004c2841 R14: 00000000004d5ec8 R15: 00000000ffffffff [ 1173.986932][T23461] memory: usage 307200kB, limit 307200kB, failcnt 37988 [ 1174.055514][T23461] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1174.091109][T23461] Memory cgroup stats for /syz4: [ 1174.091533][T23461] anon 302850048 [ 1174.091533][T23461] file 4165632 [ 1174.091533][T23461] kernel_stack 655360 [ 1174.091533][T23461] slab 3792896 [ 1174.091533][T23461] sock 0 [ 1174.091533][T23461] shmem 0 [ 1174.091533][T23461] file_mapped 4190208 [ 1174.091533][T23461] file_dirty 0 [ 1174.091533][T23461] file_writeback 0 [ 1174.091533][T23461] anon_thp 211812352 [ 1174.091533][T23461] inactive_anon 256929792 [ 1174.091533][T23461] active_anon 4669440 [ 1174.091533][T23461] inactive_file 4096 [ 1174.091533][T23461] active_file 94208 [ 1174.091533][T23461] unevictable 45375488 [ 1174.091533][T23461] slab_reclaimable 1216512 [ 1174.091533][T23461] slab_unreclaimable 2576384 [ 1174.091533][T23461] pgfault 1484637 [ 1174.091533][T23461] pgmajfault 660 [ 1174.091533][T23461] workingset_refault 69234 [ 1174.091533][T23461] workingset_activate 19041 [ 1174.091533][T23461] workingset_nodereclaim 0 [ 1174.091533][T23461] pgrefill 95226 [ 1174.091533][T23461] pgscan 126403 [ 1174.194132][ T26] kauditd_printk_skb: 19 callbacks suppressed [ 1174.194147][ T26] audit: type=1804 audit(1568180009.663:3264): pid=23528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/485/bus" dev="sda1" ino=16668 res=1 [ 1174.202840][ T26] audit: type=1800 audit(1568180009.663:3265): pid=23528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16668 res=0 [ 1174.252796][T23461] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23460,uid=0 [ 1174.276673][T23461] Memory cgroup out of memory: Killed process 23461 (syz-executor.4) total-vm:73096kB, anon-rss:17888kB, file-rss:42284kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1174.352593][ T1065] [ 1174.353697][T23461] kobject: 'kvm' (000000008c94a0b3): kobject_uevent_env [ 1174.354957][ T1065] ============================================ [ 1174.354961][ T1065] WARNING: possible recursive locking detected [ 1174.354970][ T1065] 5.3.0-rc6-next-20190830 #75 Not tainted [ 1174.354979][ T1065] -------------------------------------------- [ 1174.375385][T23461] kobject: 'kvm' (000000008c94a0b3): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 1174.379972][ T1065] oom_reaper/1065 is trying to acquire lock: [ 1174.379978][ T1065] ffffffff8904ff60 (mmu_notifier_invalidate_range_start){+.+.}, at: __mmu_notifier_invalidate_range_end+0x0/0x360 [ 1174.380011][ T1065] [ 1174.380011][ T1065] but task is already holding lock: [ 1174.380014][ T1065] ffffffff8904ff60 (mmu_notifier_invalidate_range_start){+.+.}, at: __oom_reap_task_mm+0x196/0x490 [ 1174.380042][ T1065] [ 1174.380042][ T1065] other info that might help us debug this: [ 1174.439983][ T1065] Possible unsafe locking scenario: [ 1174.439983][ T1065] [ 1174.447429][ T1065] CPU0 [ 1174.450704][ T1065] ---- [ 1174.453976][ T1065] lock(mmu_notifier_invalidate_range_start); [ 1174.460135][ T1065] lock(mmu_notifier_invalidate_range_start); [ 1174.466274][ T1065] [ 1174.466274][ T1065] *** DEADLOCK *** [ 1174.466274][ T1065] [ 1174.474412][ T1065] May be due to missing lock nesting notation [ 1174.474412][ T1065] [ 1174.482732][ T1065] 2 locks held by oom_reaper/1065: [ 1174.487917][ T1065] #0: ffff88805ce551d0 (&mm->mmap_sem#2){++++}, at: oom_reaper+0x3a7/0x1320 [ 1174.496705][ T1065] #1: ffffffff8904ff60 (mmu_notifier_invalidate_range_start){+.+.}, at: __oom_reap_task_mm+0x196/0x490 [ 1174.507833][ T1065] [ 1174.507833][ T1065] stack backtrace: [ 1174.513736][ T1065] CPU: 1 PID: 1065 Comm: oom_reaper Not tainted 5.3.0-rc6-next-20190830 #75 [ 1174.522401][ T1065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1174.532457][ T1065] Call Trace: [ 1174.535758][ T1065] dump_stack+0x172/0x1f0 [ 1174.540097][ T1065] __lock_acquire.cold+0x15d/0x385 [ 1174.545225][ T1065] ? mark_held_locks+0xf0/0xf0 [ 1174.549996][ T1065] ? unmap_page_range+0x1df4/0x2380 [ 1174.555203][ T1065] lock_acquire+0x190/0x410 [ 1174.559724][ T1065] ? __mmu_notifier_invalidate_range_start+0x210/0x210 [ 1174.566600][ T1065] __mmu_notifier_invalidate_range_end+0x3c/0x360 [ 1174.566613][ T1065] ? __mmu_notifier_invalidate_range_start+0x210/0x210 [ 1174.566627][ T1065] ? __mmu_notifier_invalidate_range_start+0x1a5/0x210 [ 1174.566648][ T1065] __oom_reap_task_mm+0x3fa/0x490 [ 1174.592486][ T1065] ? process_shares_mm+0x130/0x130 [ 1174.597582][ T1065] ? oom_reaper+0x3a7/0x1320 [ 1174.602159][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1174.608395][ T1065] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1174.613918][ T1065] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1174.619879][ T1065] ? __kasan_check_read+0x11/0x20 [ 1174.624911][ T1065] ? do_raw_spin_unlock+0x57/0x270 [ 1174.630003][ T1065] oom_reaper+0x2b2/0x1320 [ 1174.634424][ T1065] ? __oom_reap_task_mm+0x490/0x490 [ 1174.639626][ T1065] ? trace_hardirqs_on+0x67/0x240 [ 1174.644645][ T1065] ? finish_wait+0x260/0x260 [ 1174.649239][ T1065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1174.655463][ T1065] ? __kthread_parkme+0x108/0x1c0 [ 1174.660472][ T1065] ? __kasan_check_read+0x11/0x20 [ 1174.665489][ T1065] kthread+0x361/0x430 [ 1174.669538][ T1065] ? __oom_reap_task_mm+0x490/0x490 [ 1174.674715][ T1065] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1174.680935][ T1065] ret_from_fork+0x24/0x30 [ 1174.686375][ T26] audit: type=1804 audit(1568180009.983:3266): pid=23539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/730/bus" dev="sda1" ino=16678 res=1 [ 1174.752647][ T26] audit: type=1800 audit(1568180009.983:3267): pid=23539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16678 res=0 [ 1174.776729][ T1065] oom_reaper: reaped process 23461 (syz-executor.4), now anon-rss:17868kB, file-rss:42284kB, shmem-rss:0kB [ 1174.791338][T23532] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1174.827376][T23532] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1174.845226][T23542] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1174.868590][T23542] CPU: 1 PID: 23542 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1174.877730][T23542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1174.887787][T23542] Call Trace: [ 1174.891093][T23542] dump_stack+0x172/0x1f0 [ 1174.895471][T23542] dump_header+0x177/0x1152 [ 1174.899975][T23542] ? ___ratelimit+0xf8/0x595 [ 1174.904587][T23542] ? trace_hardirqs_on+0x67/0x240 [ 1174.909614][T23542] ? pagefault_out_of_memory+0x11c/0x11c [ 1174.915252][T23542] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1174.921406][T23542] ? ___ratelimit+0x60/0x595 [ 1174.925994][T23542] ? do_raw_spin_unlock+0x57/0x270 [ 1174.931109][T23542] oom_kill_process.cold+0x10/0x15 [ 1174.936222][T23542] out_of_memory+0x334/0x1340 [ 1174.940906][T23542] ? lock_downgrade+0x920/0x920 [ 1174.945861][T23542] ? oom_killer_disable+0x280/0x280 [ 1174.951068][T23542] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1174.956628][T23542] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1174.962266][T23542] ? do_raw_spin_unlock+0x57/0x270 [ 1174.967381][T23542] ? _raw_spin_unlock+0x2d/0x50 [ 1174.972244][T23542] try_charge+0xf4b/0x1440 [ 1174.976658][T23542] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1174.982215][T23542] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1174.987767][T23542] ? __kasan_check_read+0x11/0x20 [ 1174.992795][T23542] ? lock_downgrade+0x920/0x920 [ 1174.997645][T23542] ? percpu_ref_tryget_live+0x111/0x290 [ 1175.003196][T23542] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1175.008656][T23542] ? memcg_kmem_put_cache+0x50/0x50 [ 1175.013853][T23542] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1175.019398][T23542] __memcg_kmem_charge+0x13a/0x3a0 [ 1175.024427][T23461] kobject: 'kvm' (000000008c94a0b3): kobject_uevent_env [ 1175.024505][T23542] __alloc_pages_nodemask+0x4f7/0x900 [ 1175.036766][T23542] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1175.042479][T23542] ? percpu_ref_put_many+0xb6/0x190 [ 1175.047679][T23542] ? trace_hardirqs_on+0x67/0x240 [ 1175.052711][T23542] ? __kasan_check_read+0x11/0x20 [ 1175.057735][T23542] copy_process+0x3f8/0x6830 [ 1175.059493][T23461] kobject: 'kvm' (000000008c94a0b3): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 1175.062319][T23542] ? psi_memstall_leave+0x12e/0x180 [ 1175.077721][T23542] ? __kasan_check_read+0x11/0x20 [ 1175.082744][T23542] ? record_times+0x1e/0x2b0 [ 1175.087332][T23542] ? __cleanup_sighand+0x60/0x60 [ 1175.092264][T23542] ? trace_hardirqs_on+0x67/0x240 [ 1175.097291][T23542] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1175.102491][T23542] _do_fork+0x146/0xfa0 [ 1175.106645][T23542] ? copy_init_mm+0x20/0x20 [ 1175.111147][T23542] ? __kasan_check_read+0x11/0x20 [ 1175.116178][T23542] ? lock_downgrade+0x920/0x920 [ 1175.121030][T23542] ? percpu_ref_tryget_live+0x290/0x290 [ 1175.126571][T23542] __x64_sys_clone+0x1ab/0x270 [ 1175.131356][T23542] ? __ia32_sys_vfork+0xd0/0xd0 [ 1175.136194][T23542] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1175.142462][T23542] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1175.148537][T23542] ? trace_hardirqs_off_caller+0x65/0x230 [ 1175.154252][T23542] ? trace_hardirqs_on+0x67/0x240 [ 1175.159272][T23542] do_syscall_64+0xfa/0x760 [ 1175.163778][T23542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1175.164620][ T3892] kobject: 'loop5' (00000000f1c44dd2): kobject_uevent_env [ 1175.169739][T23542] RIP: 0033:0x45c2b9 [ 1175.169752][T23542] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1175.169758][T23542] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1175.169770][T23542] RAX: ffffffffffffffda RBX: 00007fb972f88700 RCX: 000000000045c2b9 [ 1175.169776][T23542] RDX: 00007fb972f889d0 RSI: 00007fb972f87db0 RDI: 00000000003d0f00 05:33:30 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) 05:33:30 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) 05:33:30 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1175.169783][T23542] RBP: 00007ffc960a1610 R08: 00007fb972f88700 R09: 00007fb972f88700 [ 1175.169789][T23542] R10: 00007fb972f889d0 R11: 0000000000000202 R12: 0000000000000000 [ 1175.169796][T23542] R13: 00007ffc960a14af R14: 00007fb972f889c0 R15: 000000000075bfd4 [ 1175.256452][T23542] memory: usage 307200kB, limit 307200kB, failcnt 20051 05:33:30 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) ioctl$VIDIOC_G_CTRL(r1, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x10) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r3, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r4, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) fallocate(r4, 0xa25bc10704eb87a1, 0x0, 0xd55) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r2, r5, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4) r6 = syz_open_dev$vcsa(&(0x7f0000000400)='/dev/vcsa#\x00', 0x0, 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000000540)=0xe8) ioctl$HCIINQUIRY(r6, 0x800448f0, &(0x7f0000000580)={r7, 0x0, 0x7, 0xffffffffffff8000, 0x1, 0x0, 0x6}) r8 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r9) syz_mount_image$erofs(&(0x7f0000000180)='erofs\x00', &(0x7f00000001c0)='./bus\x00', 0x1000, 0x2, &(0x7f0000000340)=[{&(0x7f0000000240)="ec7068dd1774c0278a3cff37f537679b18dfdb2ccdf01608e735df24e9", 0x1d, 0x80000000}, {&(0x7f0000000280)="a98e308a1a63799ae8866fb5104f620c461f16a19ebc74c1bfd857d3c81fedca0c60c8319f635184c2fe03d04ddf2a10f0a0069c5dff664bbcb7fc8ebe7163dab956af8644f4207adfdcf29a6b4f1e0a1735e2943bbf12228571cf2f9ffbef327204ca950e9a5cfb75b9e89550ff8a88d461f38d08f53864b068823264761b6f4e2ad95036efd4e68f17c72d850900dc5ac11ba20f0375056e692d406fb623b520bf8d68a2a6846a590732023fda88b022c82860fa", 0xb5, 0xa9}], 0x7c180b940834c4d4, &(0x7f0000000740)=ANY=[@ANYBLOB="6e6f61636c2c6661756c745f696e6a656374696f6e3d3000003030303030303030303030303030302c6e6f757365725f78617474722c6e6f757365725fff03000000000000626a5f747970653d2b2d282c7375626a5f726f6c653d2f6465762f3663736123002c666f776e65723c9d0b87747d31f615b540dea5d414a34d43d2a1c114ddeb1041b89e5f122d4f943f939ede812b6bbe5a5911d7541b27b67c16f47278e43ef355529daf5b903efd8f", @ANYRESDEC=r9, @ANYBLOB=',\x00']) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000140)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x13, r7}) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1175.279389][T23542] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1175.286646][T23542] Memory cgroup stats for /syz0: [ 1175.286758][T23542] anon 297902080 [ 1175.286758][T23542] file 6000640 [ 1175.286758][T23542] kernel_stack 851968 [ 1175.286758][T23542] slab 5820416 [ 1175.286758][T23542] sock 0 [ 1175.286758][T23542] shmem 0 [ 1175.286758][T23542] file_mapped 5947392 [ 1175.286758][T23542] file_dirty 0 [ 1175.286758][T23542] file_writeback 0 [ 1175.286758][T23542] anon_thp 46137344 [ 1175.286758][T23542] inactive_anon 269971456 [ 1175.286758][T23542] active_anon 1486848 [ 1175.286758][T23542] inactive_file 184320 [ 1175.286758][T23542] active_file 98304 [ 1175.286758][T23542] unevictable 32591872 [ 1175.286758][T23542] slab_reclaimable 1351680 [ 1175.286758][T23542] slab_unreclaimable 4468736 [ 1175.286758][T23542] pgfault 1144539 [ 1175.286758][T23542] pgmajfault 198 [ 1175.286758][T23542] workingset_refault 30063 [ 1175.286758][T23542] workingset_activate 2013 [ 1175.286758][T23542] workingset_nodereclaim 0 [ 1175.286758][T23542] pgrefill 38164 [ 1175.286758][T23542] pgscan 59358 05:33:30 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x3f000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1175.286758][T23542] pgsteal 37732 [ 1175.347689][ T3892] kobject: 'loop5' (00000000f1c44dd2): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1175.389124][T23542] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23542,uid=0 [ 1175.465495][ T3892] kobject: 'loop2' (00000000dab98bfc): kobject_uevent_env [ 1175.472882][ T8887] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1175.483389][T23542] Memory cgroup out of memory: Killed process 23542 (syz-executor.0) total-vm:72708kB, anon-rss:17852kB, file-rss:40988kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1175.483937][ T8887] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1175.520959][ T3892] kobject: 'loop2' (00000000dab98bfc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1175.544954][ T3892] kobject: 'loop3' (00000000b67b0535): kobject_uevent_env [ 1175.559903][ T3892] kobject: 'loop3' (00000000b67b0535): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1175.606978][ T3892] kobject: 'loop4' (0000000054f090af): kobject_uevent_env [ 1175.625493][T23564] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1175.635053][ T3892] kobject: 'loop4' (0000000054f090af): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1175.648025][T23564] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1175.807895][T23564] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1175.815203][T23564] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1175.841350][ T26] audit: type=1804 audit(1568180011.313:3268): pid=23573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/493/bus" dev="sda1" ino=16665 res=1 05:33:31 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) mkdir(&(0x7f0000000000)='./bus\x00', 0x10) open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) [ 1175.929945][ T26] audit: type=1800 audit(1568180011.343:3269): pid=23573 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16665 res=0 [ 1175.965068][T23564] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1175.990411][T23564] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1176.007597][T23558] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1176.063454][ T26] audit: type=1804 audit(1568180011.463:3270): pid=23557 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/731/bus" dev="sda1" ino=16634 res=1 05:33:31 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1176.112939][T23558] CPU: 1 PID: 23558 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1176.122082][T23558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1176.132151][T23558] Call Trace: [ 1176.135452][T23558] dump_stack+0x172/0x1f0 [ 1176.139791][T23558] dump_header+0x177/0x1152 [ 1176.144300][T23558] ? ___ratelimit+0xf8/0x595 [ 1176.148895][T23558] ? trace_hardirqs_on+0x67/0x240 [ 1176.153924][T23558] ? pagefault_out_of_memory+0x11c/0x11c [ 1176.154485][ T26] audit: type=1800 audit(1568180011.463:3271): pid=23557 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16634 res=0 [ 1176.159551][T23558] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1176.159584][T23558] ? ___ratelimit+0x60/0x595 [ 1176.159597][T23558] ? do_raw_spin_unlock+0x57/0x270 [ 1176.159612][T23558] oom_kill_process.cold+0x10/0x15 [ 1176.159623][T23558] out_of_memory+0x334/0x1340 [ 1176.159641][T23558] ? lock_downgrade+0x920/0x920 [ 1176.209996][T23558] ? oom_killer_disable+0x280/0x280 [ 1176.215196][T23558] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1176.220736][T23558] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1176.226372][T23558] ? do_raw_spin_unlock+0x57/0x270 [ 1176.231490][T23558] ? _raw_spin_unlock+0x2d/0x50 [ 1176.236345][T23558] try_charge+0xf4b/0x1440 [ 1176.240787][T23558] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1176.246426][T23558] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1176.251968][T23558] ? __kasan_check_read+0x11/0x20 [ 1176.256993][T23558] ? lock_downgrade+0x920/0x920 [ 1176.261840][T23558] ? percpu_ref_tryget_live+0x111/0x290 [ 1176.267390][T23558] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1176.272851][T23558] ? memcg_kmem_put_cache+0x50/0x50 [ 1176.278058][T23558] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1176.283613][T23558] __memcg_kmem_charge+0x13a/0x3a0 [ 1176.288722][T23558] __alloc_pages_nodemask+0x4f7/0x900 [ 1176.294105][T23558] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1176.299821][T23558] ? percpu_ref_put_many+0xb6/0x190 [ 1176.305024][T23558] ? trace_hardirqs_on+0x67/0x240 [ 1176.310058][T23558] ? __kasan_check_read+0x11/0x20 [ 1176.315087][T23558] copy_process+0x3f8/0x6830 [ 1176.319684][T23558] ? psi_memstall_leave+0x12e/0x180 [ 1176.324879][T23558] ? __kasan_check_read+0x11/0x20 [ 1176.329899][T23558] ? record_times+0x1e/0x2b0 [ 1176.334492][T23558] ? __cleanup_sighand+0x60/0x60 [ 1176.339449][T23558] ? trace_hardirqs_on+0x67/0x240 [ 1176.344481][T23558] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1176.349684][T23558] _do_fork+0x146/0xfa0 [ 1176.353836][T23558] ? copy_init_mm+0x20/0x20 [ 1176.358334][T23558] ? __kasan_check_read+0x11/0x20 [ 1176.363353][T23558] ? lock_downgrade+0x920/0x920 [ 1176.368202][T23558] ? percpu_ref_tryget_live+0x290/0x290 [ 1176.373744][T23558] __x64_sys_clone+0x1ab/0x270 [ 1176.378505][T23558] ? __ia32_sys_vfork+0xd0/0xd0 [ 1176.383613][T23558] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1176.389857][T23558] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1176.395917][T23558] ? trace_hardirqs_off_caller+0x65/0x230 [ 1176.401633][T23558] ? trace_hardirqs_on+0x67/0x240 [ 1176.406657][T23558] do_syscall_64+0xfa/0x760 [ 1176.411162][T23558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1176.417048][T23558] RIP: 0033:0x45c2b9 [ 1176.420939][T23558] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1176.440544][T23558] RSP: 002b:00007ffe7a181cd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1176.448958][T23558] RAX: ffffffffffffffda RBX: 00007fc354395700 RCX: 000000000045c2b9 [ 1176.456931][T23558] RDX: 00007fc3543959d0 RSI: 00007fc354394db0 RDI: 00000000003d0f00 [ 1176.464917][T23558] RBP: 00007ffe7a181ef0 R08: 00007fc354395700 R09: 00007fc354395700 [ 1176.472888][T23558] R10: 00007fc3543959d0 R11: 0000000000000202 R12: 0000000000000000 [ 1176.480873][T23558] R13: 00007ffe7a181d8f R14: 00007fc3543959c0 R15: 000000000075c07c 05:33:32 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x40000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1176.494326][T23558] memory: usage 307200kB, limit 307200kB, failcnt 38411 05:33:32 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) seccomp(0x0, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0xfffffffffffffffe, 0x3, 0x7, 0x10001}, {0x101, 0xffffffff}, {0x1, 0x6, 0x1, 0x8000}]}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1176.494335][T23558] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1176.494339][T23558] Memory cgroup stats for /syz4: [ 1176.494438][T23558] anon 302706688 [ 1176.494438][T23558] file 4435968 [ 1176.494438][T23558] kernel_stack 655360 [ 1176.494438][T23558] slab 3657728 [ 1176.494438][T23558] sock 0 [ 1176.494438][T23558] shmem 0 [ 1176.494438][T23558] file_mapped 4325376 [ 1176.494438][T23558] file_dirty 0 [ 1176.494438][T23558] file_writeback 0 [ 1176.494438][T23558] anon_thp 209715200 [ 1176.494438][T23558] inactive_anon 254836736 [ 1176.494438][T23558] active_anon 4669440 [ 1176.494438][T23558] inactive_file 0 [ 1176.494438][T23558] active_file 94208 [ 1176.494438][T23558] unevictable 47808512 [ 1176.494438][T23558] slab_reclaimable 1216512 [ 1176.494438][T23558] slab_unreclaimable 2441216 [ 1176.494438][T23558] pgfault 1489290 [ 1176.494438][T23558] pgmajfault 660 [ 1176.494438][T23558] workingset_refault 69498 [ 1176.494438][T23558] workingset_activate 19041 [ 1176.494438][T23558] workingset_nodereclaim 0 [ 1176.494438][T23558] pgrefill 95724 [ 1176.494438][T23558] pgscan 127255 [ 1176.494438][T23558] pgsteal 86427 [ 1176.494454][T23558] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23558,uid=0 [ 1176.494540][T23558] Memory cgroup out of memory: Killed process 23558 (syz-executor.4) total-vm:72840kB, anon-rss:17824kB, file-rss:41444kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1176.498227][ T26] audit: type=1804 audit(1568180011.963:3272): pid=23588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/645/bus" dev="sda1" ino=16610 res=1 [ 1176.498250][ T26] audit: type=1800 audit(1568180011.963:3273): pid=23588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16610 res=0 [ 1176.499603][ T3892] kobject: 'loop2' (00000000dab98bfc): kobject_uevent_env [ 1176.499641][ T3892] kobject: 'loop2' (00000000dab98bfc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1176.692483][T23582] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1176.692503][T23582] CPU: 1 PID: 23582 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1176.692511][T23582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1176.692517][T23582] Call Trace: [ 1176.692541][T23582] dump_stack+0x172/0x1f0 [ 1176.692561][T23582] dump_header+0x177/0x1152 [ 1176.692574][T23582] ? ___ratelimit+0xf8/0x595 [ 1176.692591][T23582] ? trace_hardirqs_on+0x67/0x240 [ 1176.692606][T23582] ? pagefault_out_of_memory+0x11c/0x11c [ 1176.692631][T23582] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1176.692643][T23582] ? ___ratelimit+0x60/0x595 [ 1176.692657][T23582] ? do_raw_spin_unlock+0x57/0x270 [ 1176.692672][T23582] oom_kill_process.cold+0x10/0x15 [ 1176.692687][T23582] out_of_memory+0x334/0x1340 [ 1176.692701][T23582] ? lock_downgrade+0x920/0x920 [ 1176.692718][T23582] ? oom_killer_disable+0x280/0x280 [ 1176.692734][T23582] ? __kasan_check_read+0x11/0x20 [ 1176.692754][T23582] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1176.692768][T23582] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1176.692782][T23582] ? do_raw_spin_unlock+0x57/0x270 [ 1176.692797][T23582] ? _raw_spin_unlock+0x2d/0x50 [ 1176.692818][T23582] try_charge+0xf4b/0x1440 [ 1176.692837][T23582] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1176.692851][T23582] ? percpu_ref_tryget_live+0x111/0x290 [ 1176.692866][T23582] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1176.692884][T23582] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1176.692898][T23582] mem_cgroup_try_charge+0x136/0x590 [ 1176.692918][T23582] __add_to_page_cache_locked+0x43f/0xec0 [ 1176.692931][T23582] ? __kasan_check_read+0x11/0x20 [ 1176.692948][T23582] ? unaccount_page_cache_page+0xda0/0xda0 [ 1176.692960][T23582] ? __alloc_pages_nodemask+0x57b/0x900 [ 1176.692971][T23582] ? xas_descend+0x144/0x370 [ 1176.692990][T23582] ? shadow_lru_isolate+0x430/0x430 [ 1176.693009][T23582] add_to_page_cache_lru+0x1d8/0x790 [ 1176.693025][T23582] ? add_to_page_cache_locked+0x40/0x40 [ 1176.693039][T23582] ? __page_cache_alloc+0x116/0x490 [ 1176.693053][T23582] pagecache_get_page+0x3be/0x900 [ 1176.693068][T23582] filemap_fault+0x901/0x2b70 [ 1176.693077][T23582] ? __kasan_check_read+0x11/0x20 [ 1176.693088][T23582] ? mark_held_locks+0xf0/0xf0 [ 1176.693101][T23582] ? lock_downgrade+0x920/0x920 [ 1176.693113][T23582] ? alloc_set_pte+0xb7a/0x1780 [ 1176.693129][T23582] ? pagecache_get_page+0x900/0x900 [ 1176.693141][T23582] ? __kasan_check_write+0x14/0x20 [ 1176.693152][T23582] ? down_read+0x109/0x430 [ 1176.693164][T23582] ? down_read_killable+0x490/0x490 [ 1176.693176][T23582] ? lock_downgrade+0x920/0x920 [ 1176.693193][T23582] ext4_filemap_fault+0x86/0xb2 [ 1176.693205][T23582] __do_fault+0x111/0x540 [ 1176.693215][T23582] ? do_raw_spin_unlock+0x57/0x270 [ 1176.693228][T23582] __handle_mm_fault+0x2cb8/0x3f20 [ 1176.693244][T23582] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1176.693255][T23582] ? __kasan_check_read+0x11/0x20 [ 1176.693266][T23582] ? do_raw_spin_unlock+0x57/0x270 [ 1176.693284][T23582] ? trace_hardirqs_on+0x67/0x240 [ 1176.693299][T23582] handle_mm_fault+0x1b5/0x6c0 05:33:32 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x60104400}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x2c8, r2, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xe7e}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x54}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xe776}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100000000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2800000000000}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x148, 0x5, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1843}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdf00}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9c22}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f000000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4df}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}]}, @TIPC_NLA_SOCK={0x38, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x269}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffeffffffff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}]}, @TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7c34}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000000}]}, @TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x3, @remote, 0x100000001}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xbf, @local, 0x101}}}}]}]}, 0x2c8}, 0x1, 0x0, 0x0, 0x4001}, 0x10000008) openat$vfio(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vfio/vfio\x00', 0x420000, 0x0) [ 1176.693311][T23582] __get_user_pages+0x7d4/0x1b30 [ 1176.693321][T23582] ? mark_held_locks+0xf0/0xf0 [ 1176.693334][T23582] ? follow_page_mask+0x1cf0/0x1cf0 [ 1176.693342][T23582] ? __mm_populate+0x270/0x380 [ 1176.693354][T23582] ? __kasan_check_write+0x14/0x20 [ 1176.693362][T23582] ? down_read+0x109/0x430 [ 1176.693376][T23582] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1176.693387][T23582] populate_vma_page_range+0x20d/0x2a0 [ 1176.693398][T23582] __mm_populate+0x204/0x380 05:33:32 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1176.693410][T23582] ? populate_vma_page_range+0x2a0/0x2a0 [ 1176.693419][T23582] ? __kasan_check_write+0x14/0x20 [ 1176.693428][T23582] ? up_write+0x155/0x490 [ 1176.693439][T23582] ? ns_capable_common+0x93/0x100 [ 1176.693451][T23582] __x64_sys_mlockall+0x473/0x520 [ 1176.693465][T23582] do_syscall_64+0xfa/0x760 [ 1176.693480][T23582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1176.693491][T23582] RIP: 0033:0x4598e9 05:33:32 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1176.693507][T23582] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1176.693514][T23582] RSP: 002b:00007fb972fa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1176.693528][T23582] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1176.693536][T23582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1176.693543][T23582] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1176.693551][T23582] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb972fa96d4 05:33:32 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1176.693559][T23582] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1176.695858][T23582] memory: usage 307200kB, limit 307200kB, failcnt 20352 [ 1176.695868][T23582] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1176.695872][T23582] Memory cgroup stats for /syz0: [ 1176.695990][T23582] anon 297996288 [ 1176.695990][T23582] file 6000640 [ 1176.695990][T23582] kernel_stack 917504 [ 1176.695990][T23582] slab 5820416 [ 1176.695990][T23582] sock 0 [ 1176.695990][T23582] shmem 0 [ 1176.695990][T23582] file_mapped 5947392 [ 1176.695990][T23582] file_dirty 0 [ 1176.695990][T23582] file_writeback 0 [ 1176.695990][T23582] anon_thp 50331648 [ 1176.695990][T23582] inactive_anon 269971456 [ 1176.695990][T23582] active_anon 1486848 [ 1176.695990][T23582] inactive_file 184320 [ 1176.695990][T23582] active_file 36864 [ 1176.695990][T23582] unevictable 32460800 [ 1176.695990][T23582] slab_reclaimable 1351680 [ 1176.695990][T23582] slab_unreclaimable 4468736 [ 1176.695990][T23582] pgfault 1148103 [ 1176.695990][T23582] pgmajfault 231 [ 1176.695990][T23582] workingset_refault 30195 [ 1176.695990][T23582] workingset_activate 2046 [ 1176.695990][T23582] workingset_nodereclaim 0 [ 1176.695990][T23582] pgrefill 38248 [ 1176.695990][T23582] pgscan 59565 [ 1176.695990][T23582] pgsteal 37941 [ 1176.696006][T23582] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23580,uid=0 [ 1176.696081][T23582] Memory cgroup out of memory: Killed process 23580 (syz-executor.0) total-vm:72708kB, anon-rss:17856kB, file-rss:39096kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1176.696713][ T1065] oom_reaper: reaped process 23580 (syz-executor.0), now anon-rss:17868kB, file-rss:40060kB, shmem-rss:0kB [ 1176.847557][ T8887] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1176.847608][ T8887] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1176.852917][ T3892] kobject: 'loop4' (0000000054f090af): kobject_uevent_env [ 1177.236340][T23599] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1177.237458][ T3892] kobject: 'loop4' (0000000054f090af): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1177.244925][T23599] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1177.540757][T23604] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1177.604802][ T3892] kobject: 'loop3' (00000000b67b0535): kobject_uevent_env [ 1177.604840][ T3892] kobject: 'loop3' (00000000b67b0535): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1177.614977][ T3892] kobject: 'loop2' (00000000dab98bfc): kobject_uevent_env [ 1177.615015][ T3892] kobject: 'loop2' (00000000dab98bfc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1177.632207][ T3892] kobject: 'loop5' (00000000f1c44dd2): kobject_uevent_env 05:33:33 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0x8cffffff, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1177.632242][ T3892] kobject: 'loop5' (00000000f1c44dd2): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1177.707644][T23599] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1177.707693][T23599] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1177.757448][T23604] CPU: 1 PID: 23604 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1177.757457][T23604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1177.757462][T23604] Call Trace: [ 1177.757486][T23604] dump_stack+0x172/0x1f0 [ 1177.757505][T23604] dump_header+0x177/0x1152 [ 1177.757518][T23604] ? ___ratelimit+0xf8/0x595 [ 1177.757537][T23604] ? trace_hardirqs_on+0x67/0x240 [ 1177.757550][T23604] ? pagefault_out_of_memory+0x11c/0x11c [ 1177.757567][T23604] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1177.757578][T23604] ? ___ratelimit+0x60/0x595 [ 1177.757593][T23604] ? do_raw_spin_unlock+0x57/0x270 [ 1177.757606][T23604] oom_kill_process.cold+0x10/0x15 [ 1177.757618][T23604] out_of_memory+0x334/0x1340 [ 1177.757633][T23604] ? lock_downgrade+0x920/0x920 [ 1177.757648][T23604] ? oom_killer_disable+0x280/0x280 [ 1177.757663][T23604] ? __kasan_check_read+0x11/0x20 [ 1177.757681][T23604] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1177.757695][T23604] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1177.757709][T23604] ? do_raw_spin_unlock+0x57/0x270 [ 1177.757723][T23604] ? _raw_spin_unlock+0x2d/0x50 05:33:33 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r1, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r2, 0x101, 0xc, &(0x7f0000000000), &(0x7f0000000080)=0x4) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r3, 0x101, 0x8, &(0x7f0000000040), &(0x7f0000000280)=0xfffffffffffffee6) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0xc596112574ad17ca, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r5, 0x4010ae94, &(0x7f00000002c0)={0x4, 0x2, 0x3}) getsockopt$ax25_int(r4, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x400, 0x0) getsockopt$ax25_int(r6, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r7 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r7, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000140)={0x0, 0x0, 0x6, 0x0, 0x0, [{r2, 0x0, 0x5}, {r3, 0x0, 0x400}, {r4, 0x0, 0x3}, {r6, 0x0, 0x3}, {r7, 0x0, 0x7f}, {r0, 0x0, 0xfe00}]}) fallocate(r0, 0x0, 0x0, 0x1000f4) open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) [ 1177.757737][T23604] try_charge+0xf4b/0x1440 [ 1177.757755][T23604] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1177.757767][T23604] ? percpu_ref_tryget_live+0x111/0x290 [ 1177.757781][T23604] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1177.757800][T23604] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1177.757814][T23604] mem_cgroup_try_charge+0x136/0x590 [ 1177.757831][T23604] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1177.757846][T23604] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1177.757864][T23604] __handle_mm_fault+0x1e34/0x3f20 [ 1177.757880][T23604] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1177.757891][T23604] ? __kasan_check_read+0x11/0x20 [ 1177.757909][T23604] ? trace_hardirqs_on+0x67/0x240 [ 1177.757923][T23604] handle_mm_fault+0x1b5/0x6c0 [ 1177.757940][T23604] __do_page_fault+0x536/0xdd0 [ 1177.757957][T23604] do_page_fault+0x38/0x590 [ 1177.757970][T23604] page_fault+0x39/0x40 [ 1177.757980][T23604] RIP: 0033:0x41122f [ 1177.757994][T23604] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1177.758001][T23604] RSP: 002b:00007ffc960a1440 EFLAGS: 00010206 [ 1177.758011][T23604] RAX: 00007fb972f68000 RBX: 0000000000020000 RCX: 000000000045993a [ 1177.758019][T23604] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1177.758026][T23604] RBP: 00007ffc960a1520 R08: ffffffffffffffff R09: 0000000000000000 [ 1177.758034][T23604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc960a1610 [ 1177.758041][T23604] R13: 00007fb972f88700 R14: 0000000000000001 R15: 000000000075bfd4 [ 1177.758121][T23604] memory: usage 307196kB, limit 307200kB, failcnt 20454 [ 1177.758130][T23604] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1177.758132][T23604] Memory cgroup stats for /syz0: [ 1177.758238][T23604] anon 298082304 [ 1177.758238][T23604] file 6000640 [ 1177.758238][T23604] kernel_stack 851968 [ 1177.758238][T23604] slab 5820416 [ 1177.758238][T23604] sock 0 [ 1177.758238][T23604] shmem 0 [ 1177.758238][T23604] file_mapped 6082560 [ 1177.758238][T23604] file_dirty 0 [ 1177.758238][T23604] file_writeback 0 [ 1177.758238][T23604] anon_thp 50331648 [ 1177.758238][T23604] inactive_anon 269787136 [ 1177.758238][T23604] active_anon 1486848 [ 1177.758238][T23604] inactive_file 49152 [ 1177.758238][T23604] active_file 36864 [ 1177.758238][T23604] unevictable 32628736 [ 1177.758238][T23604] slab_reclaimable 1351680 [ 1177.758238][T23604] slab_unreclaimable 4468736 [ 1177.758238][T23604] pgfault 1151667 [ 1177.758238][T23604] pgmajfault 231 [ 1177.758238][T23604] workingset_refault 30228 [ 1177.758238][T23604] workingset_activate 2046 [ 1177.758238][T23604] workingset_nodereclaim 0 [ 1177.758238][T23604] pgrefill 38281 [ 1177.758238][T23604] pgscan 59631 [ 1177.758238][T23604] pgsteal 37941 [ 1177.758251][T23604] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23604,uid=0 [ 1177.758328][T23604] Memory cgroup out of memory: Killed process 23604 (syz-executor.0) total-vm:72708kB, anon-rss:17856kB, file-rss:39288kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1177.758600][ T1065] oom_reaper: reaped process 23604 (syz-executor.0), now anon-rss:17868kB, file-rss:40252kB, shmem-rss:0kB [ 1177.763777][T23602] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1177.763796][T23602] CPU: 1 PID: 23602 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1177.763804][T23602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1177.763809][T23602] Call Trace: [ 1177.763833][T23602] dump_stack+0x172/0x1f0 [ 1177.763852][T23602] dump_header+0x177/0x1152 [ 1177.763866][T23602] ? ___ratelimit+0xf8/0x595 [ 1177.763883][T23602] ? trace_hardirqs_on+0x67/0x240 [ 1177.763897][T23602] ? pagefault_out_of_memory+0x11c/0x11c [ 1177.763915][T23602] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1177.763927][T23602] ? ___ratelimit+0x60/0x595 [ 1177.763941][T23602] ? do_raw_spin_unlock+0x57/0x270 [ 1177.763957][T23602] oom_kill_process.cold+0x10/0x15 [ 1177.763971][T23602] out_of_memory+0x334/0x1340 [ 1177.763986][T23602] ? lock_downgrade+0x920/0x920 [ 1177.764002][T23602] ? oom_killer_disable+0x280/0x280 [ 1177.764019][T23602] ? __kasan_check_read+0x11/0x20 [ 1177.764037][T23602] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1177.764051][T23602] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1177.764065][T23602] ? do_raw_spin_unlock+0x57/0x270 [ 1177.764080][T23602] ? _raw_spin_unlock+0x2d/0x50 [ 1177.764096][T23602] try_charge+0xf4b/0x1440 [ 1177.764116][T23602] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1177.764129][T23602] ? percpu_ref_tryget_live+0x111/0x290 05:33:34 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r2, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x12) getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) dup(r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1177.764144][T23602] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1177.764163][T23602] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1177.764177][T23602] mem_cgroup_try_charge+0x136/0x590 [ 1177.764192][T23602] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1177.764207][T23602] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1177.764224][T23602] __handle_mm_fault+0x1e34/0x3f20 [ 1177.764241][T23602] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1177.764253][T23602] ? __kasan_check_read+0x11/0x20 [ 1177.764265][T23602] ? do_raw_spin_unlock+0x57/0x270 05:33:34 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1177.764285][T23602] ? trace_hardirqs_on+0x67/0x240 [ 1177.764303][T23602] handle_mm_fault+0x1b5/0x6c0 [ 1177.764319][T23602] __get_user_pages+0x7d4/0x1b30 [ 1177.764332][T23602] ? mark_held_locks+0xf0/0xf0 [ 1177.764350][T23602] ? follow_page_mask+0x1cf0/0x1cf0 [ 1177.764361][T23602] ? __mm_populate+0x270/0x380 [ 1177.764376][T23602] ? memset+0x32/0x40 [ 1177.764392][T23602] populate_vma_page_range+0x20d/0x2a0 [ 1177.764407][T23602] __mm_populate+0x204/0x380 [ 1177.764423][T23602] ? populate_vma_page_range+0x2a0/0x2a0 [ 1177.764434][T23602] ? up_write+0x1c8/0x490 [ 1177.764455][T23602] __x64_sys_mremap+0x7dc/0xb80 [ 1177.764471][T23602] ? mremap_to+0x750/0x750 [ 1177.764490][T23602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1177.764505][T23602] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1177.764521][T23602] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1177.764533][T23602] ? trace_hardirqs_off_caller+0x65/0x230 [ 1177.764544][T23602] ? trace_hardirqs_on+0x67/0x240 [ 1177.764563][T23602] do_syscall_64+0xfa/0x760 [ 1177.764581][T23602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1177.764591][T23602] RIP: 0033:0x4598e9 [ 1177.764606][T23602] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1177.764612][T23602] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1177.764625][T23602] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1177.764633][T23602] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1177.764640][T23602] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1177.764648][T23602] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1177.764655][T23602] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1177.764673][T23602] memory: usage 307200kB, limit 307200kB, failcnt 38802 [ 1177.764681][T23602] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1177.764684][T23602] Memory cgroup stats for /syz4: [ 1177.764819][T23602] anon 298389504 [ 1177.764819][T23602] file 8568832 [ 1177.764819][T23602] kernel_stack 720896 [ 1177.764819][T23602] slab 3657728 [ 1177.764819][T23602] sock 0 [ 1177.764819][T23602] shmem 0 [ 1177.764819][T23602] file_mapped 8650752 [ 1177.764819][T23602] file_dirty 0 [ 1177.764819][T23602] file_writeback 0 [ 1177.764819][T23602] anon_thp 209715200 [ 1177.764819][T23602] inactive_anon 254701568 [ 1177.764819][T23602] active_anon 4669440 [ 1177.764819][T23602] inactive_file 0 [ 1177.764819][T23602] active_file 172032 [ 1177.764819][T23602] unevictable 47673344 [ 1177.764819][T23602] slab_reclaimable 1216512 [ 1177.764819][T23602] slab_unreclaimable 2441216 [ 1177.764819][T23602] pgfault 1495065 [ 1177.764819][T23602] pgmajfault 693 [ 1177.764819][T23602] workingset_refault 70983 [ 1177.764819][T23602] workingset_activate 19239 [ 1177.764819][T23602] workingset_nodereclaim 0 [ 1177.764819][T23602] pgrefill 96085 [ 1177.764819][T23602] pgscan 127932 [ 1177.764819][T23602] pgsteal 86820 [ 1177.764834][T23602] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23596,uid=0 [ 1177.764926][T23602] Memory cgroup out of memory: Killed process 23596 (syz-executor.4) total-vm:72964kB, anon-rss:13324kB, file-rss:44980kB, shmem-rss:0kB, UID:0 pgtables:180224kB oom_score_adj:1000 [ 1177.788387][T23599] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1177.788427][T23599] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1177.862444][T23599] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1177.862490][T23599] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1177.867439][ T1065] oom_reaper: reaped process 23596 (syz-executor.4), now anon-rss:13612kB, file-rss:46712kB, shmem-rss:0kB [ 1178.064313][T23630] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1178.772707][T23635] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1178.792501][T23630] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1178.796562][T23635] CPU: 1 PID: 23635 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1178.864348][ T3892] kobject: 'loop4' (0000000054f090af): kobject_uevent_env [ 1178.947963][T23635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1178.947971][T23635] Call Trace: [ 1178.948003][T23635] dump_stack+0x172/0x1f0 [ 1178.948019][T23635] dump_header+0x177/0x1152 [ 1178.948031][T23635] ? ___ratelimit+0xf8/0x595 [ 1178.948043][T23635] ? trace_hardirqs_on+0x67/0x240 [ 1178.948055][T23635] ? pagefault_out_of_memory+0x11c/0x11c [ 1178.948070][T23635] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1178.948079][T23635] ? ___ratelimit+0x60/0x595 [ 1178.948090][T23635] ? do_raw_spin_unlock+0x57/0x270 [ 1178.948102][T23635] oom_kill_process.cold+0x10/0x15 [ 1178.948113][T23635] out_of_memory+0x334/0x1340 [ 1178.948135][T23635] ? lock_downgrade+0x920/0x920 [ 1178.975095][ T3892] kobject: 'loop4' (0000000054f090af): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1178.982423][T23635] ? oom_killer_disable+0x280/0x280 [ 1178.982439][T23635] ? __kasan_check_read+0x11/0x20 [ 1178.982457][T23635] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1178.982470][T23635] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1178.982485][T23635] ? do_raw_spin_unlock+0x57/0x270 [ 1178.982502][T23635] ? _raw_spin_unlock+0x2d/0x50 [ 1178.982522][T23635] try_charge+0xf4b/0x1440 [ 1179.192608][T23635] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1179.192623][T23635] ? percpu_ref_tryget_live+0x111/0x290 [ 1179.192638][T23635] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1179.192655][T23635] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1179.192668][T23635] mem_cgroup_try_charge+0x136/0x590 [ 1179.192690][T23635] __add_to_page_cache_locked+0x43f/0xec0 [ 1179.192706][T23635] ? __kasan_check_read+0x11/0x20 [ 1179.192722][T23635] ? unaccount_page_cache_page+0xda0/0xda0 [ 1179.192736][T23635] ? __alloc_pages_nodemask+0x57b/0x900 [ 1179.192753][T23635] ? xas_descend+0x144/0x370 [ 1179.192772][T23635] ? shadow_lru_isolate+0x430/0x430 [ 1179.192791][T23635] add_to_page_cache_lru+0x1d8/0x790 [ 1179.192809][T23635] ? add_to_page_cache_locked+0x40/0x40 [ 1179.192830][T23635] ? __page_cache_alloc+0x116/0x490 [ 1179.192847][T23635] pagecache_get_page+0x3be/0x900 [ 1179.192865][T23635] filemap_fault+0x901/0x2b70 [ 1179.192876][T23635] ? __kasan_check_read+0x11/0x20 [ 1179.192893][T23635] ? mark_held_locks+0xf0/0xf0 [ 1179.192907][T23635] ? lock_downgrade+0x920/0x920 [ 1179.192921][T23635] ? alloc_set_pte+0xb7a/0x1780 [ 1179.192939][T23635] ? pagecache_get_page+0x900/0x900 [ 1179.192954][T23635] ? __kasan_check_write+0x14/0x20 [ 1179.192968][T23635] ? down_read+0x109/0x430 [ 1179.192982][T23635] ? down_read_killable+0x490/0x490 [ 1179.192997][T23635] ? lock_downgrade+0x920/0x920 [ 1179.193016][T23635] ext4_filemap_fault+0x86/0xb2 [ 1179.193029][T23635] __do_fault+0x111/0x540 [ 1179.193042][T23635] ? do_raw_spin_unlock+0x57/0x270 [ 1179.193058][T23635] __handle_mm_fault+0x2cb8/0x3f20 [ 1179.193076][T23635] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1179.193088][T23635] ? __kasan_check_read+0x11/0x20 [ 1179.193100][T23635] ? do_raw_spin_unlock+0x57/0x270 [ 1179.193120][T23635] ? trace_hardirqs_on+0x67/0x240 [ 1179.193138][T23635] handle_mm_fault+0x1b5/0x6c0 [ 1179.193153][T23635] __get_user_pages+0x7d4/0x1b30 [ 1179.193166][T23635] ? mark_held_locks+0xf0/0xf0 [ 1179.193185][T23635] ? follow_page_mask+0x1cf0/0x1cf0 [ 1179.193197][T23635] ? __mm_populate+0x270/0x380 [ 1179.193213][T23635] ? __kasan_check_write+0x14/0x20 [ 1179.193226][T23635] ? down_read+0x109/0x430 [ 1179.193244][T23635] ? __sanitizer_cov_trace_cmp8+0x18/0x20 05:33:34 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1179.193260][T23635] populate_vma_page_range+0x20d/0x2a0 [ 1179.193276][T23635] __mm_populate+0x204/0x380 [ 1179.193292][T23635] ? populate_vma_page_range+0x2a0/0x2a0 [ 1179.193305][T23635] ? __kasan_check_write+0x14/0x20 [ 1179.193318][T23635] ? up_write+0x155/0x490 [ 1179.193331][T23635] ? ns_capable_common+0x93/0x100 [ 1179.193348][T23635] __x64_sys_mlockall+0x473/0x520 [ 1179.193366][T23635] do_syscall_64+0xfa/0x760 [ 1179.193385][T23635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1179.193396][T23635] RIP: 0033:0x4598e9 [ 1179.193413][T23635] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1179.193421][T23635] RSP: 002b:00007fb972fa8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1179.193434][T23635] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 [ 1179.193442][T23635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1179.193450][T23635] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1179.193458][T23635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb972fa96d4 [ 1179.193465][T23635] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1179.209686][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 1179.209702][ T26] audit: type=1804 audit(1568180014.683:3284): pid=23644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir832999912/syzkaller.0K2fAp/495/bus" dev="sda1" ino=16710 res=1 [ 1179.209860][ T26] audit: type=1800 audit(1568180014.683:3285): pid=23644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16710 res=0 [ 1179.217352][T23635] memory: usage 307200kB, limit 307200kB, failcnt 20763 [ 1179.595859][T23635] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1179.599376][ T3892] kobject: 'loop2' (00000000dab98bfc): kobject_uevent_env [ 1179.608558][T23635] Memory cgroup stats for /syz0: [ 1179.608712][T23635] anon 298057728 [ 1179.608712][T23635] file 5861376 [ 1179.608712][T23635] kernel_stack 851968 [ 1179.608712][T23635] slab 5820416 [ 1179.608712][T23635] sock 0 [ 1179.608712][T23635] shmem 0 [ 1179.608712][T23635] file_mapped 5812224 [ 1179.608712][T23635] file_dirty 0 [ 1179.608712][T23635] file_writeback 0 [ 1179.608712][T23635] anon_thp 46137344 [ 1179.608712][T23635] inactive_anon 269787136 [ 1179.608712][T23635] active_anon 1486848 [ 1179.608712][T23635] inactive_file 49152 [ 1179.608712][T23635] active_file 90112 [ 1179.608712][T23635] unevictable 32452608 [ 1179.608712][T23635] slab_reclaimable 1351680 [ 1179.608712][T23635] slab_unreclaimable 4468736 [ 1179.608712][T23635] pgfault 1156353 [ 1179.608712][T23635] pgmajfault 264 [ 1179.608712][T23635] workingset_refault 30525 [ 1179.608712][T23635] workingset_activate 2112 [ 1179.608712][T23635] workingset_nodereclaim 0 [ 1179.608712][T23635] pgrefill 38471 [ 1179.608712][T23635] pgscan 59996 [ 1179.608712][T23635] pgsteal 38260 [ 1179.620000][ T3892] kobject: 'loop2' (00000000dab98bfc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1179.737096][T23635] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23634,uid=0 [ 1179.780918][ T3892] kobject: 'loop5' (00000000f1c44dd2): kobject_uevent_env [ 1179.799327][ T3892] kobject: 'loop5' (00000000f1c44dd2): fill_kobj_path: path = '/devices/virtual/block/loop5' 05:33:35 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1179.830480][T23630] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1179.847450][T23630] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1179.872287][ T3892] kobject: 'loop3' (00000000b67b0535): kobject_uevent_env [ 1179.892961][T23635] Memory cgroup out of memory: Killed process 23634 (syz-executor.0) total-vm:72840kB, anon-rss:17852kB, file-rss:40700kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1179.929612][ T3892] kobject: 'loop3' (00000000b67b0535): fill_kobj_path: path = '/devices/virtual/block/loop3' 05:33:35 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xc0ed0000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1179.949186][ T1065] oom_reaper: reaped process 23634 (syz-executor.0), now anon-rss:17876kB, file-rss:41692kB, shmem-rss:0kB [ 1179.949234][T23641] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1180.000780][ T3892] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.023218][ T3892] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1180.039309][T23641] CPU: 0 PID: 23641 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1180.048451][T23641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.058508][T23641] Call Trace: [ 1180.061821][T23641] dump_stack+0x172/0x1f0 [ 1180.066156][T23641] dump_header+0x177/0x1152 [ 1180.070920][T23641] ? ___ratelimit+0xf8/0x595 [ 1180.075512][T23641] ? trace_hardirqs_on+0x67/0x240 [ 1180.080542][T23641] ? pagefault_out_of_memory+0x11c/0x11c [ 1180.086177][T23641] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1180.091981][T23641] ? ___ratelimit+0x60/0x595 [ 1180.096567][T23641] ? do_raw_spin_unlock+0x57/0x270 [ 1180.101677][T23641] oom_kill_process.cold+0x10/0x15 [ 1180.106783][T23641] out_of_memory+0x334/0x1340 [ 1180.111464][T23641] ? lock_downgrade+0x920/0x920 [ 1180.116316][T23641] ? oom_killer_disable+0x280/0x280 [ 1180.121512][T23641] ? __kasan_check_read+0x11/0x20 [ 1180.126626][T23641] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1180.132164][T23641] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1180.137810][T23641] ? do_raw_spin_unlock+0x57/0x270 [ 1180.142927][T23641] ? _raw_spin_unlock+0x2d/0x50 [ 1180.147784][T23641] try_charge+0xf4b/0x1440 [ 1180.152213][T23641] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1180.157759][T23641] ? percpu_ref_tryget_live+0x111/0x290 [ 1180.163311][T23641] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1180.163450][ T26] audit: type=1804 audit(1568180015.513:3286): pid=23650 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir718006618/syzkaller.NsE4jR/488/bus" dev="sda1" ino=16671 res=1 [ 1180.168765][T23641] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1180.168777][T23641] mem_cgroup_try_charge+0x136/0x590 [ 1180.168798][T23641] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1180.168815][T23641] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1180.216001][T23641] __handle_mm_fault+0x1e34/0x3f20 [ 1180.221119][T23641] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1180.226663][T23641] ? __kasan_check_read+0x11/0x20 [ 1180.231693][T23641] ? trace_hardirqs_on+0x67/0x240 [ 1180.236718][T23641] handle_mm_fault+0x1b5/0x6c0 [ 1180.241496][T23641] __do_page_fault+0x536/0xdd0 [ 1180.241514][T23641] do_page_fault+0x38/0x590 [ 1180.241528][T23641] page_fault+0x39/0x40 05:33:35 executing program 0: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 1180.241538][T23641] RIP: 0033:0x41122f [ 1180.241553][T23641] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 05:33:35 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x41, 0x0) getsockopt$inet6_dccp_buf(r0, 0x21, 0xc, &(0x7f0000000140)=""/90, &(0x7f00000001c0)=0x5a) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r3, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r3, 0x0, 0x0, 0x1000f4) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r3, r4, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000200)=r3, 0x4) ioctl$VIDIOC_G_CTRL(r4, 0xc008561b, &(0x7f0000000040)={0x7, 0xf5}) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000778000/0x2000)=nil, 0x2000}, &(0x7f00000002c0)=0x10) sendfile(r1, r2, 0x0, 0x8000fffffffe) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r5, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) r6 = socket$inet6(0xa, 0x803, 0x3) ioctl$IMSETDEVNAME(r6, 0x80184947, &(0x7f00000006c0)={0x0, 'syz0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) ioctl$sock_inet6_tcp_SIOCOUTQ(r6, 0x5411, &(0x7f0000000240)) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1180.241560][T23641] RSP: 002b:00007ffe7a181d20 EFLAGS: 00010206 [ 1180.241571][T23641] RAX: 00007fc354354000 RBX: 0000000000020000 RCX: 000000000045993a 05:33:36 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xf6ffffff, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1180.241578][T23641] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1180.241586][T23641] RBP: 00007ffe7a181e00 R08: ffffffffffffffff R09: 0000000000000000 [ 1180.241593][T23641] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7a181ef0 [ 1180.241601][T23641] R13: 00007fc354374700 R14: 0000000000000003 R15: 000000000075c124 [ 1180.248505][T23659] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.248547][T23659] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' 05:33:36 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1180.269610][ T26] audit: type=1800 audit(1568180015.513:3287): pid=23650 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16671 res=0 [ 1180.271837][ T26] audit: type=1804 audit(1568180015.743:3288): pid=23647 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir035096434/syzkaller.r5K0HI/422/bus" dev="sda1" ino=16687 res=1 [ 1180.271859][ T26] audit: type=1800 audit(1568180015.743:3289): pid=23647 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16687 res=0 [ 1180.294524][T23641] memory: usage 307200kB, limit 307200kB, failcnt 40213 [ 1180.294535][T23641] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1180.294539][T23641] Memory cgroup stats for /syz4: [ 1180.294648][T23641] anon 302858240 [ 1180.294648][T23641] file 4337664 [ 1180.294648][T23641] kernel_stack 655360 [ 1180.294648][T23641] slab 3657728 [ 1180.294648][T23641] sock 0 [ 1180.294648][T23641] shmem 0 [ 1180.294648][T23641] file_mapped 4325376 [ 1180.294648][T23641] file_dirty 0 [ 1180.294648][T23641] file_writeback 0 [ 1180.294648][T23641] anon_thp 209715200 [ 1180.294648][T23641] inactive_anon 254836736 [ 1180.294648][T23641] active_anon 4804608 [ 1180.294648][T23641] inactive_file 61440 [ 1180.294648][T23641] active_file 217088 [ 1180.294648][T23641] unevictable 47808512 [ 1180.294648][T23641] slab_reclaimable 1216512 [ 1180.294648][T23641] slab_unreclaimable 2441216 [ 1180.294648][T23641] pgfault 1499784 [ 1180.294648][T23641] pgmajfault 693 [ 1180.294648][T23641] workingset_refault 72270 [ 1180.294648][T23641] workingset_activate 19272 [ 1180.294648][T23641] workingset_nodereclaim 0 [ 1180.294648][T23641] pgrefill 100324 [ 1180.294648][T23641] pgscan 132884 [ 1180.294662][T23641] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23641,uid=0 [ 1180.294774][T23641] Memory cgroup out of memory: Killed process 23641 (syz-executor.4) total-vm:72972kB, anon-rss:17824kB, file-rss:41460kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1180.295996][ T1065] oom_reaper: reaped process 23641 (syz-executor.4), now anon-rss:17808kB, file-rss:41584kB, shmem-rss:0kB [ 1180.298065][T23659] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.298106][T23659] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1180.426453][T23659] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.426490][T23659] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1180.490111][T23659] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env 05:33:36 executing program 5: mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) sendfile(r0, 0xffffffffffffffff, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1180.490164][T23659] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1180.519172][ T3892] kobject: 'loop4' (0000000054f090af): kobject_uevent_env [ 1180.519225][ T3892] kobject: 'loop4' (0000000054f090af): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1180.620991][T23679] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.621033][T23679] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1180.697423][T23679] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.697471][T23679] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1180.722327][ T26] audit: type=1804 audit(1568180016.193:3290): pid=23655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir809657411/syzkaller.gavsLc/733/bus" dev="sda1" ino=16771 res=1 [ 1180.722351][ T26] audit: type=1800 audit(1568180016.193:3291): pid=23655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16771 res=0 [ 1180.757172][T23669] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1180.757191][T23669] CPU: 0 PID: 23669 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1180.757199][T23669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.757204][T23669] Call Trace: [ 1180.757233][T23669] dump_stack+0x172/0x1f0 [ 1180.757252][T23669] dump_header+0x177/0x1152 [ 1180.757264][T23669] ? ___ratelimit+0xf8/0x595 [ 1180.757279][T23669] ? trace_hardirqs_on+0x67/0x240 [ 1180.757292][T23669] ? pagefault_out_of_memory+0x11c/0x11c [ 1180.757309][T23669] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1180.757320][T23669] ? ___ratelimit+0x60/0x595 [ 1180.757334][T23669] ? do_raw_spin_unlock+0x57/0x270 [ 1180.757349][T23669] oom_kill_process.cold+0x10/0x15 [ 1180.757364][T23669] out_of_memory+0x334/0x1340 [ 1180.757377][T23669] ? lock_downgrade+0x920/0x920 [ 1180.757394][T23669] ? oom_killer_disable+0x280/0x280 05:33:36 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r0, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r1, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) r2 = dup3(r0, r1, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r2, 0x800442d4, &(0x7f0000000000)=0x4) mlockall(0x1) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r3, 0x6da943727fea3bcd, 0xffffffff, 0x1000f4) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r3, r4, 0x0, 0x8000fffffffe) [ 1180.757416][T23669] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1180.757430][T23669] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1180.757444][T23669] ? do_raw_spin_unlock+0x57/0x270 [ 1180.757459][T23669] ? _raw_spin_unlock+0x2d/0x50 [ 1180.757473][T23669] try_charge+0xf4b/0x1440 [ 1180.757490][T23669] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1180.757502][T23669] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1180.757514][T23669] ? __kasan_check_read+0x11/0x20 [ 1180.757528][T23669] ? lock_downgrade+0x920/0x920 [ 1180.757540][T23669] ? percpu_ref_tryget_live+0x111/0x290 [ 1180.757555][T23669] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1180.757575][T23669] ? memcg_kmem_put_cache+0x50/0x50 [ 1180.757589][T23669] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1180.757603][T23669] __memcg_kmem_charge+0x13a/0x3a0 [ 1180.757618][T23669] __alloc_pages_nodemask+0x4f7/0x900 [ 1180.757632][T23669] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1180.757643][T23669] ? percpu_ref_put_many+0xb6/0x190 [ 1180.757657][T23669] ? trace_hardirqs_on+0x67/0x240 [ 1180.757666][T23669] ? __kasan_check_read+0x11/0x20 [ 1180.757687][T23669] copy_process+0x3f8/0x6830 [ 1180.757699][T23669] ? psi_memstall_leave+0x12e/0x180 [ 1180.757710][T23669] ? __kasan_check_read+0x11/0x20 [ 1180.757722][T23669] ? record_times+0x1e/0x2b0 [ 1180.757740][T23669] ? __cleanup_sighand+0x60/0x60 [ 1180.757751][T23669] ? trace_hardirqs_on+0x67/0x240 [ 1180.757767][T23669] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1180.757782][T23669] _do_fork+0x146/0xfa0 [ 1180.757796][T23669] ? copy_init_mm+0x20/0x20 [ 1180.757808][T23669] ? __kasan_check_read+0x11/0x20 [ 1180.757824][T23669] ? lock_downgrade+0x920/0x920 [ 1180.757839][T23669] ? percpu_ref_tryget_live+0x290/0x290 [ 1180.757855][T23669] __x64_sys_clone+0x1ab/0x270 [ 1180.757870][T23669] ? __ia32_sys_vfork+0xd0/0xd0 [ 1180.757888][T23669] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 1180.757903][T23669] ? mem_cgroup_handle_over_high+0x21b/0x2a0 [ 1180.757920][T23669] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1180.757932][T23669] ? trace_hardirqs_off_caller+0x65/0x230 [ 1180.757944][T23669] ? trace_hardirqs_on+0x67/0x240 [ 1180.757961][T23669] do_syscall_64+0xfa/0x760 [ 1180.757977][T23669] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1180.757988][T23669] RIP: 0033:0x45c2b9 [ 1180.758003][T23669] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1180.758010][T23669] RSP: 002b:00007ffc960a13f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1180.758024][T23669] RAX: ffffffffffffffda RBX: 00007fb972f88700 RCX: 000000000045c2b9 [ 1180.758032][T23669] RDX: 00007fb972f889d0 RSI: 00007fb972f87db0 RDI: 00000000003d0f00 [ 1180.758041][T23669] RBP: 00007ffc960a1610 R08: 00007fb972f88700 R09: 00007fb972f88700 [ 1180.758049][T23669] R10: 00007fb972f889d0 R11: 0000000000000202 R12: 0000000000000000 [ 1180.758057][T23669] R13: 00007ffc960a14af R14: 00007fb972f889c0 R15: 000000000075bfd4 [ 1180.767829][T23669] memory: usage 307192kB, limit 307200kB, failcnt 20835 [ 1180.767840][T23669] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1180.767843][T23669] Memory cgroup stats for /syz0: [ 1180.767950][T23669] anon 297930752 [ 1180.767950][T23669] file 5996544 [ 1180.767950][T23669] kernel_stack 851968 [ 1180.767950][T23669] slab 5820416 [ 1180.767950][T23669] sock 0 [ 1180.767950][T23669] shmem 0 [ 1180.767950][T23669] file_mapped 5947392 [ 1180.767950][T23669] file_dirty 0 [ 1180.767950][T23669] file_writeback 0 [ 1180.767950][T23669] anon_thp 46137344 [ 1180.767950][T23669] inactive_anon 269787136 [ 1180.767950][T23669] active_anon 1486848 [ 1180.767950][T23669] inactive_file 49152 [ 1180.767950][T23669] active_file 90112 [ 1180.767950][T23669] unevictable 32587776 [ 1180.767950][T23669] slab_reclaimable 1351680 [ 1180.767950][T23669] slab_unreclaimable 4468736 [ 1180.767950][T23669] pgfault 1160940 [ 1180.767950][T23669] pgmajfault 264 [ 1180.767950][T23669] workingset_refault 30558 [ 1180.767950][T23669] workingset_activate 2112 [ 1180.767950][T23669] workingset_nodereclaim 0 [ 1180.767950][T23669] pgrefill 38471 [ 1180.767950][T23669] pgscan 60030 [ 1180.767950][T23669] pgsteal 38293 [ 1180.767965][T23669] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23669,uid=0 [ 1180.768029][T23669] Memory cgroup out of memory: Killed process 23669 (syz-executor.0) total-vm:72708kB, anon-rss:17852kB, file-rss:37240kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1180.768277][ T1065] oom_reaper: reaped process 23669 (syz-executor.0), now anon-rss:17844kB, file-rss:37240kB, shmem-rss:0kB [ 1180.784587][T23679] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.784623][T23679] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1180.815451][ T3892] kobject: 'loop2' (00000000dab98bfc): kobject_uevent_env [ 1180.815485][ T3892] kobject: 'loop2' (00000000dab98bfc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1180.829417][ T3892] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1180.829455][ T3892] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' 05:33:37 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xfeffffff, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1180.907002][T23676] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1181.607545][ T26] audit: type=1804 audit(1568180017.073:3292): pid=23695 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir247890508/syzkaller.pVOBBi/649/bus" dev="sda1" ino=16677 res=1 [ 1181.830555][T23676] CPU: 0 PID: 23676 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1181.830564][T23676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1181.830574][T23676] Call Trace: [ 1181.830597][T23676] dump_stack+0x172/0x1f0 [ 1181.830615][T23676] dump_header+0x177/0x1152 [ 1181.830628][T23676] ? ___ratelimit+0xf8/0x595 [ 1181.830643][T23676] ? trace_hardirqs_on+0x67/0x240 05:33:37 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) [ 1181.830657][T23676] ? pagefault_out_of_memory+0x11c/0x11c [ 1181.830674][T23676] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1181.830685][T23676] ? ___ratelimit+0x60/0x595 [ 1181.830698][T23676] ? do_raw_spin_unlock+0x57/0x270 [ 1181.830712][T23676] oom_kill_process.cold+0x10/0x15 [ 1181.830725][T23676] out_of_memory+0x334/0x1340 [ 1181.830738][T23676] ? lock_downgrade+0x920/0x920 [ 1181.830753][T23676] ? oom_killer_disable+0x280/0x280 [ 1181.830774][T23676] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1181.830787][T23676] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1181.830801][T23676] ? do_raw_spin_unlock+0x57/0x270 [ 1181.830815][T23676] ? _raw_spin_unlock+0x2d/0x50 [ 1181.830830][T23676] try_charge+0xf4b/0x1440 [ 1181.830848][T23676] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1181.830863][T23676] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1181.830877][T23676] ? __kasan_check_read+0x11/0x20 [ 1181.830892][T23676] ? lock_downgrade+0x920/0x920 [ 1181.830904][T23676] ? percpu_ref_tryget_live+0x111/0x290 [ 1181.830920][T23676] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1181.830934][T23676] ? memcg_kmem_put_cache+0x50/0x50 [ 1181.830948][T23676] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1181.830964][T23676] __memcg_kmem_charge+0x13a/0x3a0 [ 1181.830979][T23676] __alloc_pages_nodemask+0x4f7/0x900 [ 1181.830994][T23676] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1181.831006][T23676] ? percpu_ref_put_many+0xb6/0x190 [ 1181.831020][T23676] ? trace_hardirqs_on+0x67/0x240 [ 1181.831031][T23676] ? __kasan_check_read+0x11/0x20 [ 1181.831048][T23676] copy_process+0x3f8/0x6830 [ 1181.831061][T23676] ? psi_memstall_leave+0x12e/0x180 [ 1181.831072][T23676] ? __kasan_check_read+0x11/0x20 [ 1181.831084][T23676] ? record_times+0x1e/0x2b0 [ 1181.831102][T23676] ? __cleanup_sighand+0x60/0x60 [ 1181.831120][T23676] ? trace_hardirqs_on+0x67/0x240 [ 1181.831136][T23676] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1181.831152][T23676] _do_fork+0x146/0xfa0 05:33:37 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200)=r0, 0x37c) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r2, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x121) fsetxattr$security_smack_transmute(r2, &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x2) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) [ 1181.831166][T23676] ? copy_init_mm+0x20/0x20 [ 1181.831178][T23676] ? __kasan_check_read+0x11/0x20 [ 1181.831193][T23676] ? lock_downgrade+0x920/0x920 [ 1181.831207][T23676] ? percpu_ref_tryget_live+0x290/0x290 [ 1181.831223][T23676] __x64_sys_clone+0x1ab/0x270 [ 1181.831237][T23676] ? __ia32_sys_vfork+0xd0/0xd0 [ 1181.831255][T23676] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 1181.831269][T23676] ? mem_cgroup_handle_over_high+0x21b/0x2a0 [ 1181.831286][T23676] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1181.831298][T23676] ? trace_hardirqs_off_caller+0x65/0x230 [ 1181.831310][T23676] ? trace_hardirqs_on+0x67/0x240 [ 1181.831328][T23676] do_syscall_64+0xfa/0x760 [ 1181.831344][T23676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1181.831353][T23676] RIP: 0033:0x45c2b9 [ 1181.831368][T23676] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1181.831374][T23676] RSP: 002b:00007ffe7a181cd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1181.831388][T23676] RAX: ffffffffffffffda RBX: 00007fc3543b6700 RCX: 000000000045c2b9 [ 1181.831396][T23676] RDX: 00007fc3543b69d0 RSI: 00007fc3543b5db0 RDI: 00000000003d0f00 [ 1181.831404][T23676] RBP: 00007ffe7a181ef0 R08: 00007fc3543b6700 R09: 00007fc3543b6700 [ 1181.831412][T23676] R10: 00007fc3543b69d0 R11: 0000000000000202 R12: 0000000000000000 [ 1181.831420][T23676] R13: 00007ffe7a181d8f R14: 00007fc3543b69c0 R15: 000000000075bfd4 [ 1181.831597][T23676] memory: usage 307200kB, limit 307200kB, failcnt 40445 [ 1181.831604][T23676] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1181.831607][T23676] Memory cgroup stats for /syz4: [ 1181.831709][T23676] anon 302739456 [ 1181.831709][T23676] file 4464640 [ 1181.831709][T23676] kernel_stack 655360 [ 1181.831709][T23676] slab 3657728 [ 1181.831709][T23676] sock 0 [ 1181.831709][T23676] shmem 0 [ 1181.831709][T23676] file_mapped 4460544 [ 1181.831709][T23676] file_dirty 0 [ 1181.831709][T23676] file_writeback 0 [ 1181.831709][T23676] anon_thp 209715200 [ 1181.831709][T23676] inactive_anon 254836736 [ 1181.831709][T23676] active_anon 4804608 [ 1181.831709][T23676] inactive_file 0 [ 1181.831709][T23676] active_file 0 [ 1181.831709][T23676] unevictable 47808512 [ 1181.831709][T23676] slab_reclaimable 1216512 [ 1181.831709][T23676] slab_unreclaimable 2441216 [ 1181.831709][T23676] pgfault 1504404 [ 1181.831709][T23676] pgmajfault 693 [ 1181.831709][T23676] workingset_refault 72369 [ 1181.831709][T23676] workingset_activate 19272 [ 1181.831709][T23676] workingset_nodereclaim 0 [ 1181.831709][T23676] pgrefill 101240 [ 1181.831709][T23676] pgscan 133882 [ 1181.831709][T23676] pgsteal 89469 [ 1181.831722][T23676] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23676,uid=0 [ 1181.831805][T23676] Memory cgroup out of memory: Killed process 23676 (syz-executor.4) total-vm:72708kB, anon-rss:17824kB, file-rss:41624kB, shmem-rss:0kB, UID:0 pgtables:176128kB oom_score_adj:1000 [ 1181.832044][ T1065] oom_reaper: reaped process 23676 (syz-executor.4), now anon-rss:17816kB, file-rss:41648kB, shmem-rss:0kB [ 1181.867875][ T3892] kobject: 'loop5' (00000000f1c44dd2): kobject_uevent_env 05:33:37 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1181.867914][ T3892] kobject: 'loop5' (00000000f1c44dd2): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1181.947466][ T8887] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1181.947516][ T8887] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1181.975925][T23706] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1181.975964][T23706] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1182.067426][T23706] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1182.226294][T23696] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1182.243344][T23706] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1182.276605][T23696] CPU: 1 PID: 23696 Comm: syz-executor.0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1182.280503][ T26] audit: type=1800 audit(1568180017.243:3293): pid=23695 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16677 res=0 [ 1182.283304][T23696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1182.283310][T23696] Call Trace: [ 1182.283333][T23696] dump_stack+0x172/0x1f0 [ 1182.283358][T23696] dump_header+0x177/0x1152 [ 1182.367469][ T3892] kobject: 'loop3' (00000000b67b0535): kobject_uevent_env [ 1182.368747][T23696] ? ___ratelimit+0xf8/0x595 [ 1182.373680][ T3892] kobject: 'loop3' (00000000b67b0535): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1182.464370][T23696] ? trace_hardirqs_on+0x67/0x240 [ 1182.464387][T23696] ? pagefault_out_of_memory+0x11c/0x11c [ 1182.464403][T23696] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1182.464414][T23696] ? ___ratelimit+0x60/0x595 [ 1182.464425][T23696] ? do_raw_spin_unlock+0x57/0x270 [ 1182.464437][T23696] oom_kill_process.cold+0x10/0x15 [ 1182.464450][T23696] out_of_memory+0x334/0x1340 [ 1182.464464][T23696] ? lock_downgrade+0x920/0x920 [ 1182.464479][T23696] ? oom_killer_disable+0x280/0x280 [ 1182.464492][T23696] ? __kasan_check_read+0x11/0x20 [ 1182.464509][T23696] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1182.464520][T23696] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1182.464540][T23696] ? do_raw_spin_unlock+0x57/0x270 [ 1182.526871][ T3892] kobject: 'loop2' (00000000dab98bfc): kobject_uevent_env [ 1182.533334][T23696] ? _raw_spin_unlock+0x2d/0x50 [ 1182.533353][T23696] try_charge+0xf4b/0x1440 [ 1182.533372][T23696] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1182.533384][T23696] ? percpu_ref_tryget_live+0x111/0x290 [ 1182.533396][T23696] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1182.533412][T23696] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1182.533432][T23696] mem_cgroup_try_charge+0x136/0x590 [ 1182.559669][ T3892] kobject: 'loop2' (00000000dab98bfc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1182.560819][T23696] __add_to_page_cache_locked+0x43f/0xec0 [ 1182.560843][T23696] ? __kasan_check_read+0x11/0x20 [ 1182.581247][ T3892] kobject: 'loop4' (0000000054f090af): kobject_uevent_env [ 1182.589321][T23696] ? unaccount_page_cache_page+0xda0/0xda0 [ 1182.589336][T23696] ? __alloc_pages_nodemask+0x57b/0x900 [ 1182.589350][T23696] ? xas_descend+0x144/0x370 [ 1182.589366][T23696] ? shadow_lru_isolate+0x430/0x430 [ 1182.589383][T23696] add_to_page_cache_lru+0x1d8/0x790 [ 1182.589404][T23696] ? add_to_page_cache_locked+0x40/0x40 [ 1182.617203][ T3892] kobject: 'loop4' (0000000054f090af): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1182.618787][T23696] ? __page_cache_alloc+0x116/0x490 [ 1182.618806][T23696] pagecache_get_page+0x3be/0x900 [ 1182.618824][T23696] filemap_fault+0x901/0x2b70 [ 1182.618837][T23696] ? __kasan_check_read+0x11/0x20 [ 1182.618851][T23696] ? mark_held_locks+0xf0/0xf0 [ 1182.618864][T23696] ? lock_downgrade+0x920/0x920 [ 1182.618884][T23696] ? alloc_set_pte+0xb7a/0x1780 [ 1182.878853][T23696] ? pagecache_get_page+0x900/0x900 [ 1182.878871][T23696] ? __kasan_check_write+0x14/0x20 [ 1182.878886][T23696] ? down_read+0x109/0x430 [ 1182.878897][T23696] ? down_read_killable+0x490/0x490 [ 1182.878915][T23696] ? lock_downgrade+0x920/0x920 05:33:38 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xff000000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1182.878935][T23696] ext4_filemap_fault+0x86/0xb2 [ 1182.878951][T23696] __do_fault+0x111/0x540 [ 1182.878962][T23696] ? do_raw_spin_unlock+0x57/0x270 05:33:38 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200), 0x4) [ 1182.878979][T23696] __handle_mm_fault+0x2cb8/0x3f20 [ 1182.879019][T23696] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1182.879032][T23696] ? __kasan_check_read+0x11/0x20 [ 1182.879044][T23696] ? do_raw_spin_unlock+0x57/0x270 [ 1182.879065][T23696] ? trace_hardirqs_on+0x67/0x240 [ 1182.879083][T23696] handle_mm_fault+0x1b5/0x6c0 [ 1182.879098][T23696] __get_user_pages+0x7d4/0x1b30 [ 1182.879111][T23696] ? mark_held_locks+0xf0/0xf0 [ 1182.879130][T23696] ? follow_page_mask+0x1cf0/0x1cf0 [ 1182.879142][T23696] ? __mm_populate+0x270/0x380 [ 1182.879159][T23696] ? __kasan_check_write+0x14/0x20 [ 1182.879171][T23696] ? down_read+0x109/0x430 [ 1182.879188][T23696] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1182.879204][T23696] populate_vma_page_range+0x20d/0x2a0 [ 1182.879221][T23696] __mm_populate+0x204/0x380 [ 1182.879236][T23696] ? populate_vma_page_range+0x2a0/0x2a0 [ 1182.879249][T23696] ? __kasan_check_write+0x14/0x20 [ 1182.879260][T23696] ? up_write+0x155/0x490 05:33:38 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000340)='/dev/bus/usb/00#/00#\x00', 0x6d6f, 0x802) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000380)={0x0, 0x80000}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000005c0)={r1, 0x0, r2}) mlockall(0x1) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x2) fallocate(r3, 0x0, 0x0, 0x1000f4) r4 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x1, 0x0) ioctl$VIDIOC_DECODER_CMD(r5, 0xc0485660, &(0x7f00000003c0)={0x5, 0xaac0cd788689129, @stop_pts=0x8}) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="01000000b9f06c4ff74eba20beb0550dd0d37a9c30a9229081d4fd2218ced144f0b8297a79daa900"/54, @ANYRES16=r6, @ANYBLOB="fa2e25bd7000fedbfa250200000008000100000000000c0005002001000000000000d409f3d5f2fb2b080eabf3845f33f372f62cb488052d198615207395810143f87d1d8d05cfc991c0772a1221bc67df36a1ab310a0615"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) r7 = accept(r3, &(0x7f0000000200)=@pppoe={0x18, 0x0, {0x0, @remote}}, &(0x7f0000000280)=0x80) getsockopt$bt_BT_POWER(r7, 0x112, 0x9, &(0x7f00000002c0)=0x80000001, &(0x7f0000000300)=0x1) modify_ldt$write2(0x11, &(0x7f0000000600)={0x9, 0x20000800, 0xffffffffffffffff, 0x2, 0x8, 0x0, 0x101, 0xd0, 0x6, 0x4}, 0x10) r8 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(r3, r8, 0x0, 0x8000fffffffe) ioctl$KVM_GET_CPUID2(r8, 0xc008ae91, &(0x7f0000000480)=ANY=[@ANYBLOB="020016000008000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007af6765cbce75dd760000000000000"]) ioctl$DRM_IOCTL_CONTROL(r3, 0x40086414, &(0x7f0000000440)={0x0, 0xfffffffffffffff7}) [ 1182.879273][T23696] ? ns_capable_common+0x93/0x100 [ 1182.879291][T23696] __x64_sys_mlockall+0x473/0x520 [ 1182.879309][T23696] do_syscall_64+0xfa/0x760 [ 1182.879326][T23696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1182.879338][T23696] RIP: 0033:0x4598e9 [ 1182.879355][T23696] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1182.879363][T23696] RSP: 002b:00007fb972f87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1182.879377][T23696] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004598e9 05:33:39 executing program 1: syz_mount_image$gfs2(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/mixer\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x0) mount$9p_fd(0xffff0000, &(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='9p\x00', 0x0, &(0x7f0000001940)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1182.879385][T23696] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1182.879393][T23696] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1182.879400][T23696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb972f886d4 [ 1182.879408][T23696] R13: 00000000004c5dab R14: 00000000004da878 R15: 00000000ffffffff [ 1182.980458][T23706] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1182.980503][T23706] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1183.037358][T23706] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1183.037400][T23706] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1183.125337][ T3892] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1183.125382][ T3892] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1183.174879][T23738] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1183.174914][T23738] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1183.226396][T23696] memory: usage 307104kB, limit 307200kB, failcnt 21339 [ 1183.226409][T23696] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1183.226413][T23696] Memory cgroup stats for /syz0: [ 1183.226525][T23696] anon 297988096 [ 1183.226525][T23696] file 5681152 [ 1183.226525][T23696] kernel_stack 917504 [ 1183.226525][T23696] slab 5820416 [ 1183.226525][T23696] sock 0 [ 1183.226525][T23696] shmem 0 [ 1183.226525][T23696] file_mapped 5812224 [ 1183.226525][T23696] file_dirty 0 [ 1183.226525][T23696] file_writeback 0 [ 1183.226525][T23696] anon_thp 46137344 [ 1183.226525][T23696] inactive_anon 269787136 [ 1183.226525][T23696] active_anon 1486848 [ 1183.226525][T23696] inactive_file 4096 [ 1183.226525][T23696] active_file 4096 [ 1183.226525][T23696] unevictable 32452608 [ 1183.226525][T23696] slab_reclaimable 1351680 [ 1183.226525][T23696] slab_unreclaimable 4468736 [ 1183.226525][T23696] pgfault 1165626 [ 1183.226525][T23696] pgmajfault 264 [ 1183.226525][T23696] workingset_refault 31746 [ 1183.226525][T23696] workingset_activate 3003 [ 1183.226525][T23696] workingset_nodereclaim 0 [ 1183.226525][T23696] pgrefill 39938 [ 1183.226525][T23696] pgscan 61660 [ 1183.226525][T23696] pgsteal 39517 [ 1183.226542][T23696] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23694,uid=0 05:33:39 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x10) write$evdev(r0, &(0x7f0000000600)=[{{0x0, 0x7530}}], 0x18) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x100000000) munmap(&(0x7f00004b0000/0x1000)=nil, 0x1000) sendfile(r0, r1, 0x0, 0x8000fffffffe) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x94a, 0x0, 0x0, 0x7ff, 0x2}, &(0x7f0000000440)=0x98) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r0, 0x4) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000000c0)={0x3, "0afe75"}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x8, 0x6, 0x3ff) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000400)=""/142, &(0x7f00000004c0)=0x8e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x80) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000006c0)={0x18, 0xd, 0x0, {{0x40, 0x0, 0x6}}}, 0x18) write$char_usb(r2, 0x0, 0x0) [ 1183.226690][T23696] Memory cgroup out of memory: Killed process 23694 (syz-executor.0) total-vm:72840kB, anon-rss:17820kB, file-rss:40808kB, shmem-rss:0kB, UID:0 pgtables:172032kB oom_score_adj:1000 [ 1183.227201][T23725] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1183.227222][T23725] CPU: 1 PID: 23725 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1183.227230][T23725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1183.227235][T23725] Call Trace: [ 1183.227255][T23725] dump_stack+0x172/0x1f0 [ 1183.227274][T23725] dump_header+0x177/0x1152 05:33:39 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlockall(0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000200), 0x4) [ 1183.227286][T23725] ? ___ratelimit+0xf8/0x595 [ 1183.227302][T23725] ? trace_hardirqs_on+0x67/0x240 [ 1183.227315][T23725] ? pagefault_out_of_memory+0x11c/0x11c [ 1183.227332][T23725] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1183.227344][T23725] ? ___ratelimit+0x60/0x595 [ 1183.227356][T23725] ? do_raw_spin_unlock+0x57/0x270 [ 1183.227369][T23725] oom_kill_process.cold+0x10/0x15 [ 1183.227381][T23725] out_of_memory+0x334/0x1340 [ 1183.227394][T23725] ? lock_downgrade+0x920/0x920 [ 1183.227412][T23725] ? oom_killer_disable+0x280/0x280 [ 1183.227430][T23725] ? __kasan_check_read+0x11/0x20 [ 1183.227449][T23725] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1183.227468][T23725] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1183.227483][T23725] ? do_raw_spin_unlock+0x57/0x270 [ 1183.227499][T23725] ? _raw_spin_unlock+0x2d/0x50 [ 1183.227520][T23725] try_charge+0xf4b/0x1440 [ 1183.227537][T23725] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1183.227552][T23725] ? percpu_ref_tryget_live+0x111/0x290 [ 1183.227567][T23725] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1183.227584][T23725] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1183.227598][T23725] mem_cgroup_try_charge+0x136/0x590 [ 1183.227617][T23725] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1183.227632][T23725] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1183.227650][T23725] __handle_mm_fault+0x1e34/0x3f20 [ 1183.227666][T23725] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1183.227680][T23725] ? __kasan_check_read+0x11/0x20 [ 1183.227693][T23725] ? do_raw_spin_unlock+0x57/0x270 [ 1183.227709][T23725] ? trace_hardirqs_on+0x67/0x240 [ 1183.227725][T23725] handle_mm_fault+0x1b5/0x6c0 [ 1183.227740][T23725] __get_user_pages+0x7d4/0x1b30 [ 1183.227754][T23725] ? mark_held_locks+0xf0/0xf0 [ 1183.227770][T23725] ? follow_page_mask+0x1cf0/0x1cf0 [ 1183.227783][T23725] ? __mm_populate+0x270/0x380 [ 1183.227797][T23725] ? memset+0x32/0x40 [ 1183.227812][T23725] populate_vma_page_range+0x20d/0x2a0 [ 1183.227827][T23725] __mm_populate+0x204/0x380 [ 1183.227842][T23725] ? populate_vma_page_range+0x2a0/0x2a0 [ 1183.227856][T23725] ? up_write+0x1c8/0x490 [ 1183.227871][T23725] __x64_sys_mremap+0x7dc/0xb80 [ 1183.227886][T23725] ? mremap_to+0x750/0x750 [ 1183.227903][T23725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1183.227921][T23725] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1183.227937][T23725] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1183.227951][T23725] ? trace_hardirqs_off_caller+0x65/0x230 [ 1183.227964][T23725] ? trace_hardirqs_on+0x67/0x240 [ 1183.227983][T23725] do_syscall_64+0xfa/0x760 [ 1183.228000][T23725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1183.228014][T23725] RIP: 0033:0x4598e9 [ 1183.228029][T23725] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1183.228040][T23725] RSP: 002b:00007fc3543b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1183.228060][T23725] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 [ 1183.228071][T23725] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1183.228082][T23725] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1183.228094][T23725] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc3543b66d4 [ 1183.228100][T23725] R13: 00000000004c5f48 R14: 00000000004dab78 R15: 00000000ffffffff [ 1183.228180][T23725] memory: usage 307200kB, limit 307200kB, failcnt 40799 [ 1183.228187][T23725] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1183.228190][T23725] Memory cgroup stats for /syz4: [ 1183.228293][T23725] anon 300638208 [ 1183.228293][T23725] file 6705152 [ 1183.228293][T23725] kernel_stack 720896 [ 1183.228293][T23725] slab 3657728 [ 1183.228293][T23725] sock 0 [ 1183.228293][T23725] shmem 0 [ 1183.228293][T23725] file_mapped 6488064 [ 1183.228293][T23725] file_dirty 0 [ 1183.228293][T23725] file_writeback 0 [ 1183.228293][T23725] anon_thp 209715200 [ 1183.228293][T23725] inactive_anon 254971904 [ 1183.228293][T23725] active_anon 4804608 [ 1183.228293][T23725] inactive_file 40960 [ 1183.228293][T23725] active_file 102400 [ 1183.228293][T23725] unevictable 47673344 [ 1183.228293][T23725] slab_reclaimable 1216512 [ 1183.228293][T23725] slab_unreclaimable 2441216 [ 1183.228293][T23725] pgfault 1510641 [ 1183.228293][T23725] pgmajfault 693 [ 1183.228293][T23725] workingset_refault 73293 [ 1183.228293][T23725] workingset_activate 19470 [ 1183.228293][T23725] workingset_nodereclaim 0 [ 1183.228293][T23725] pgrefill 102112 [ 1183.228293][T23725] pgscan 135015 [ 1183.228306][T23725] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23716,uid=0 [ 1183.228413][T23725] Memory cgroup out of memory: Killed process 23716 (syz-executor.4) total-vm:72832kB, anon-rss:15700kB, file-rss:42932kB, shmem-rss:0kB, UID:0 pgtables:180224kB oom_score_adj:1000 [ 1183.229105][ T1065] oom_reaper: reaped process 23716 (syz-executor.4), now anon-rss:15768kB, file-rss:44668kB, shmem-rss:0kB [ 1183.229149][ T1065] oom_reaper: reaped process 23694 (syz-executor.0), now anon-rss:17812kB, file-rss:40864kB, shmem-rss:0kB [ 1183.252274][T23738] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1183.252322][T23738] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1183.304388][ T3892] kobject: 'loop2' (00000000dab98bfc): kobject_uevent_env [ 1183.304423][ T3892] kobject: 'loop2' (00000000dab98bfc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1183.373248][T23738] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1183.373303][T23738] kobject: 'loop1' (00000000642c9bf6): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1183.607347][ T8887] kobject: 'loop1' (00000000642c9bf6): kobject_uevent_env [ 1183.963459][T23754] syz-executor.0 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000