00000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcdd}, 0x28) 05:26:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000], [], [], [0x2]}, 0x45c) 05:26:48 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfec00000}, 0x0) 05:26:48 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcde}, 0x28) [ 3425.494579] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:26:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000], [], [], [0x2]}, 0x45c) 05:26:49 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xff000000}, 0x0) [ 3425.627351] gfs2: fsid=_h: Now mounting FS... [ 3425.691357] attempt to access beyond end of device [ 3425.757386] loop3: rw=4096, want=136, limit=1 05:26:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3425.789869] gfs2: error 10 reading superblock [ 3425.807509] gfs2: fsid=_h: can't read superblock [ 3425.812430] gfs2: fsid=_h: can't read superblock: -5 [ 3426.009693] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3426.023832] gfs2: fsid=_h: Now mounting FS... [ 3426.029201] attempt to access beyond end of device [ 3426.034286] loop3: rw=4096, want=136, limit=1 [ 3426.047025] gfs2: error 10 reading superblock [ 3426.057794] gfs2: fsid=_h: can't read superblock [ 3426.067749] gfs2: fsid=_h: can't read superblock: -5 05:26:49 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x368, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000], [], [], [0x2]}, 0x45c) 05:26:49 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcdf}, 0x28) 05:26:49 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffdef}, 0x0) 05:26:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) r7 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r7, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000], [], [], [0x2]}, 0x45c) 05:26:49 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffff7f}, 0x0) [ 3426.376865] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:26:49 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce0}, 0x28) [ 3426.523169] gfs2: fsid=_h: Now mounting FS... 05:26:49 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100000000000}, 0x0) 05:26:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000], [], [], [0x2]}, 0x45c) [ 3426.563981] attempt to access beyond end of device 05:26:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x102001695) listen(r0, 0x0) [ 3426.605780] loop3: rw=4096, want=136, limit=1 [ 3426.640511] gfs2: error 10 reading superblock [ 3426.678558] gfs2: fsid=_h: can't read superblock [ 3426.723226] gfs2: fsid=_h: can't read superblock: -5 [ 3426.952429] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3426.965487] gfs2: fsid=_h: Now mounting FS... [ 3426.970575] attempt to access beyond end of device [ 3426.976817] loop3: rw=4096, want=136, limit=1 [ 3426.989073] gfs2: error 10 reading superblock [ 3426.993594] gfs2: fsid=_h: can't read superblock [ 3427.000083] gfs2: fsid=_h: can't read superblock: -5 [ 3427.017408] net_ratelimit: 26 callbacks suppressed [ 3427.017416] protocol 88fb is buggy, dev hsr_slave_0 [ 3427.017602] protocol 88fb is buggy, dev hsr_slave_0 [ 3427.022421] protocol 88fb is buggy, dev hsr_slave_1 [ 3427.027480] protocol 88fb is buggy, dev hsr_slave_1 [ 3427.032544] protocol 88fb is buggy, dev hsr_slave_0 [ 3427.047599] protocol 88fb is buggy, dev hsr_slave_1 [ 3427.052765] protocol 88fb is buggy, dev hsr_slave_0 [ 3427.057875] protocol 88fb is buggy, dev hsr_slave_1 05:26:50 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x380, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:50 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce1}, 0x28) 05:26:50 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) r7 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r7, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], [], [], [0x2]}, 0x45c) 05:26:50 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4000000000000}, 0x0) 05:26:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000], [], [], [0x2]}, 0x45c) 05:26:50 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xa0010000000000}, 0x0) [ 3427.337302] protocol 88fb is buggy, dev hsr_slave_0 [ 3427.342481] protocol 88fb is buggy, dev hsr_slave_1 05:26:50 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce2}, 0x28) [ 3427.425867] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3427.475162] gfs2: fsid=_h: Now mounting FS... [ 3427.498270] attempt to access beyond end of device [ 3427.526086] loop3: rw=4096, want=136, limit=1 05:26:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000], [], [], [0x2]}, 0x45c) [ 3427.565934] gfs2: error 10 reading superblock 05:26:50 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xd0000000000000}, 0x0) 05:26:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x200802, 0x1) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000180), &(0x7f00000001c0)=0x4) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r3 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r3, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r2, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) r5 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r5, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) sendfile(r2, r4, 0x0, 0x102001695) listen(r0, 0x0) [ 3427.602800] gfs2: fsid=_h: can't read superblock [ 3427.607835] gfs2: fsid=_h: can't read superblock: -5 [ 3427.869614] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3427.880560] gfs2: fsid=_h: Now mounting FS... [ 3427.885514] attempt to access beyond end of device [ 3427.890709] loop3: rw=4096, want=136, limit=1 [ 3427.895927] gfs2: error 10 reading superblock [ 3427.903861] gfs2: fsid=_h: can't read superblock [ 3427.908977] gfs2: fsid=_h: can't read superblock: -5 05:26:51 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x390, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce3}, 0x28) 05:26:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000], [], [], [0x2]}, 0x45c) 05:26:51 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100000000000000}, 0x0) 05:26:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x200802, 0x1) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000180), &(0x7f00000001c0)=0x4) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r3 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r3, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r2, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) r5 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r5, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) sendfile(r2, r4, 0x0, 0x102001695) listen(r0, 0x0) 05:26:51 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x200000000000000}, 0x0) 05:26:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000], [], [], [0x2]}, 0x45c) 05:26:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce4}, 0x28) [ 3428.269478] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3428.295322] gfs2: fsid=_h: Now mounting FS... [ 3428.356471] attempt to access beyond end of device 05:26:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000], [], [], [0x2]}, 0x45c) [ 3428.379379] loop3: rw=4096, want=136, limit=1 [ 3428.391072] gfs2: error 10 reading superblock [ 3428.412317] gfs2: fsid=_h: can't read superblock [ 3428.421594] gfs2: fsid=_h: can't read superblock: -5 05:26:51 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x300000000000000}, 0x0) 05:26:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x24101, 0x0) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000180)={0x880000000000000, 0x2000, 0x3, 0x1, 0x2}) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r3 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r3, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r2, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) r5 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r5, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) sendfile(r2, r4, 0x0, 0x102001695) listen(r0, 0x0) 05:26:52 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x500, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:52 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce5}, 0x28) 05:26:52 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x604000000000000}, 0x0) 05:26:52 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000], [], [], [0x2]}, 0x45c) 05:26:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:26:52 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [], [0x2]}, 0x45c) 05:26:52 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xf00000000000000}, 0x0) 05:26:52 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce6}, 0x28) [ 3429.022488] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3429.043482] gfs2: fsid=_h: Now mounting FS... [ 3429.061750] attempt to access beyond end of device [ 3429.120937] loop3: rw=4096, want=136, limit=2 [ 3429.126474] gfs2: error 10 reading superblock 05:26:52 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [], [0x2]}, 0x45c) 05:26:52 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2ac5000000000000}, 0x0) [ 3429.161153] gfs2: fsid=_h: can't read superblock [ 3429.217735] gfs2: fsid=_h: can't read superblock: -5 05:26:52 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce7}, 0x28) 05:26:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000780)) r4 = memfd_create(&(0x7f0000000280)='&!selinuxsystem\'\x00$\xc1T\xe02\xc57\x8f2\xed5x\xf3\xdfw;\t\x00f\xa7,An!\'}\xf7\xc5&\xf9u\xac\x9c\xb2/\x98\x04\xef6\xcdGA\xf4L\xac!\x9e\xa0\x18;)\x80\x9b+\x9e8\xc0\xbd\x1d\x8b4O\xe3N\xc7d\x9b\x17*s', 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r1, r3, 0x0, 0x102001695) listen(r0, 0x0) [ 3429.529968] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3429.536701] gfs2: fsid=_h: Now mounting FS... [ 3429.541699] attempt to access beyond end of device [ 3429.546729] loop3: rw=4096, want=136, limit=2 [ 3429.551677] gfs2: error 10 reading superblock [ 3429.556278] gfs2: fsid=_h: can't read superblock [ 3429.561172] gfs2: fsid=_h: can't read superblock: -5 05:26:53 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x600, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x2]}, 0x45c) 05:26:53 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3f00000000000000}, 0x0) 05:26:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:53 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce8}, 0x28) 05:26:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240)=@sack_info={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x6548, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000002c0)) r4 = memfd_create(&(0x7f00000001c0)='\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000040)={0x3f, 0x200, 0x6, 0x4, r2}, &(0x7f0000000180)=0x10) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) sendfile(r1, r3, 0x0, 0x102001695) listen(r0, 0x0) getpeername$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, &(0x7f0000000280)=0x1c) 05:26:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [], [0x2]}, 0x45c) 05:26:53 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xce9}, 0x28) 05:26:53 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4000000000000000}, 0x0) 05:26:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240)=@sack_info={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x6548, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000002c0)) r4 = memfd_create(&(0x7f00000001c0)='\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000040)={0x3f, 0x200, 0x6, 0x4, r2}, &(0x7f0000000180)=0x10) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) sendfile(r1, r3, 0x0, 0x102001695) listen(r0, 0x0) getpeername$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, &(0x7f0000000280)=0x1c) [ 3429.999272] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3430.058884] gfs2: fsid=_h: Now mounting FS... 05:26:53 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcea}, 0x28) [ 3430.141647] attempt to access beyond end of device 05:26:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3430.166415] loop3: rw=4096, want=136, limit=3 [ 3430.175267] gfs2: error 10 reading superblock [ 3430.191216] gfs2: fsid=_h: can't read superblock [ 3430.214362] gfs2: fsid=_h: can't read superblock: -5 [ 3430.344119] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3430.363972] gfs2: fsid=_h: Now mounting FS... [ 3430.385050] attempt to access beyond end of device [ 3430.408056] loop3: rw=4096, want=136, limit=3 [ 3430.412612] gfs2: error 10 reading superblock [ 3430.419032] gfs2: fsid=_h: can't read superblock [ 3430.423850] gfs2: fsid=_h: can't read superblock: -5 05:26:53 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x700, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [], [], [0x2]}, 0x45c) 05:26:53 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7f00000000000000}, 0x0) 05:26:53 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xceb}, 0x28) 05:26:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:54 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb8fd3f0000000000}, 0x0) 05:26:54 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcec}, 0x28) 05:26:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], [], [0x2]}, 0x45c) [ 3430.734308] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3430.783325] gfs2: fsid=_h: Now mounting FS... [ 3430.814293] attempt to access beyond end of device [ 3430.859785] loop3: rw=4096, want=136, limit=3 05:26:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [], [], [0x2]}, 0x45c) [ 3430.888117] gfs2: error 10 reading superblock 05:26:54 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xced}, 0x28) [ 3430.917562] gfs2: fsid=_h: can't read superblock [ 3430.935265] gfs2: fsid=_h: can't read superblock: -5 05:26:54 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xeffdffff00000000}, 0x0) [ 3431.225868] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3431.245100] gfs2: fsid=_h: Now mounting FS... [ 3431.250373] attempt to access beyond end of device [ 3431.255321] loop3: rw=4096, want=136, limit=3 [ 3431.266392] gfs2: error 10 reading superblock [ 3431.271523] gfs2: fsid=_h: can't read superblock [ 3431.276449] gfs2: fsid=_h: can't read superblock: -5 05:26:54 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x900, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [], [], [0x2]}, 0x45c) 05:26:54 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcee}, 0x28) 05:26:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(0xffffffffffffffff, r4, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:26:54 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfc00000000000000}, 0x0) 05:26:54 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfe80000000000000}, 0x0) 05:26:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48], [], [], [0x2]}, 0x45c) 05:26:54 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcef}, 0x28) [ 3431.543264] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3431.601584] gfs2: fsid=_h: Now mounting FS... [ 3431.632494] attempt to access beyond end of device [ 3431.656170] loop3: rw=4096, want=136, limit=4 [ 3431.697518] gfs2: error 10 reading superblock 05:26:55 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfec0000000000000}, 0x0) [ 3431.735288] gfs2: fsid=_h: can't read superblock 05:26:55 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf0}, 0x28) 05:26:55 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c], [], [], [0x2]}, 0x45c) [ 3431.769486] gfs2: fsid=_h: can't read superblock: -5 [ 3432.018110] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3432.030591] gfs2: fsid=_h: Now mounting FS... [ 3432.039877] attempt to access beyond end of device [ 3432.044905] loop3: rw=4096, want=136, limit=4 [ 3432.050092] gfs2: error 10 reading superblock [ 3432.054721] gfs2: fsid=_h: can't read superblock [ 3432.060298] gfs2: fsid=_h: can't read superblock: -5 05:26:55 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xa00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(0xffffffffffffffff, r4, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:26:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(0xffffffffffffffff, r4, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:26:55 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [], [], [0x2]}, 0x45c) 05:26:55 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf1}, 0x28) 05:26:55 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xff00000000000000}, 0x0) 05:26:55 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0) 05:26:55 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf2}, 0x28) 05:26:55 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c], [], [], [0x2]}, 0x45c) [ 3432.350492] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3432.389493] gfs2: fsid=_h: Now mounting FS... [ 3432.426792] attempt to access beyond end of device [ 3432.478886] loop3: rw=4096, want=136, limit=5 05:26:55 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff00000000}, 0x0) [ 3432.507329] gfs2: error 10 reading superblock 05:26:55 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74], [], [], [0x2]}, 0x45c) [ 3432.542560] gfs2: fsid=_h: can't read superblock 05:26:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3432.598096] gfs2: fsid=_h: can't read superblock: -5 [ 3432.848808] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3432.855462] gfs2: fsid=_h: Now mounting FS... [ 3432.860400] attempt to access beyond end of device [ 3432.865354] loop3: rw=4096, want=136, limit=5 [ 3432.865366] gfs2: error 10 reading superblock [ 3432.865386] gfs2: fsid=_h: can't read superblock [ 3432.879337] gfs2: fsid=_h: can't read superblock: -5 05:26:56 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xb00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf3}, 0x28) 05:26:56 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) 05:26:56 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(0xffffffffffffffff, r4, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:26:56 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], [], [], [0x2]}, 0x45c) 05:26:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:56 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300], [], [], [0x2]}, 0x45c) 05:26:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf4}, 0x28) 05:26:56 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0) [ 3433.175417] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3433.218829] gfs2: fsid=_h: Now mounting FS... [ 3433.256773] attempt to access beyond end of device [ 3433.262138] net_ratelimit: 26 callbacks suppressed [ 3433.262147] protocol 88fb is buggy, dev hsr_slave_0 [ 3433.262211] protocol 88fb is buggy, dev hsr_slave_1 [ 3433.267580] protocol 88fb is buggy, dev hsr_slave_0 [ 3433.282744] protocol 88fb is buggy, dev hsr_slave_1 [ 3433.289366] protocol 88fb is buggy, dev hsr_slave_0 [ 3433.291641] loop3: rw=4096, want=136, limit=5 [ 3433.294905] protocol 88fb is buggy, dev hsr_slave_1 05:26:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r4, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3433.305046] protocol 88fb is buggy, dev hsr_slave_0 [ 3433.310795] protocol 88fb is buggy, dev hsr_slave_1 [ 3433.339364] gfs2: error 10 reading superblock [ 3433.361846] gfs2: fsid=_h: can't read superblock 05:26:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf5}, 0x28) [ 3433.392241] gfs2: fsid=_h: can't read superblock: -5 05:26:56 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500], [], [], [0x2]}, 0x45c) [ 3433.580767] protocol 88fb is buggy, dev hsr_slave_0 [ 3433.586397] protocol 88fb is buggy, dev hsr_slave_1 [ 3433.659732] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3433.666392] gfs2: fsid=_h: Now mounting FS... [ 3433.677295] attempt to access beyond end of device [ 3433.683545] loop3: rw=4096, want=136, limit=5 [ 3433.689767] gfs2: error 10 reading superblock [ 3433.694390] gfs2: fsid=_h: can't read superblock [ 3433.708361] gfs2: fsid=_h: can't read superblock: -5 05:26:57 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xc00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:57 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) 05:26:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(0xffffffffffffffff, r4, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:26:57 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600], [], [], [0x2]}, 0x45c) 05:26:57 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf6}, 0x28) 05:26:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r4, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:26:57 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700], [], [], [0x2]}, 0x45c) 05:26:57 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf7}, 0x28) 05:26:57 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x0) [ 3433.989911] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:26:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r4, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3434.034373] gfs2: fsid=_h: Now mounting FS... [ 3434.039679] attempt to access beyond end of device [ 3434.044858] loop3: rw=4096, want=136, limit=6 [ 3434.050097] gfs2: error 10 reading superblock [ 3434.054879] gfs2: fsid=_h: can't read superblock [ 3434.060029] gfs2: fsid=_h: can't read superblock: -5 05:26:57 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00], [], [], [0x2]}, 0x45c) 05:26:57 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf8}, 0x28) [ 3434.369941] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3434.376613] gfs2: fsid=_h: Now mounting FS... [ 3434.451307] attempt to access beyond end of device [ 3434.474109] loop3: rw=4096, want=136, limit=6 [ 3434.505586] gfs2: error 10 reading superblock [ 3434.511315] gfs2: fsid=_h: can't read superblock [ 3434.522874] gfs2: fsid=_h: can't read superblock: -5 05:26:57 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xd00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:57 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xd0}, 0x0) 05:26:57 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00], [], [], [0x2]}, 0x45c) 05:26:57 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcf9}, 0x28) 05:26:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:58 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800], [], [], [0x2]}, 0x45c) 05:26:58 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}, 0x0) [ 3434.754272] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:26:58 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcfa}, 0x28) [ 3434.800971] gfs2: fsid=_h: Now mounting FS... [ 3434.848768] attempt to access beyond end of device [ 3434.893810] loop3: rw=4096, want=136, limit=6 [ 3434.910395] gfs2: error 10 reading superblock [ 3434.937949] gfs2: fsid=_h: can't read superblock [ 3434.942900] gfs2: fsid=_h: can't read superblock: -5 05:26:58 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00], [], [], [0x2]}, 0x45c) 05:26:58 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x0) 05:26:58 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcfb}, 0x28) [ 3435.259151] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3435.280775] gfs2: fsid=_h: Now mounting FS... [ 3435.285733] attempt to access beyond end of device [ 3435.291318] loop3: rw=4096, want=136, limit=6 [ 3435.296203] gfs2: error 10 reading superblock [ 3435.306825] gfs2: fsid=_h: can't read superblock [ 3435.312276] gfs2: fsid=_h: can't read superblock: -5 05:26:58 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xe00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:58 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x406}, 0x0) 05:26:58 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:58 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800], [], [], [0x2]}, 0x45c) 05:26:58 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcfc}, 0x28) 05:26:58 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00], [], [], [0x2]}, 0x45c) 05:26:58 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x604}, 0x0) 05:26:59 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcfd}, 0x28) [ 3435.633028] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3435.707074] gfs2: fsid=_h: Now mounting FS... [ 3435.736861] attempt to access beyond end of device [ 3435.769671] loop3: rw=4096, want=136, limit=7 05:26:59 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400], [], [], [0x2]}, 0x45c) [ 3435.806894] gfs2: error 10 reading superblock 05:26:59 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcfe}, 0x28) 05:26:59 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf00}, 0x0) [ 3435.848558] gfs2: fsid=_h: can't read superblock [ 3435.857505] gfs2: fsid=_h: can't read superblock: -5 [ 3436.105143] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3436.113766] gfs2: fsid=_h: Now mounting FS... [ 3436.120533] attempt to access beyond end of device [ 3436.125765] loop3: rw=4096, want=136, limit=7 [ 3436.131133] gfs2: error 10 reading superblock [ 3436.135892] gfs2: fsid=_h: can't read superblock [ 3436.147663] gfs2: fsid=_h: can't read superblock: -5 05:26:59 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xf00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:26:59 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000e80)={0x1000, ""/4096}) r4 = fcntl$getown(r0, 0x9) wait4(r4, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r3, 0x0, 0x0, 0x200007fa, &(0x7f00000002c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240)=@sack_info={0x0}, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r4}) fremovexattr(r3, &(0x7f0000000040)=@random={'trusted.', '\x00\x00\x00\x00\x8c\x00'}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0xffffff35) recvfrom$inet(r3, &(0x7f0000000400)=""/238, 0xee, 0x61, 0x0, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) r7 = memfd_create(&(0x7f0000000180)=')@{\x00', 0x1) pwritev(r7, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r6, 0x4c00, r7) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000000c0)={r5, 0xfffffffffffffffd, 0x5, [0x29, 0x8, 0x5, 0x7, 0x69]}, &(0x7f00000001c0)=0x12) sendfile(r3, r6, 0x0, 0x102001695) ioctl$BLKRRPART(r6, 0x125f, 0x0) listen(r0, 0x0) 05:26:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:26:59 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00], [], [], [0x2]}, 0x45c) 05:26:59 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2ac5}, 0x0) 05:26:59 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xcff}, 0x28) 05:26:59 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [], [], [0x2]}, 0x45c) [ 3436.336425] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:26:59 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd00}, 0x28) 05:26:59 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, 0x0) [ 3436.407489] gfs2: fsid=_h: Now mounting FS... [ 3436.429614] attempt to access beyond end of device [ 3436.508238] loop3: rw=4096, want=136, limit=7 [ 3436.550233] gfs2: error 10 reading superblock 05:26:59 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [], [], [0x2]}, 0x45c) [ 3436.582825] gfs2: fsid=_h: can't read superblock [ 3436.622598] gfs2: fsid=_h: can't read superblock: -5 05:27:00 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd01}, 0x28) 05:27:00 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0) [ 3436.796734] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3436.858844] gfs2: fsid=_h: Now mounting FS... [ 3436.896490] attempt to access beyond end of device [ 3436.905772] loop3: rw=4096, want=136, limit=7 [ 3436.922795] gfs2: error 10 reading superblock [ 3436.933690] gfs2: fsid=_h: can't read superblock [ 3436.939015] gfs2: fsid=_h: can't read superblock: -5 05:27:00 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xf19, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:00 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000e80)={0x1000, ""/4096}) r4 = fcntl$getown(r0, 0x9) wait4(r4, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r3, 0x0, 0x0, 0x200007fa, &(0x7f00000002c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240)=@sack_info={0x0}, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r4}) fremovexattr(r3, &(0x7f0000000040)=@random={'trusted.', '\x00\x00\x00\x00\x8c\x00'}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0xffffff35) recvfrom$inet(r3, &(0x7f0000000400)=""/238, 0xee, 0x61, 0x0, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) r7 = memfd_create(&(0x7f0000000180)=')@{\x00', 0x1) pwritev(r7, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r6, 0x4c00, r7) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000000c0)={r5, 0xfffffffffffffffd, 0x5, [0x29, 0x8, 0x5, 0x7, 0x69]}, &(0x7f00000001c0)=0x12) sendfile(r3, r6, 0x0, 0x102001695) ioctl$BLKRRPART(r6, 0x125f, 0x0) listen(r0, 0x0) 05:27:00 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000], [], [], [0x2]}, 0x45c) 05:27:00 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7f00}, 0x0) 05:27:00 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd02}, 0x28) 05:27:00 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x80fe}, 0x0) 05:27:00 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000], [], [], [0x2]}, 0x45c) [ 3437.182113] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:00 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd03}, 0x28) [ 3437.245620] gfs2: fsid=_h: Now mounting FS... [ 3437.297723] attempt to access beyond end of device 05:27:00 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe}, 0x0) [ 3437.335566] loop3: rw=4096, want=136, limit=7 [ 3437.371873] gfs2: error 10 reading superblock [ 3437.398417] gfs2: fsid=_h: can't read superblock 05:27:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3437.428805] gfs2: fsid=_h: can't read superblock: -5 05:27:00 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000], [], [], [0x2]}, 0x45c) [ 3437.677954] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3437.686631] gfs2: fsid=_h: Now mounting FS... [ 3437.702708] attempt to access beyond end of device [ 3437.729074] loop3: rw=4096, want=136, limit=7 [ 3437.734285] gfs2: error 10 reading superblock [ 3437.741856] gfs2: fsid=_h: can't read superblock [ 3437.759764] gfs2: fsid=_h: can't read superblock: -5 05:27:01 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1020, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:01 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd04}, 0x28) 05:27:01 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc52a}, 0x0) 05:27:01 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000], [], [], [0x2]}, 0x45c) 05:27:01 executing program 1: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:27:01 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xd000}, 0x0) [ 3437.975928] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3438.045932] gfs2: fsid=_h: Now mounting FS... [ 3438.065533] gfs2: not a GFS2 filesystem [ 3438.069892] gfs2: fsid=_h: can't read superblock [ 3438.075047] gfs2: fsid=_h: can't read superblock: -22 05:27:01 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000], [], [], [0x2]}, 0x45c) [ 3438.113220] sysfs: cannot create duplicate filename '/fs/gfs2/_h' [ 3438.146912] CPU: 1 PID: 13384 Comm: syz-executor3 Not tainted 5.0.0-rc2+ #29 [ 3438.154141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3438.154150] Call Trace: [ 3438.166109] dump_stack+0x1db/0x2d0 [ 3438.169755] ? dump_stack_print_info.cold+0x20/0x20 [ 3438.174805] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3438.179926] sysfs_warn_dup.cold+0x1c/0x31 [ 3438.184176] sysfs_create_dir_ns+0x2d9/0x340 [ 3438.188596] ? sysfs_create_mount_point+0xa0/0xa0 [ 3438.193465] ? do_raw_spin_trylock+0x270/0x270 [ 3438.198075] kobject_add_internal.cold+0x129/0x6d8 [ 3438.203045] ? kobj_ns_type_registered+0x60/0x60 [ 3438.207812] ? kfree_const+0x59/0x70 [ 3438.211539] ? rcu_read_lock_sched_held+0x110/0x130 [ 3438.216564] ? kfree+0x1fa/0x230 [ 3438.219946] ? kfree_const+0x5e/0x70 [ 3438.223706] kobject_init_and_add+0x101/0x160 [ 3438.228217] ? kobject_add_internal+0x4b0/0x4b0 [ 3438.232903] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3438.238445] ? vsnprintf+0x368/0x1b10 [ 3438.238482] gfs2_sys_fs_add+0x210/0x500 [ 3438.238500] ? recover_store+0x1a0/0x1a0 [ 3438.238517] ? snprintf+0xbb/0xf0 [ 3438.238533] ? vscnprintf+0x40/0x80 [ 3438.257542] ? set_blocksize+0x2bf/0x340 05:27:01 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd05}, 0x28) [ 3438.261618] ? memcpy+0x46/0x50 [ 3438.261638] fill_super+0x894/0x1990 [ 3438.268648] ? vsnprintf+0x368/0x1b10 [ 3438.272476] ? gfs2_online_uevent+0x2d0/0x2d0 [ 3438.276998] ? gfs2_mount_args+0x149/0xad0 [ 3438.281247] ? snprintf+0xbb/0xf0 [ 3438.284711] ? vsprintf+0x40/0x40 [ 3438.288195] ? ns_capable_common+0x141/0x170 [ 3438.292635] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3438.297657] ? set_blocksize+0x2bf/0x340 [ 3438.297681] gfs2_mount+0x5db/0x6ee [ 3438.297699] ? fill_super+0x1990/0x1990 [ 3438.297713] ? __init_waitqueue_head+0x92/0x150 [ 3438.297754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3438.319586] mount_fs+0x123/0x43a [ 3438.323048] ? emergency_thaw_all+0x260/0x260 [ 3438.327570] ? lock_release+0xc40/0xc40 [ 3438.331573] vfs_kern_mount.part.0+0xdb/0x570 [ 3438.331594] ? may_umount+0xb0/0xb0 [ 3438.331630] ? _raw_read_unlock+0x2d/0x50 [ 3438.343886] ? __get_fs_type+0x9a/0xd0 [ 3438.347790] do_mount+0x58e/0x3330 [ 3438.351342] ? rcu_pm_notify+0xd0/0xd0 [ 3438.355258] ? copy_mount_string+0x40/0x40 [ 3438.359508] ? kmem_cache_alloc_trace+0x354/0x760 [ 3438.364362] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3438.364379] ? _copy_from_user+0xdd/0x150 [ 3438.364397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3438.364416] ? copy_mount_options+0x30e/0x440 [ 3438.384121] ksys_mount+0xdb/0x150 [ 3438.387678] __x64_sys_mount+0xbe/0x150 [ 3438.391664] do_syscall_64+0x1a3/0x800 [ 3438.391683] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3438.391703] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3438.405525] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3438.410399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3438.415770] RIP: 0033:0x45a93a [ 3438.418989] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ed 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ca 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 3438.437900] RSP: 002b:00007f71c140ba88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3438.437916] RAX: ffffffffffffffda RBX: 00007f71c140bb30 RCX: 000000000045a93a [ 3438.437925] RDX: 00007f71c140bad0 RSI: 0000000020000380 RDI: 00007f71c140baf0 05:27:01 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00}, 0x0) [ 3438.437935] RBP: 0000000020000380 R08: 00007f71c140bb30 R09: 00007f71c140bad0 [ 3438.437943] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 3438.437952] R13: 0000000000000000 R14: 00000000004db930 R15: 00000000ffffffff 05:27:01 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000], [], [], [0x2]}, 0x45c) 05:27:01 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd06}, 0x28) [ 3438.701820] kobject_add_internal failed for _h with -EEXIST, don't try to register things with the same name in the same directory. [ 3438.717279] gfs2: fsid=_h: error -17 adding sysfs files [ 3438.816324] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3438.823884] gfs2: fsid=_h: Now mounting FS... [ 3438.829180] attempt to access beyond end of device [ 3438.834380] loop3: rw=4096, want=136, limit=8 [ 3438.840235] gfs2: error 10 reading superblock [ 3438.844761] gfs2: fsid=_h: can't read superblock [ 3438.849906] gfs2: fsid=_h: can't read superblock: -5 05:27:02 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1100, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:27:02 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [], [], [0x2]}, 0x45c) 05:27:02 executing program 1 (fault-call:4 fault-nth:0): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x28f) 05:27:02 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80}, 0x0) 05:27:02 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd07}, 0x28) 05:27:02 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000], [], [], [0x2]}, 0x45c) 05:27:02 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0}, 0x0) [ 3439.067075] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3439.100258] FAULT_INJECTION: forcing a failure. [ 3439.100258] name failslab, interval 1, probability 0, space 0, times 0 [ 3439.124074] gfs2: fsid=_h: Now mounting FS... [ 3439.145929] CPU: 1 PID: 13423 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3439.153145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3439.162503] Call Trace: [ 3439.165108] dump_stack+0x1db/0x2d0 [ 3439.168760] ? dump_stack_print_info.cold+0x20/0x20 [ 3439.173794] ? mark_held_locks+0x100/0x100 [ 3439.178065] should_fail.cold+0xa/0x15 [ 3439.181995] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3439.187123] ? ___might_sleep+0x1e7/0x310 [ 3439.191288] ? arch_local_save_flags+0x50/0x50 [ 3439.195897] ? ___might_sleep+0x1e7/0x310 [ 3439.200081] __should_failslab+0x121/0x190 [ 3439.204328] should_failslab+0x9/0x14 [ 3439.208143] __kmalloc+0x2dc/0x740 [ 3439.211696] ? __mutex_lock+0x622/0x1670 [ 3439.215785] ? rw_copy_check_uvector+0x28c/0x330 [ 3439.220577] rw_copy_check_uvector+0x28c/0x330 [ 3439.225230] ? mutex_trylock+0x2d0/0x2d0 [ 3439.229315] import_iovec+0xc1/0x2a0 [ 3439.233052] ? dup_iter+0x260/0x260 [ 3439.236689] ? lock_downgrade+0x910/0x910 [ 3439.240850] vfs_readv+0xf5/0x1c0 [ 3439.244321] ? compat_rw_copy_check_uvector+0x3f0/0x3f0 [ 3439.244340] ? kasan_check_write+0x14/0x20 [ 3439.244356] ? __mutex_unlock_slowpath+0x195/0x870 [ 3439.258905] ? wait_for_completion+0x810/0x810 [ 3439.263501] ? mutex_lock_nested+0x16/0x20 [ 3439.267753] ? mutex_lock_nested+0x16/0x20 [ 3439.267770] ? __fdget_pos+0xdc/0x1f0 [ 3439.267785] ? __fdget_raw+0x20/0x20 [ 3439.267803] ? __sb_end_write+0xd9/0x110 [ 3439.267826] do_readv+0x11a/0x300 [ 3439.267845] ? vfs_readv+0x1c0/0x1c0 [ 3439.279588] ? trace_hardirqs_off_caller+0x300/0x300 [ 3439.279610] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3439.279629] __x64_sys_readv+0x75/0xb0 [ 3439.287125] do_syscall_64+0x1a3/0x800 [ 3439.287145] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3439.287162] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3439.295972] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3439.295999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3439.296014] RIP: 0033:0x457ec9 05:27:02 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd08}, 0x28) 05:27:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3439.304637] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3439.304646] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 3439.304661] RAX: ffffffffffffffda RBX: 00007f36f091cc90 RCX: 0000000000457ec9 [ 3439.304670] RDX: 000000000000028f RSI: 00000000200000c0 RDI: 0000000000000003 [ 3439.304682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3439.318488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3439.318498] R13: 00000000004c492b R14: 00000000004d8258 R15: 0000000000000004 [ 3439.377410] attempt to access beyond end of device [ 3439.444581] loop3: rw=4096, want=136, limit=8 [ 3439.453673] gfs2: error 10 reading superblock [ 3439.464317] gfs2: fsid=_h: can't read superblock [ 3439.473064] gfs2: fsid=_h: can't read superblock: -5 05:27:02 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}, 0x0) [ 3439.497342] net_ratelimit: 26 callbacks suppressed [ 3439.497350] protocol 88fb is buggy, dev hsr_slave_0 [ 3439.498383] protocol 88fb is buggy, dev hsr_slave_0 [ 3439.502382] protocol 88fb is buggy, dev hsr_slave_1 [ 3439.507653] protocol 88fb is buggy, dev hsr_slave_1 [ 3439.523834] protocol 88fb is buggy, dev hsr_slave_0 [ 3439.529172] protocol 88fb is buggy, dev hsr_slave_1 [ 3439.535526] protocol 88fb is buggy, dev hsr_slave_0 [ 3439.541036] protocol 88fb is buggy, dev hsr_slave_1 05:27:02 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000], [], [], [0x2]}, 0x45c) [ 3439.730746] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3439.771886] gfs2: fsid=_h: Now mounting FS... [ 3439.796400] attempt to access beyond end of device [ 3439.813453] loop3: rw=4096, want=136, limit=8 [ 3439.818170] protocol 88fb is buggy, dev hsr_slave_0 [ 3439.818240] protocol 88fb is buggy, dev hsr_slave_1 [ 3439.872383] gfs2: error 10 reading superblock [ 3439.877013] gfs2: fsid=_h: can't read superblock [ 3439.892130] gfs2: fsid=_h: can't read superblock: -5 05:27:03 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1200, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:03 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd09}, 0x28) 05:27:03 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000], [], [], [0x2]}, 0x45c) 05:27:03 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1a000}, 0x0) 05:27:03 executing program 1 (fault-call:4 fault-nth:1): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x28f) 05:27:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:03 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000], [], [], [0x2]}, 0x45c) 05:27:03 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0) [ 3440.096450] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3440.162048] gfs2: fsid=_h: Now mounting FS... [ 3440.180804] attempt to access beyond end of device [ 3440.203812] FAULT_INJECTION: forcing a failure. [ 3440.203812] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3440.215623] CPU: 1 PID: 13471 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3440.222810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3440.232184] Call Trace: [ 3440.234807] dump_stack+0x1db/0x2d0 [ 3440.238466] ? dump_stack_print_info.cold+0x20/0x20 [ 3440.243520] should_fail.cold+0xa/0x15 [ 3440.247423] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3440.252545] ? mark_held_locks+0x100/0x100 [ 3440.256813] ? __lock_acquire+0x572/0x4a30 [ 3440.261067] ? mark_held_locks+0x100/0x100 [ 3440.265318] should_fail_alloc_page+0x50/0x60 [ 3440.269828] __alloc_pages_nodemask+0x323/0xdc0 [ 3440.274529] ? mark_held_locks+0x100/0x100 [ 3440.278812] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3440.283852] ? ___might_sleep+0x1e7/0x310 [ 3440.288020] ? trace_hardirqs_off+0xb8/0x310 [ 3440.292458] cache_grow_begin+0x9c/0x8c0 [ 3440.296535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3440.302091] ? check_preemption_disabled+0x48/0x290 [ 3440.307140] __kmalloc+0x67f/0x740 [ 3440.310745] ? rw_copy_check_uvector+0x28c/0x330 [ 3440.315517] rw_copy_check_uvector+0x28c/0x330 [ 3440.320112] ? mutex_trylock+0x2d0/0x2d0 [ 3440.324207] import_iovec+0xc1/0x2a0 [ 3440.327936] ? dup_iter+0x260/0x260 [ 3440.331598] ? lock_downgrade+0x910/0x910 [ 3440.335762] vfs_readv+0xf5/0x1c0 [ 3440.339230] ? compat_rw_copy_check_uvector+0x3f0/0x3f0 [ 3440.344609] ? kasan_check_write+0x14/0x20 [ 3440.348847] ? __mutex_unlock_slowpath+0x195/0x870 [ 3440.348865] ? wait_for_completion+0x810/0x810 [ 3440.348884] ? mutex_lock_nested+0x16/0x20 [ 3440.348895] ? mutex_lock_nested+0x16/0x20 [ 3440.348909] ? __fdget_pos+0xdc/0x1f0 [ 3440.348924] ? __fdget_raw+0x20/0x20 [ 3440.348941] ? __sb_end_write+0xd9/0x110 [ 3440.378459] do_readv+0x11a/0x300 [ 3440.381934] ? vfs_readv+0x1c0/0x1c0 [ 3440.385668] ? trace_hardirqs_off_caller+0x300/0x300 [ 3440.390782] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3440.395549] __x64_sys_readv+0x75/0xb0 [ 3440.399449] do_syscall_64+0x1a3/0x800 05:27:03 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0) 05:27:03 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd0a}, 0x28) [ 3440.403354] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3440.408305] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3440.413337] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3440.417478] loop3: rw=4096, want=136, limit=9 [ 3440.418223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3440.418236] RIP: 0033:0x457ec9 [ 3440.418252] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:27:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3440.418263] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 3440.422891] gfs2: error 10 reading superblock [ 3440.427925] RAX: ffffffffffffffda RBX: 00007f36f091cc90 RCX: 0000000000457ec9 [ 3440.427934] RDX: 000000000000028f RSI: 00000000200000c0 RDI: 0000000000000003 [ 3440.427943] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3440.427952] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3440.427971] R13: 00000000004c492b R14: 00000000004d8258 R15: 0000000000000004 [ 3440.556389] gfs2: fsid=_h: can't read superblock 05:27:03 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000], [], [], [0x2]}, 0x45c) [ 3440.580599] gfs2: fsid=_h: can't read superblock: -5 [ 3440.859689] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3440.866318] gfs2: fsid=_h: Now mounting FS... [ 3440.872554] attempt to access beyond end of device [ 3440.877825] loop3: rw=4096, want=136, limit=9 [ 3440.882356] gfs2: error 10 reading superblock [ 3440.886874] gfs2: fsid=_h: can't read superblock [ 3440.903275] gfs2: fsid=_h: can't read superblock: -5 05:27:04 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1300, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:04 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3ffdb8}, 0x0) 05:27:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd0b}, 0x28) 05:27:04 executing program 1 (fault-call:4 fault-nth:2): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x28f) 05:27:04 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000], [], [], [0x2]}, 0x45c) 05:27:04 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:04 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000], [], [], [0x2]}, 0x45c) 05:27:04 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa00100}, 0x0) [ 3441.097092] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3441.134257] FAULT_INJECTION: forcing a failure. [ 3441.134257] name failslab, interval 1, probability 0, space 0, times 0 05:27:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd0c}, 0x28) [ 3441.159497] gfs2: fsid=_h: Now mounting FS... [ 3441.205310] CPU: 1 PID: 13531 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3441.211446] attempt to access beyond end of device [ 3441.212510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3441.212517] Call Trace: [ 3441.212540] dump_stack+0x1db/0x2d0 [ 3441.212562] ? dump_stack_print_info.cold+0x20/0x20 [ 3441.238065] ? __mutex_lock+0x622/0x1670 [ 3441.242165] ? do_readv+0x11a/0x300 [ 3441.245805] should_fail.cold+0xa/0x15 [ 3441.249655] loop3: rw=4096, want=136, limit=9 [ 3441.249712] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3441.259300] ? ___might_sleep+0x1e7/0x310 [ 3441.263461] ? arch_local_save_flags+0x50/0x50 [ 3441.268108] __should_failslab+0x121/0x190 [ 3441.272353] should_failslab+0x9/0x14 [ 3441.272928] gfs2: error 10 reading superblock [ 3441.276163] kmem_cache_alloc_node_trace+0x270/0x720 [ 3441.276183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3441.276198] ? __fsnotify_parent+0xe2/0x450 [ 3441.276218] __kmalloc_node+0x3d/0x70 [ 3441.299461] kvmalloc_node+0x68/0x100 [ 3441.303291] seq_read+0x832/0x1130 [ 3441.303552] gfs2: fsid=_h: can't read superblock [ 3441.306863] ? rw_verify_area+0x118/0x360 [ 3441.306884] do_iter_read+0x4a9/0x660 [ 3441.306900] ? dup_iter+0x260/0x260 [ 3441.306924] vfs_readv+0x175/0x1c0 [ 3441.326748] ? compat_rw_copy_check_uvector+0x3f0/0x3f0 [ 3441.332127] ? kasan_check_write+0x14/0x20 [ 3441.333835] gfs2: fsid=_h: can't read superblock: -5 [ 3441.336365] ? __mutex_unlock_slowpath+0x195/0x870 [ 3441.336386] ? wait_for_completion+0x810/0x810 [ 3441.336405] ? mutex_lock_nested+0x16/0x20 [ 3441.336420] ? mutex_lock_nested+0x16/0x20 [ 3441.359515] ? __fdget_pos+0xdc/0x1f0 [ 3441.363318] ? __fdget_raw+0x20/0x20 [ 3441.367042] ? __sb_end_write+0xd9/0x110 [ 3441.371115] do_readv+0x11a/0x300 [ 3441.374600] ? vfs_readv+0x1c0/0x1c0 [ 3441.378339] ? trace_hardirqs_off_caller+0x300/0x300 [ 3441.383448] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3441.383469] __x64_sys_readv+0x75/0xb0 [ 3441.383494] do_syscall_64+0x1a3/0x800 [ 3441.383511] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3441.392129] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 3441.392144] ? __switch_to_asm+0x34/0x70 [ 3441.392164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3441.392185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3441.400987] RIP: 0033:0x457ec9 [ 3441.401004] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3441.401012] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 05:27:04 executing program 1 (fault-call:4 fault-nth:3): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x28f) 05:27:04 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], [], [], [0x2]}, 0x45c) [ 3441.401027] RAX: ffffffffffffffda RBX: 00007f36f08fbc90 RCX: 0000000000457ec9 [ 3441.401037] RDX: 000000000000028f RSI: 00000000200000c0 RDI: 0000000000000003 [ 3441.401045] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3441.401055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3441.401064] R13: 00000000004c492b R14: 00000000004d8258 R15: 0000000000000004 05:27:04 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3441.735418] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3441.756457] gfs2: fsid=_h: Now mounting FS... [ 3441.783442] attempt to access beyond end of device [ 3441.808198] loop3: rw=4096, want=136, limit=9 [ 3441.826632] gfs2: error 10 reading superblock [ 3441.841239] gfs2: fsid=_h: can't read superblock [ 3441.846040] gfs2: fsid=_h: can't read superblock: -5 05:27:05 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1400, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:05 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000}, 0x0) 05:27:05 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000], [], [], [0x2]}, 0x45c) 05:27:05 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd0d}, 0x28) 05:27:05 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x28f) 05:27:05 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:05 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000], [], [], [0x2]}, 0x45c) 05:27:05 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd0e}, 0x28) 05:27:05 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0) [ 3442.115669] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3442.164912] gfs2: fsid=_h: Now mounting FS... [ 3442.197765] attempt to access beyond end of device [ 3442.227934] loop3: rw=4096, want=136, limit=10 [ 3442.257700] gfs2: error 10 reading superblock 05:27:05 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000], [], [], [0x2]}, 0x45c) [ 3442.278758] gfs2: fsid=_h: can't read superblock 05:27:05 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd0f}, 0x28) [ 3442.312264] gfs2: fsid=_h: can't read superblock: -5 05:27:05 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0) [ 3442.613433] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3442.620635] gfs2: fsid=_h: Now mounting FS... [ 3442.625556] attempt to access beyond end of device [ 3442.630928] loop3: rw=4096, want=136, limit=10 [ 3442.635852] gfs2: error 10 reading superblock [ 3442.641036] gfs2: fsid=_h: can't read superblock [ 3442.645919] gfs2: fsid=_h: can't read superblock: -5 05:27:06 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1500, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:06 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x28f}], 0x28f) 05:27:06 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000], [], [], [0x2]}, 0x45c) 05:27:06 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd10}, 0x28) 05:27:06 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}, 0x0) 05:27:06 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x6040000}, 0x0) 05:27:06 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000], [], [], [0x2]}, 0x45c) [ 3442.950375] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:06 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd11}, 0x28) 05:27:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3442.998148] gfs2: fsid=_h: Now mounting FS... [ 3443.010269] attempt to access beyond end of device [ 3443.037071] loop3: rw=4096, want=136, limit=10 [ 3443.055253] gfs2: error 10 reading superblock 05:27:06 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000}, 0x0) [ 3443.076490] gfs2: fsid=_h: can't read superblock [ 3443.095823] gfs2: fsid=_h: can't read superblock: -5 05:27:06 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000], [], [], [0x2]}, 0x45c) [ 3443.400176] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3443.423708] gfs2: fsid=_h: Now mounting FS... [ 3443.446754] attempt to access beyond end of device [ 3443.469739] loop3: rw=4096, want=136, limit=10 [ 3443.474439] gfs2: error 10 reading superblock [ 3443.487364] gfs2: fsid=_h: can't read superblock [ 3443.492173] gfs2: fsid=_h: can't read superblock: -5 05:27:06 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1600, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:06 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd12}, 0x28) 05:27:06 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2ac50000}, 0x0) 05:27:06 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x2000004c}], 0x28f) 05:27:06 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000], [], [], [0x2]}, 0x45c) 05:27:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:07 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000], [], [], [0x2]}, 0x45c) 05:27:07 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd13}, 0x28) 05:27:07 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}, 0x0) [ 3443.708070] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3443.776864] gfs2: fsid=_h: Now mounting FS... [ 3443.823313] attempt to access beyond end of device 05:27:07 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], [], [], [0x2]}, 0x45c) [ 3443.872772] loop3: rw=4096, want=136, limit=11 [ 3443.892704] gfs2: error 10 reading superblock [ 3443.905980] gfs2: fsid=_h: can't read superblock 05:27:07 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3443.934394] gfs2: fsid=_h: can't read superblock: -5 05:27:07 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd14}, 0x28) [ 3444.202094] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3444.238713] gfs2: fsid=_h: Now mounting FS... [ 3444.258122] attempt to access beyond end of device [ 3444.275229] loop3: rw=4096, want=136, limit=11 [ 3444.287380] gfs2: error 10 reading superblock [ 3444.325494] gfs2: fsid=_h: can't read superblock [ 3444.332018] gfs2: fsid=_h: can't read superblock: -5 05:27:07 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1700, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:07 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0) 05:27:07 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000], [], [], [0x2]}, 0x45c) 05:27:07 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd15}, 0x28) 05:27:07 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x7ffff000}], 0x28f) 05:27:07 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:07 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7f000000}, 0x0) 05:27:07 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000], [], [], [0x2]}, 0x45c) 05:27:07 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd16}, 0x28) [ 3444.597042] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3444.618572] gfs2: fsid=_h: Now mounting FS... [ 3444.657423] attempt to access beyond end of device [ 3444.680003] loop3: rw=4096, want=136, limit=11 [ 3444.700310] gfs2: error 10 reading superblock [ 3444.724464] gfs2: fsid=_h: can't read superblock 05:27:08 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xb8fd3f00}, 0x0) [ 3444.749093] gfs2: fsid=_h: can't read superblock: -5 05:27:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000], [], [], [0x2]}, 0x45c) 05:27:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd17}, 0x28) [ 3445.020532] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3445.027392] gfs2: fsid=_h: Now mounting FS... [ 3445.032412] attempt to access beyond end of device [ 3445.037584] loop3: rw=4096, want=136, limit=11 [ 3445.053779] gfs2: error 10 reading superblock [ 3445.073877] gfs2: fsid=_h: can't read superblock [ 3445.088735] gfs2: fsid=_h: can't read superblock: -5 05:27:08 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1800, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:08 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:08 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff}, 0x0) 05:27:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000], [], [], [0x2]}, 0x45c) 05:27:08 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x2) 05:27:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd18}, 0x28) 05:27:08 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfc000000}, 0x0) [ 3445.318540] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3445.357720] gfs2: fsid=_h: Now mounting FS... 05:27:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000], [], [], [0x2]}, 0x45c) 05:27:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd19}, 0x28) [ 3445.394353] attempt to access beyond end of device [ 3445.435827] loop3: rw=4096, want=136, limit=12 [ 3445.464333] gfs2: error 10 reading superblock [ 3445.476794] gfs2: fsid=_h: can't read superblock [ 3445.487616] gfs2: fsid=_h: can't read superblock: -5 05:27:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000], [], [], [0x2]}, 0x45c) 05:27:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd1a}, 0x28) 05:27:08 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000}, 0x0) [ 3445.737797] net_ratelimit: 24 callbacks suppressed [ 3445.737806] protocol 88fb is buggy, dev hsr_slave_0 [ 3445.738205] protocol 88fb is buggy, dev hsr_slave_0 [ 3445.742855] protocol 88fb is buggy, dev hsr_slave_1 [ 3445.747870] protocol 88fb is buggy, dev hsr_slave_1 [ 3445.763014] protocol 88fb is buggy, dev hsr_slave_0 [ 3445.768140] protocol 88fb is buggy, dev hsr_slave_1 [ 3445.773267] protocol 88fb is buggy, dev hsr_slave_0 [ 3445.778379] protocol 88fb is buggy, dev hsr_slave_1 [ 3445.810997] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3445.832674] gfs2: fsid=_h: Now mounting FS... [ 3445.845320] attempt to access beyond end of device [ 3445.860472] loop3: rw=4096, want=136, limit=12 [ 3445.865090] gfs2: error 10 reading superblock [ 3445.882149] gfs2: fsid=_h: can't read superblock [ 3445.886944] gfs2: fsid=_h: can't read superblock: -5 05:27:09 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1803, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:09 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:27:09 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [], [0x2]}, 0x45c) 05:27:09 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfec00000}, 0x0) 05:27:09 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x3) 05:27:09 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd1b}, 0x28) 05:27:09 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000}, 0x0) 05:27:09 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [], [0x2]}, 0x45c) [ 3446.057639] protocol 88fb is buggy, dev hsr_slave_0 [ 3446.062775] protocol 88fb is buggy, dev hsr_slave_1 [ 3446.178293] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:09 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x2]}, 0x45c) 05:27:09 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd1c}, 0x28) [ 3446.238642] gfs2: fsid=_h: Now mounting FS... [ 3446.258593] attempt to access beyond end of device [ 3446.292780] loop3: rw=4096, want=136, limit=12 [ 3446.313328] gfs2: error 10 reading superblock [ 3446.341728] gfs2: fsid=_h: can't read superblock 05:27:09 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef}, 0x0) [ 3446.364908] gfs2: fsid=_h: can't read superblock: -5 05:27:09 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3446.655069] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3446.661866] gfs2: fsid=_h: Now mounting FS... [ 3446.673408] attempt to access beyond end of device [ 3446.678769] loop3: rw=4096, want=136, limit=12 [ 3446.693834] gfs2: error 10 reading superblock [ 3446.715576] gfs2: fsid=_h: can't read superblock [ 3446.720548] gfs2: fsid=_h: can't read superblock: -5 05:27:10 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1900, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:10 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x4) 05:27:10 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}, 0x0) 05:27:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [], [0x2]}, 0x45c) 05:27:10 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd1d}, 0x28) 05:27:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:27:10 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0) 05:27:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [], [], [0x2]}, 0x45c) 05:27:10 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd1e}, 0x28) [ 3447.087932] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3447.116846] gfs2: fsid=_h: Now mounting FS... 05:27:10 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}, 0x0) 05:27:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], [], [0x2]}, 0x45c) [ 3447.147167] attempt to access beyond end of device [ 3447.157446] loop3: rw=4096, want=136, limit=12 [ 3447.169980] gfs2: error 10 reading superblock [ 3447.220499] gfs2: fsid=_h: can't read superblock 05:27:10 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd1f}, 0x28) [ 3447.252410] gfs2: fsid=_h: can't read superblock: -5 [ 3447.540820] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3447.553180] gfs2: fsid=_h: Now mounting FS... [ 3447.567668] attempt to access beyond end of device [ 3447.572623] loop3: rw=4096, want=136, limit=12 [ 3447.585006] gfs2: error 10 reading superblock [ 3447.596045] gfs2: fsid=_h: can't read superblock [ 3447.604642] gfs2: fsid=_h: can't read superblock: -5 05:27:11 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x190f, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:11 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa0010000000000}, 0x0) 05:27:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [], [], [0x2]}, 0x45c) 05:27:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) wait4(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:27:11 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd20}, 0x28) 05:27:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x5) 05:27:11 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xd0000000000000}, 0x0) 05:27:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [], [], [0x2]}, 0x45c) [ 3447.858355] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3447.864987] gfs2: fsid=_h: Now mounting FS... 05:27:11 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd21}, 0x28) [ 3447.908142] attempt to access beyond end of device [ 3447.918155] loop3: rw=4096, want=136, limit=12 [ 3447.928540] gfs2: error 10 reading superblock [ 3447.961934] gfs2: fsid=_h: can't read superblock 05:27:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) wait4(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3447.991994] gfs2: fsid=_h: can't read superblock: -5 05:27:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48], [], [], [0x2]}, 0x45c) 05:27:11 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, 0x0) [ 3448.175930] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3448.225353] CPU: 0 PID: 13924 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3448.232560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3448.241915] Call Trace: [ 3448.244510] dump_stack+0x1db/0x2d0 [ 3448.248143] ? dump_stack_print_info.cold+0x20/0x20 [ 3448.253177] dump_header+0x1e6/0x116c [ 3448.256993] ? add_lock_to_list.isra.0+0x450/0x450 [ 3448.261932] ? print_usage_bug+0xd0/0xd0 [ 3448.266014] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3448.270947] ? ___ratelimit+0x37c/0x686 [ 3448.274946] ? mark_held_locks+0xb1/0x100 [ 3448.279131] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3448.284249] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3448.289357] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3448.293944] ? trace_hardirqs_on+0xbd/0x310 [ 3448.298287] ? kasan_check_read+0x11/0x20 [ 3448.302434] ? ___ratelimit+0x37c/0x686 [ 3448.306409] ? trace_hardirqs_off_caller+0x300/0x300 [ 3448.311558] ? do_raw_spin_trylock+0x270/0x270 [ 3448.316135] ? trace_hardirqs_on_caller+0x310/0x310 [ 3448.321147] ? lock_acquire+0x1db/0x570 [ 3448.325127] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3448.330234] ? ___ratelimit+0xac/0x686 [ 3448.334124] ? idr_get_free+0xee0/0xee0 [ 3448.338115] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3448.342734] oom_kill_process.cold+0x10/0x9d4 [ 3448.347232] ? cgroup_procs_next+0x70/0x70 [ 3448.351472] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3448.355995] ? oom_badness+0xa50/0xa50 [ 3448.359887] ? oom_evaluate_task+0x540/0x540 [ 3448.364308] ? mem_cgroup_iter_break+0x30/0x30 [ 3448.368889] ? mutex_trylock+0x2d0/0x2d0 [ 3448.372972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3448.378549] ? rcu_read_unlock_special+0x380/0x380 [ 3448.383487] out_of_memory+0x885/0x1420 [ 3448.387478] ? mem_cgroup_iter+0x508/0xf30 [ 3448.391717] ? oom_killer_disable+0x340/0x340 [ 3448.396216] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3448.401338] ? lock_acquire+0x1db/0x570 [ 3448.405335] mem_cgroup_out_of_memory+0x160/0x210 [ 3448.410177] ? do_raw_spin_unlock+0xa0/0x330 [ 3448.414588] ? memcg_memory_event+0x40/0x40 [ 3448.418906] ? do_raw_spin_trylock+0x270/0x270 [ 3448.423559] ? _raw_spin_unlock+0x2d/0x50 [ 3448.427727] try_charge+0x12a9/0x19b0 [ 3448.431526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3448.437068] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3448.441918] ? rcu_read_unlock_special+0x380/0x380 [ 3448.446854] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3448.451700] ? get_mem_cgroup_from_page+0x190/0x190 [ 3448.456721] ? rcu_read_lock_sched_held+0x110/0x130 [ 3448.461751] mem_cgroup_try_charge+0x43a/0xdb0 [ 3448.466342] ? mem_cgroup_protected+0xa10/0xa10 [ 3448.471042] ? mark_held_locks+0x100/0x100 [ 3448.475292] ? pmd_val+0x85/0x100 [ 3448.478748] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3448.484458] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3448.490017] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3448.494951] __handle_mm_fault+0x2594/0x55a0 [ 3448.499402] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3448.504251] ? check_preemption_disabled+0x48/0x290 [ 3448.509288] ? handle_mm_fault+0x3cc/0xc80 [ 3448.513544] ? lock_downgrade+0x910/0x910 [ 3448.517690] ? kasan_check_read+0x11/0x20 [ 3448.521840] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3448.527123] ? rcu_read_unlock_special+0x380/0x380 [ 3448.532061] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3448.537607] ? check_preemption_disabled+0x48/0x290 [ 3448.542636] handle_mm_fault+0x4ec/0xc80 [ 3448.546705] ? __handle_mm_fault+0x55a0/0x55a0 [ 3448.551312] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3448.556337] __get_user_pages+0x8f7/0x1e10 [ 3448.560606] ? follow_page_mask+0x1f40/0x1f40 [ 3448.565115] ? lock_acquire+0x1db/0x570 [ 3448.569099] ? ___might_sleep+0x1e7/0x310 [ 3448.573255] ? lock_release+0xc40/0xc40 [ 3448.577287] ? find_held_lock+0x35/0x120 [ 3448.581376] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3448.585467] populate_vma_page_range+0x2bc/0x3b0 [ 3448.590253] ? memset+0x32/0x40 [ 3448.593538] ? follow_page+0x430/0x430 [ 3448.597440] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3448.603002] ? vmacache_update+0x114/0x140 [ 3448.607246] __mm_populate+0x27e/0x4c0 [ 3448.611165] ? populate_vma_page_range+0x3b0/0x3b0 [ 3448.616099] ? down_read_killable+0x150/0x150 [ 3448.620616] ? security_mmap_file+0x1a7/0x1e0 [ 3448.625143] vm_mmap_pgoff+0x277/0x2b0 [ 3448.629064] ? vma_is_stack_for_current+0xd0/0xd0 [ 3448.633912] ? kasan_check_read+0x11/0x20 [ 3448.638063] ? _copy_to_user+0xc9/0x120 [ 3448.642047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3448.647597] ksys_mmap_pgoff+0x102/0x650 [ 3448.651670] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3448.656429] ? trace_hardirqs_on+0xbd/0x310 [ 3448.660767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3448.666323] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3448.671700] ? trace_hardirqs_off_caller+0x300/0x300 [ 3448.676809] __x64_sys_mmap+0xe9/0x1b0 [ 3448.680728] do_syscall_64+0x1a3/0x800 [ 3448.684619] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3448.689557] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3448.694581] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3448.699450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3448.704640] RIP: 0033:0x457ec9 [ 3448.707835] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3448.726753] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3448.734464] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3448.741733] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3448.749009] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3448.756291] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3448.763559] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3448.847165] memory: usage 307160kB, limit 307200kB, failcnt 59000 [ 3448.855299] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3448.862246] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3448.868659] Memory cgroup stats for /syz1: cache:28KB rss:252700KB rss_huge:227328KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:206012KB active_anon:3856KB inactive_file:4KB active_file:0KB unevictable:42976KB [ 3448.891681] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3448.899104] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13753,uid=0 [ 3448.918749] Memory cgroup out of memory: Kill process 13753 (syz-executor1) score 1146 or sacrifice child [ 3448.928864] gfs2: fsid=_h: Now mounting FS... [ 3448.933987] attempt to access beyond end of device [ 3448.943071] Killed process 13753 (syz-executor1) total-vm:70664kB, anon-rss:15252kB, file-rss:32768kB, shmem-rss:0kB [ 3448.954357] loop3: rw=4096, want=136, limit=12 [ 3448.960718] gfs2: error 10 reading superblock [ 3448.969868] gfs2: fsid=_h: can't read superblock [ 3448.971390] oom_reaper: reaped process 13753 (syz-executor1), now anon-rss:0kB, file-rss:32640kB, shmem-rss:0kB [ 3448.974714] gfs2: fsid=_h: can't read superblock: -5 05:27:12 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1a00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:12 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd22}, 0x28) 05:27:12 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c], [], [], [0x2]}, 0x45c) 05:27:12 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, 0x0) 05:27:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) wait4(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3449.132302] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3449.204518] CPU: 1 PID: 13966 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3449.211758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3449.221111] Call Trace: [ 3449.223713] dump_stack+0x1db/0x2d0 [ 3449.227365] ? dump_stack_print_info.cold+0x20/0x20 [ 3449.227407] dump_header+0x1e6/0x116c [ 3449.236225] ? add_lock_to_list.isra.0+0x450/0x450 [ 3449.241212] ? print_usage_bug+0xd0/0xd0 [ 3449.241232] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3449.241250] ? ___ratelimit+0x37c/0x686 [ 3449.254219] ? mark_held_locks+0xb1/0x100 [ 3449.258405] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3449.258420] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3449.258436] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3449.268626] ? trace_hardirqs_on+0xbd/0x310 [ 3449.268641] ? kasan_check_read+0x11/0x20 [ 3449.268660] ? ___ratelimit+0x37c/0x686 [ 3449.285644] ? trace_hardirqs_off_caller+0x300/0x300 [ 3449.290781] ? do_raw_spin_trylock+0x270/0x270 [ 3449.295376] ? trace_hardirqs_on_caller+0x310/0x310 [ 3449.300406] ? lock_acquire+0x1db/0x570 [ 3449.304399] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3449.309518] ? ___ratelimit+0xac/0x686 [ 3449.313424] ? idr_get_free+0xee0/0xee0 [ 3449.317405] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3449.322013] oom_kill_process.cold+0x10/0x9d4 [ 3449.326528] ? cgroup_procs_next+0x70/0x70 [ 3449.330778] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3449.335282] ? oom_badness+0xa50/0xa50 [ 3449.339212] ? oom_evaluate_task+0x540/0x540 [ 3449.343631] ? mem_cgroup_iter_break+0x30/0x30 [ 3449.348218] ? mutex_trylock+0x2d0/0x2d0 [ 3449.352282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3449.357868] ? rcu_read_unlock_special+0x380/0x380 [ 3449.362891] out_of_memory+0x885/0x1420 [ 3449.366889] ? mem_cgroup_iter+0x508/0xf30 [ 3449.371135] ? oom_killer_disable+0x340/0x340 [ 3449.375657] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3449.380772] ? lock_acquire+0x1db/0x570 [ 3449.384770] mem_cgroup_out_of_memory+0x160/0x210 [ 3449.389639] ? do_raw_spin_unlock+0xa0/0x330 [ 3449.394080] ? memcg_memory_event+0x40/0x40 [ 3449.398414] ? do_raw_spin_trylock+0x270/0x270 [ 3449.403021] ? _raw_spin_unlock+0x2d/0x50 [ 3449.407177] try_charge+0x12a9/0x19b0 [ 3449.410996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3449.416542] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3449.421372] ? rcu_read_unlock_special+0x380/0x380 [ 3449.426309] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3449.431204] ? get_mem_cgroup_from_page+0x190/0x190 [ 3449.436215] ? rcu_read_lock_sched_held+0x110/0x130 [ 3449.441235] mem_cgroup_try_charge+0x43a/0xdb0 [ 3449.445804] ? mem_cgroup_protected+0xa10/0xa10 [ 3449.450485] ? mark_held_locks+0x100/0x100 [ 3449.454708] ? pmd_val+0x85/0x100 [ 3449.458145] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3449.463683] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3449.469229] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3449.474162] __handle_mm_fault+0x2594/0x55a0 [ 3449.478576] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3449.483418] ? check_preemption_disabled+0x48/0x290 [ 3449.488421] ? handle_mm_fault+0x3cc/0xc80 [ 3449.492649] ? lock_downgrade+0x910/0x910 [ 3449.496805] ? kasan_check_read+0x11/0x20 [ 3449.500948] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3449.506262] ? rcu_read_unlock_special+0x380/0x380 [ 3449.511193] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3449.516716] ? check_preemption_disabled+0x48/0x290 [ 3449.521766] handle_mm_fault+0x4ec/0xc80 [ 3449.525839] ? __handle_mm_fault+0x55a0/0x55a0 [ 3449.530422] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3449.535446] __get_user_pages+0x8f7/0x1e10 [ 3449.539677] ? follow_page_mask+0x1f40/0x1f40 [ 3449.544209] ? lock_acquire+0x1db/0x570 [ 3449.548200] ? ___might_sleep+0x1e7/0x310 [ 3449.552347] ? lock_release+0xc40/0xc40 [ 3449.556325] ? find_held_lock+0x35/0x120 [ 3449.560379] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3449.564441] populate_vma_page_range+0x2bc/0x3b0 [ 3449.569186] ? memset+0x32/0x40 [ 3449.572491] ? follow_page+0x430/0x430 [ 3449.576415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3449.581990] ? vmacache_update+0x114/0x140 [ 3449.586240] __mm_populate+0x27e/0x4c0 [ 3449.590137] ? populate_vma_page_range+0x3b0/0x3b0 [ 3449.595179] ? down_read_killable+0x150/0x150 [ 3449.599681] ? security_mmap_file+0x1a7/0x1e0 [ 3449.604168] vm_mmap_pgoff+0x277/0x2b0 [ 3449.608057] ? vma_is_stack_for_current+0xd0/0xd0 [ 3449.612905] ? check_preemption_disabled+0x48/0x290 [ 3449.617915] ksys_mmap_pgoff+0x102/0x650 [ 3449.621999] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3449.626740] ? trace_hardirqs_on+0xbd/0x310 [ 3449.631051] ? __do_page_fault+0x3f1/0xd60 [ 3449.635277] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3449.640633] ? trace_hardirqs_off_caller+0x300/0x300 [ 3449.645741] __x64_sys_mmap+0xe9/0x1b0 [ 3449.649620] do_syscall_64+0x1a3/0x800 [ 3449.653516] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3449.658443] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3449.663490] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3449.668364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3449.673549] RIP: 0033:0x457ec9 [ 3449.676728] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3449.695624] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3449.703320] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3449.710589] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3449.717847] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3449.725113] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3449.732364] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3449.741714] memory: usage 307200kB, limit 307200kB, failcnt 59026 [ 3449.748154] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3449.748164] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3449.748186] Memory cgroup stats for /syz1: cache:28KB rss:252744KB rss_huge:223232KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207928KB active_anon:3844KB inactive_file:0KB active_file:0KB unevictable:41028KB [ 3449.748328] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13435,uid=0 [ 3449.748392] Memory cgroup out of memory: Kill process 13435 (syz-executor1) score 1145 or sacrifice child [ 3449.748463] Killed process 13435 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3449.831021] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3449.838750] gfs2: fsid=_h: Now mounting FS... [ 3449.843821] attempt to access beyond end of device [ 3449.849357] loop3: rw=4096, want=136, limit=13 [ 3449.855452] gfs2: error 10 reading superblock [ 3449.867731] gfs2: fsid=_h: can't read superblock [ 3449.873848] gfs2: fsid=_h: can't read superblock: -5 05:27:13 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x6) 05:27:13 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}, 0x0) 05:27:13 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [], [], [0x2]}, 0x45c) 05:27:13 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd23}, 0x28) 05:27:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:13 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c], [], [], [0x2]}, 0x45c) [ 3450.039137] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3450.045782] gfs2: fsid=_h: Now mounting FS... 05:27:13 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd24}, 0x28) [ 3450.191507] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3450.208066] attempt to access beyond end of device [ 3450.277556] loop3: rw=4096, want=136, limit=13 [ 3450.282165] gfs2: error 10 reading superblock [ 3450.286686] gfs2: fsid=_h: can't read superblock [ 3450.298040] gfs2: fsid=_h: can't read superblock: -5 [ 3450.308439] CPU: 0 PID: 14004 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3450.315646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3450.325051] Call Trace: [ 3450.327646] dump_stack+0x1db/0x2d0 [ 3450.331283] ? dump_stack_print_info.cold+0x20/0x20 [ 3450.336312] dump_header+0x1e6/0x116c [ 3450.340125] ? add_lock_to_list.isra.0+0x450/0x450 [ 3450.345080] ? print_usage_bug+0xd0/0xd0 [ 3450.349147] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3450.354096] ? ___ratelimit+0x37c/0x686 [ 3450.358088] ? mark_held_locks+0xb1/0x100 [ 3450.358108] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3450.358124] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3450.358139] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3450.358170] ? trace_hardirqs_on+0xbd/0x310 [ 3450.358186] ? kasan_check_read+0x11/0x20 [ 3450.358216] ? ___ratelimit+0x37c/0x686 [ 3450.358247] ? trace_hardirqs_off_caller+0x300/0x300 [ 3450.358262] ? do_raw_spin_trylock+0x270/0x270 [ 3450.358278] ? trace_hardirqs_on_caller+0x310/0x310 [ 3450.358291] ? lock_acquire+0x1db/0x570 [ 3450.358314] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3450.358332] ? ___ratelimit+0xac/0x686 [ 3450.358351] ? idr_get_free+0xee0/0xee0 [ 3450.358367] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3450.358393] oom_kill_process.cold+0x10/0x9d4 [ 3450.358413] ? cgroup_procs_next+0x70/0x70 [ 3450.358448] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3450.358481] ? oom_badness+0xa50/0xa50 [ 3450.358505] ? oom_evaluate_task+0x540/0x540 [ 3450.358520] ? mem_cgroup_iter_break+0x30/0x30 [ 3450.358533] ? mutex_trylock+0x2d0/0x2d0 [ 3450.358547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3450.358572] ? rcu_read_unlock_special+0x380/0x380 [ 3450.367855] out_of_memory+0x885/0x1420 [ 3450.367873] ? mem_cgroup_iter+0x508/0xf30 [ 3450.367894] ? oom_killer_disable+0x340/0x340 [ 3450.367911] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3450.367927] ? lock_acquire+0x1db/0x570 [ 3450.367953] mem_cgroup_out_of_memory+0x160/0x210 [ 3450.367984] ? do_raw_spin_unlock+0xa0/0x330 [ 3450.368001] ? memcg_memory_event+0x40/0x40 [ 3450.386170] ? do_raw_spin_trylock+0x270/0x270 [ 3450.386196] ? _raw_spin_unlock+0x2d/0x50 [ 3450.386213] try_charge+0x12a9/0x19b0 [ 3450.399899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3450.408886] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3450.408904] ? rcu_read_unlock_special+0x380/0x380 [ 3450.408929] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3450.408945] ? get_mem_cgroup_from_page+0x190/0x190 [ 3450.408993] ? rcu_read_lock_sched_held+0x110/0x130 [ 3450.409013] mem_cgroup_try_charge+0x43a/0xdb0 [ 3450.409032] ? mem_cgroup_protected+0xa10/0xa10 [ 3450.409059] ? mark_held_locks+0x100/0x100 [ 3450.431060] ? pmd_val+0x85/0x100 [ 3450.431075] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3450.431090] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3450.439817] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3450.439838] __handle_mm_fault+0x2594/0x55a0 [ 3450.439862] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3450.439878] ? check_preemption_disabled+0x48/0x290 [ 3450.439895] ? handle_mm_fault+0x3cc/0xc80 [ 3450.439923] ? lock_downgrade+0x910/0x910 [ 3450.439939] ? kasan_check_read+0x11/0x20 [ 3450.604695] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3450.609992] ? rcu_read_unlock_special+0x380/0x380 [ 3450.614920] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3450.620459] ? check_preemption_disabled+0x48/0x290 [ 3450.625480] handle_mm_fault+0x4ec/0xc80 [ 3450.629547] ? __handle_mm_fault+0x55a0/0x55a0 [ 3450.634157] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3450.639189] __get_user_pages+0x8f7/0x1e10 [ 3450.643479] ? follow_page_mask+0x1f40/0x1f40 [ 3450.647998] ? lock_acquire+0x1db/0x570 [ 3450.651991] ? ___might_sleep+0x1e7/0x310 [ 3450.656156] ? lock_release+0xc40/0xc40 [ 3450.660131] ? find_held_lock+0x35/0x120 [ 3450.664206] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3450.668277] populate_vma_page_range+0x2bc/0x3b0 [ 3450.673034] ? memset+0x32/0x40 [ 3450.676332] ? follow_page+0x430/0x430 [ 3450.680218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3450.685766] ? vmacache_update+0x114/0x140 [ 3450.690016] __mm_populate+0x27e/0x4c0 [ 3450.693908] ? populate_vma_page_range+0x3b0/0x3b0 [ 3450.698841] ? down_read_killable+0x150/0x150 [ 3450.703340] ? security_mmap_file+0x1a7/0x1e0 [ 3450.707844] vm_mmap_pgoff+0x277/0x2b0 [ 3450.711768] ? vma_is_stack_for_current+0xd0/0xd0 [ 3450.716612] ? kasan_check_read+0x11/0x20 [ 3450.720758] ? _copy_to_user+0xc9/0x120 [ 3450.724734] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3450.730282] ksys_mmap_pgoff+0x102/0x650 [ 3450.734352] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3450.739110] ? trace_hardirqs_on+0xbd/0x310 [ 3450.743429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3450.748984] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3450.754351] ? trace_hardirqs_off_caller+0x300/0x300 [ 3450.759571] __x64_sys_mmap+0xe9/0x1b0 [ 3450.763468] do_syscall_64+0x1a3/0x800 [ 3450.767367] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3450.772855] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3450.777881] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3450.782737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3450.788000] RIP: 0033:0x457ec9 [ 3450.791203] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3450.810103] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3450.817815] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3450.825083] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3450.832354] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3450.839636] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3450.846904] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3450.870698] memory: usage 303380kB, limit 307200kB, failcnt 59037 [ 3450.877129] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3450.884107] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3450.890458] Memory cgroup stats for /syz1: cache:28KB rss:252692KB rss_huge:223232KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207928KB active_anon:3840KB inactive_file:0KB active_file:0KB unevictable:41088KB [ 3450.915702] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13486,uid=0 [ 3450.937588] Memory cgroup out of memory: Kill process 13486 (syz-executor1) score 1145 or sacrifice child [ 3450.948421] Killed process 13486 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:14 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1b00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:14 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x604000000000000}, 0x0) 05:27:14 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74], [], [], [0x2]}, 0x45c) 05:27:14 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd25}, 0x28) 05:27:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3450.966882] oom_reaper: reaped process 13486 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3451.115491] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3451.163662] gfs2: fsid=_h: Now mounting FS... [ 3451.190712] attempt to access beyond end of device [ 3451.203904] loop3: rw=4096, want=136, limit=13 [ 3451.230457] gfs2: error 10 reading superblock [ 3451.235104] gfs2: fsid=_h: can't read superblock [ 3451.251864] gfs2: fsid=_h: can't read superblock: -5 [ 3451.359206] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3451.374707] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3451.386671] gfs2: fsid=_h: Now mounting FS... [ 3451.391687] attempt to access beyond end of device [ 3451.396670] loop3: rw=4096, want=136, limit=13 [ 3451.401455] gfs2: error 10 reading superblock [ 3451.406007] gfs2: fsid=_h: can't read superblock [ 3451.411474] gfs2: fsid=_h: can't read superblock: -5 [ 3451.413819] CPU: 1 PID: 14018 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3451.423783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3451.433149] Call Trace: [ 3451.435746] dump_stack+0x1db/0x2d0 [ 3451.439388] ? dump_stack_print_info.cold+0x20/0x20 [ 3451.444422] dump_header+0x1e6/0x116c [ 3451.448236] ? add_lock_to_list.isra.0+0x450/0x450 [ 3451.453178] ? print_usage_bug+0xd0/0xd0 [ 3451.453196] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3451.462166] ? ___ratelimit+0x37c/0x686 [ 3451.466172] ? mark_held_locks+0xb1/0x100 [ 3451.470331] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3451.475439] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3451.480545] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3451.480561] ? trace_hardirqs_on+0xbd/0x310 [ 3451.480575] ? kasan_check_read+0x11/0x20 [ 3451.480593] ? ___ratelimit+0x37c/0x686 [ 3451.480607] ? trace_hardirqs_off_caller+0x300/0x300 [ 3451.502686] ? do_raw_spin_trylock+0x270/0x270 [ 3451.507280] ? trace_hardirqs_on_caller+0x310/0x310 [ 3451.512334] ? lock_acquire+0x1db/0x570 [ 3451.516351] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3451.521463] ? ___ratelimit+0xac/0x686 [ 3451.525385] ? idr_get_free+0xee0/0xee0 [ 3451.529370] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3451.533983] oom_kill_process.cold+0x10/0x9d4 [ 3451.538519] ? cgroup_procs_next+0x70/0x70 [ 3451.542775] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3451.547282] ? oom_badness+0xa50/0xa50 [ 3451.551201] ? oom_evaluate_task+0x540/0x540 [ 3451.555624] ? mem_cgroup_iter_break+0x30/0x30 [ 3451.560202] ? mutex_trylock+0x2d0/0x2d0 [ 3451.564250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3451.569781] ? rcu_read_unlock_special+0x380/0x380 [ 3451.574721] out_of_memory+0x885/0x1420 [ 3451.578685] ? mem_cgroup_iter+0x508/0xf30 [ 3451.582937] ? oom_killer_disable+0x340/0x340 [ 3451.587420] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3451.592538] ? lock_acquire+0x1db/0x570 [ 3451.596504] mem_cgroup_out_of_memory+0x160/0x210 [ 3451.601330] ? do_raw_spin_unlock+0xa0/0x330 [ 3451.605719] ? memcg_memory_event+0x40/0x40 [ 3451.610025] ? do_raw_spin_trylock+0x270/0x270 [ 3451.614592] ? _raw_spin_unlock+0x2d/0x50 [ 3451.618725] try_charge+0x12a9/0x19b0 [ 3451.622510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3451.628039] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3451.632869] ? rcu_read_unlock_special+0x380/0x380 [ 3451.637793] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3451.642622] ? get_mem_cgroup_from_page+0x190/0x190 [ 3451.647644] ? rcu_read_lock_sched_held+0x110/0x130 [ 3451.652678] mem_cgroup_try_charge+0x43a/0xdb0 [ 3451.657255] ? mem_cgroup_protected+0xa10/0xa10 [ 3451.661916] ? mark_held_locks+0x100/0x100 [ 3451.666136] ? pmd_val+0x85/0x100 [ 3451.669578] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3451.675116] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3451.680672] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3451.685617] __handle_mm_fault+0x2594/0x55a0 [ 3451.690016] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3451.694844] ? check_preemption_disabled+0x48/0x290 [ 3451.699849] ? handle_mm_fault+0x3cc/0xc80 [ 3451.704089] ? lock_downgrade+0x910/0x910 [ 3451.708225] ? kasan_check_read+0x11/0x20 [ 3451.712374] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3451.717656] ? rcu_read_unlock_special+0x380/0x380 [ 3451.722571] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3451.728115] ? check_preemption_disabled+0x48/0x290 [ 3451.733122] handle_mm_fault+0x4ec/0xc80 [ 3451.737170] ? __handle_mm_fault+0x55a0/0x55a0 [ 3451.741743] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3451.746744] __get_user_pages+0x8f7/0x1e10 [ 3451.750966] ? follow_page_mask+0x1f40/0x1f40 [ 3451.755477] ? lock_acquire+0x1db/0x570 [ 3451.759456] ? ___might_sleep+0x1e7/0x310 [ 3451.763594] ? lock_release+0xc40/0xc40 [ 3451.767552] ? find_held_lock+0x35/0x120 [ 3451.771599] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3451.775654] populate_vma_page_range+0x2bc/0x3b0 [ 3451.780392] ? memset+0x32/0x40 [ 3451.783720] ? follow_page+0x430/0x430 [ 3451.787595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3451.793114] ? vmacache_update+0x114/0x140 [ 3451.797351] __mm_populate+0x27e/0x4c0 [ 3451.801227] ? populate_vma_page_range+0x3b0/0x3b0 [ 3451.806138] ? down_read_killable+0x150/0x150 [ 3451.810619] ? security_mmap_file+0x1a7/0x1e0 [ 3451.815100] vm_mmap_pgoff+0x277/0x2b0 [ 3451.818999] ? vma_is_stack_for_current+0xd0/0xd0 [ 3451.823844] ? check_preemption_disabled+0x48/0x290 [ 3451.828860] ksys_mmap_pgoff+0x102/0x650 [ 3451.832906] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3451.837654] ? trace_hardirqs_on+0xbd/0x310 [ 3451.841963] ? __do_page_fault+0x3f1/0xd60 [ 3451.846214] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3451.851578] ? trace_hardirqs_off_caller+0x300/0x300 [ 3451.856666] __x64_sys_mmap+0xe9/0x1b0 [ 3451.860539] do_syscall_64+0x1a3/0x800 [ 3451.864442] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3451.869368] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3451.874369] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3451.879215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3451.884403] RIP: 0033:0x457ec9 [ 3451.887581] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3451.906487] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3451.914178] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3451.921451] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3451.928810] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3451.936098] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3451.943349] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3451.954000] memory: usage 307192kB, limit 307200kB, failcnt 59103 [ 3451.960514] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3451.967463] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3451.973663] Memory cgroup stats for /syz1: cache:28KB rss:256452KB rss_huge:223232KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207804KB active_anon:3804KB inactive_file:0KB active_file:0KB unevictable:44992KB [ 3451.995413] net_ratelimit: 25 callbacks suppressed [ 3451.995422] protocol 88fb is buggy, dev hsr_slave_0 [ 3451.995506] protocol 88fb is buggy, dev hsr_slave_1 [ 3451.995623] protocol 88fb is buggy, dev hsr_slave_0 [ 3451.995688] protocol 88fb is buggy, dev hsr_slave_1 [ 3451.995800] protocol 88fb is buggy, dev hsr_slave_0 [ 3451.995857] protocol 88fb is buggy, dev hsr_slave_1 [ 3451.997293] protocol 88fb is buggy, dev hsr_slave_0 [ 3452.001501] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13558,uid=0 [ 3452.006492] protocol 88fb is buggy, dev hsr_slave_1 [ 3452.011511] Memory cgroup out of memory: Kill process 13558 (syz-executor1) score 1145 or sacrifice child [ 3452.065908] Killed process 13558 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3452.082350] oom_reaper: reaped process 13558 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:15 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x7) 05:27:15 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd26}, 0x28) 05:27:15 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf00000000000000}, 0x0) 05:27:15 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], [], [], [0x2]}, 0x45c) 05:27:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:15 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1c00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:15 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300], [], [], [0x2]}, 0x45c) 05:27:15 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd27}, 0x28) [ 3452.218777] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3452.225512] gfs2: fsid=_h: Now mounting FS... [ 3452.255176] attempt to access beyond end of device [ 3452.297309] protocol 88fb is buggy, dev hsr_slave_0 [ 3452.302415] protocol 88fb is buggy, dev hsr_slave_1 [ 3452.310268] loop3: rw=4096, want=136, limit=14 05:27:15 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2ac5000000000000}, 0x0) [ 3452.351845] gfs2: error 10 reading superblock [ 3452.410707] gfs2: fsid=_h: can't read superblock [ 3452.440576] gfs2: fsid=_h: can't read superblock: -5 05:27:15 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500], [], [], [0x2]}, 0x45c) 05:27:15 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd28}, 0x28) 05:27:15 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}, 0x0) [ 3452.635723] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3452.649040] CPU: 0 PID: 14062 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3452.656237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3452.656243] Call Trace: [ 3452.656265] dump_stack+0x1db/0x2d0 [ 3452.656301] ? dump_stack_print_info.cold+0x20/0x20 [ 3452.676873] dump_header+0x1e6/0x116c [ 3452.680707] ? add_lock_to_list.isra.0+0x450/0x450 [ 3452.685651] ? print_usage_bug+0xd0/0xd0 [ 3452.685672] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3452.685690] ? ___ratelimit+0x37c/0x686 [ 3452.685710] ? mark_held_locks+0xb1/0x100 [ 3452.694687] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3452.694704] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3452.694718] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3452.694734] ? trace_hardirqs_on+0xbd/0x310 [ 3452.707953] ? kasan_check_read+0x11/0x20 [ 3452.707986] ? ___ratelimit+0x37c/0x686 [ 3452.708004] ? trace_hardirqs_off_caller+0x300/0x300 [ 3452.708019] ? do_raw_spin_trylock+0x270/0x270 [ 3452.708034] ? trace_hardirqs_on_caller+0x310/0x310 [ 3452.708048] ? lock_acquire+0x1db/0x570 [ 3452.708085] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3452.708134] ? ___ratelimit+0xac/0x686 [ 3452.708151] ? idr_get_free+0xee0/0xee0 [ 3452.708166] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3452.708207] oom_kill_process.cold+0x10/0x9d4 [ 3452.708225] ? cgroup_procs_next+0x70/0x70 [ 3452.708244] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3452.708260] ? oom_badness+0xa50/0xa50 [ 3452.708281] ? oom_evaluate_task+0x540/0x540 [ 3452.708298] ? mem_cgroup_iter_break+0x30/0x30 [ 3452.708311] ? mutex_trylock+0x2d0/0x2d0 [ 3452.708327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3452.718031] ? rcu_read_unlock_special+0x380/0x380 [ 3452.718057] out_of_memory+0x885/0x1420 [ 3452.718075] ? mem_cgroup_iter+0x508/0xf30 [ 3452.718097] ? oom_killer_disable+0x340/0x340 [ 3452.718115] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3452.718132] ? lock_acquire+0x1db/0x570 [ 3452.718160] mem_cgroup_out_of_memory+0x160/0x210 [ 3452.718175] ? do_raw_spin_unlock+0xa0/0x330 [ 3452.718191] ? memcg_memory_event+0x40/0x40 [ 3452.730625] ? do_raw_spin_trylock+0x270/0x270 [ 3452.730650] ? _raw_spin_unlock+0x2d/0x50 [ 3452.740364] try_charge+0x12a9/0x19b0 [ 3452.740381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3452.740404] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3452.740423] ? rcu_read_unlock_special+0x380/0x380 [ 3452.740451] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3452.740468] ? get_mem_cgroup_from_page+0x190/0x190 [ 3452.754532] ? rcu_read_lock_sched_held+0x110/0x130 [ 3452.754553] mem_cgroup_try_charge+0x43a/0xdb0 [ 3452.754573] ? mem_cgroup_protected+0xa10/0xa10 [ 3452.754597] ? mark_held_locks+0x100/0x100 [ 3452.762430] ? pmd_val+0x85/0x100 [ 3452.762448] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3452.762462] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3452.762485] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3452.762506] __handle_mm_fault+0x2594/0x55a0 [ 3452.762530] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3452.776308] ? check_preemption_disabled+0x48/0x290 [ 3452.776328] ? handle_mm_fault+0x3cc/0xc80 [ 3452.776361] ? lock_downgrade+0x910/0x910 [ 3452.776376] ? kasan_check_read+0x11/0x20 [ 3452.776408] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3452.784785] ? rcu_read_unlock_special+0x380/0x380 [ 3452.784817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3452.784833] ? check_preemption_disabled+0x48/0x290 [ 3452.784856] handle_mm_fault+0x4ec/0xc80 [ 3452.784879] ? __handle_mm_fault+0x55a0/0x55a0 [ 3452.797946] __get_user_pages+0x8f7/0x1e10 [ 3452.798003] ? follow_page_mask+0x1f40/0x1f40 [ 3452.798042] ? lock_acquire+0x1db/0x570 [ 3452.798060] ? ___might_sleep+0x1e7/0x310 [ 3452.798078] ? lock_release+0xc40/0xc40 [ 3452.798092] ? find_held_lock+0x35/0x120 [ 3452.808553] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3452.808574] populate_vma_page_range+0x2bc/0x3b0 [ 3452.808599] ? memset+0x32/0x40 [ 3452.808616] ? follow_page+0x430/0x430 [ 3452.808630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3452.808642] ? vmacache_update+0x114/0x140 [ 3452.808665] __mm_populate+0x27e/0x4c0 [ 3452.808687] ? populate_vma_page_range+0x3b0/0x3b0 [ 3452.808701] ? down_read_killable+0x150/0x150 [ 3452.808720] ? security_mmap_file+0x1a7/0x1e0 [ 3452.821405] vm_mmap_pgoff+0x277/0x2b0 [ 3452.821432] ? vma_is_stack_for_current+0xd0/0xd0 [ 3452.821447] ? kasan_check_read+0x11/0x20 [ 3452.821463] ? _copy_to_user+0xc9/0x120 [ 3452.835380] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3453.066100] ksys_mmap_pgoff+0x102/0x650 [ 3453.070171] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3453.074928] ? trace_hardirqs_on+0xbd/0x310 [ 3453.079273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3453.084811] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3453.090173] ? trace_hardirqs_off_caller+0x300/0x300 [ 3453.095278] __x64_sys_mmap+0xe9/0x1b0 [ 3453.099179] do_syscall_64+0x1a3/0x800 [ 3453.103072] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3453.108036] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3453.113060] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3453.117933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3453.123117] RIP: 0033:0x457ec9 [ 3453.126306] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3453.145202] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3453.152925] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3453.160190] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3453.167452] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3453.174777] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3453.182059] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3453.246070] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3453.290815] gfs2: fsid=_h: Now mounting FS... [ 3453.307911] attempt to access beyond end of device [ 3453.318235] loop3: rw=4096, want=136, limit=14 [ 3453.322960] gfs2: error 10 reading superblock [ 3453.329035] gfs2: fsid=_h: can't read superblock [ 3453.333902] gfs2: fsid=_h: can't read superblock: -5 [ 3453.334739] memory: usage 307200kB, limit 307200kB, failcnt 59137 [ 3453.352532] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3453.360498] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3453.366770] Memory cgroup stats for /syz1: cache:28KB rss:256500KB rss_huge:219136KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207804KB active_anon:3808KB inactive_file:0KB active_file:0KB unevictable:45052KB [ 3453.391125] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13650,uid=0 [ 3453.405810] Memory cgroup out of memory: Kill process 13650 (syz-executor1) score 1145 or sacrifice child [ 3453.415640] Killed process 13650 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3453.433147] oom_reaper: reaped process 13650 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:17 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x8) 05:27:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r1 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r1, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(0xffffffffffffffff) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(0xffffffffffffffff, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:27:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600], [], [], [0x2]}, 0x45c) 05:27:17 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x0) 05:27:17 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd29}, 0x28) 05:27:17 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1d00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700], [], [], [0x2]}, 0x45c) 05:27:17 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7f00000000000000}, 0x0) [ 3453.855108] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3453.913210] gfs2: fsid=_h: Now mounting FS... 05:27:17 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd2a}, 0x28) [ 3453.947700] attempt to access beyond end of device [ 3453.966959] loop3: rw=4096, want=136, limit=14 [ 3453.987436] gfs2: error 10 reading superblock [ 3454.012170] gfs2: fsid=_h: can't read superblock [ 3454.015297] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 05:27:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00], [], [], [0x2]}, 0x45c) 05:27:17 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xb8fd3f0000000000}, 0x0) [ 3454.060259] gfs2: fsid=_h: can't read superblock: -5 [ 3454.133376] CPU: 1 PID: 14116 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3454.140700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3454.150052] Call Trace: [ 3454.152648] dump_stack+0x1db/0x2d0 [ 3454.156297] ? dump_stack_print_info.cold+0x20/0x20 [ 3454.161385] dump_header+0x1e6/0x116c [ 3454.165192] ? add_lock_to_list.isra.0+0x450/0x450 [ 3454.170124] ? print_usage_bug+0xd0/0xd0 [ 3454.174229] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3454.179212] ? ___ratelimit+0x37c/0x686 [ 3454.183229] ? mark_held_locks+0xb1/0x100 [ 3454.187404] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3454.192521] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3454.197643] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3454.202231] ? trace_hardirqs_on+0xbd/0x310 [ 3454.206554] ? kasan_check_read+0x11/0x20 [ 3454.210706] ? ___ratelimit+0x37c/0x686 [ 3454.214684] ? trace_hardirqs_off_caller+0x300/0x300 [ 3454.219820] ? do_raw_spin_trylock+0x270/0x270 [ 3454.224421] ? trace_hardirqs_on_caller+0x310/0x310 [ 3454.229443] ? lock_acquire+0x1db/0x570 05:27:17 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000}, 0x0) [ 3454.233440] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3454.238546] ? ___ratelimit+0xac/0x686 [ 3454.242438] ? idr_get_free+0xee0/0xee0 [ 3454.246417] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3454.251034] oom_kill_process.cold+0x10/0x9d4 [ 3454.255556] ? cgroup_procs_next+0x70/0x70 [ 3454.259816] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3454.264312] ? oom_badness+0xa50/0xa50 [ 3454.264333] ? oom_evaluate_task+0x540/0x540 [ 3454.264350] ? mem_cgroup_iter_break+0x30/0x30 [ 3454.264363] ? mutex_trylock+0x2d0/0x2d0 [ 3454.264377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3454.264402] ? rcu_read_unlock_special+0x380/0x380 [ 3454.291748] out_of_memory+0x885/0x1420 [ 3454.291767] ? mem_cgroup_iter+0x508/0xf30 [ 3454.291789] ? oom_killer_disable+0x340/0x340 [ 3454.291808] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3454.291825] ? lock_acquire+0x1db/0x570 [ 3454.291851] mem_cgroup_out_of_memory+0x160/0x210 [ 3454.291867] ? do_raw_spin_unlock+0xa0/0x330 [ 3454.309628] ? memcg_memory_event+0x40/0x40 [ 3454.309642] ? do_raw_spin_trylock+0x270/0x270 [ 3454.309666] ? _raw_spin_unlock+0x2d/0x50 [ 3454.309683] try_charge+0x12a9/0x19b0 [ 3454.309698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3454.309716] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3454.318514] ? rcu_read_unlock_special+0x380/0x380 [ 3454.318538] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3454.318554] ? get_mem_cgroup_from_page+0x190/0x190 [ 3454.318591] ? rcu_read_lock_sched_held+0x110/0x130 [ 3454.318609] mem_cgroup_try_charge+0x43a/0xdb0 [ 3454.318642] ? mem_cgroup_protected+0xa10/0xa10 [ 3454.345421] ? mark_held_locks+0x100/0x100 [ 3454.345437] ? pmd_val+0x85/0x100 [ 3454.345451] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3454.345463] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3454.345492] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3454.374702] __handle_mm_fault+0x2594/0x55a0 [ 3454.392617] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3454.392635] ? check_preemption_disabled+0x48/0x290 [ 3454.392672] ? handle_mm_fault+0x3cc/0xc80 [ 3454.392699] ? lock_downgrade+0x910/0x910 [ 3454.425740] ? kasan_check_read+0x11/0x20 [ 3454.429895] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3454.435202] ? rcu_read_unlock_special+0x380/0x380 [ 3454.440137] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3454.445692] ? check_preemption_disabled+0x48/0x290 [ 3454.450728] handle_mm_fault+0x4ec/0xc80 [ 3454.454803] ? __handle_mm_fault+0x55a0/0x55a0 [ 3454.459406] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3454.464447] __get_user_pages+0x8f7/0x1e10 [ 3454.468708] ? follow_page_mask+0x1f40/0x1f40 [ 3454.473233] ? lock_acquire+0x1db/0x570 [ 3454.477221] ? ___might_sleep+0x1e7/0x310 [ 3454.481375] ? lock_release+0xc40/0xc40 [ 3454.485360] ? find_held_lock+0x35/0x120 [ 3454.489427] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3454.493536] populate_vma_page_range+0x2bc/0x3b0 [ 3454.498312] ? memset+0x32/0x40 [ 3454.501619] ? follow_page+0x430/0x430 [ 3454.505515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3454.511063] ? vmacache_update+0x114/0x140 [ 3454.515309] __mm_populate+0x27e/0x4c0 [ 3454.519205] ? populate_vma_page_range+0x3b0/0x3b0 [ 3454.524143] ? down_read_killable+0x150/0x150 [ 3454.528667] ? security_mmap_file+0x1a7/0x1e0 [ 3454.533192] vm_mmap_pgoff+0x277/0x2b0 [ 3454.537092] ? vma_is_stack_for_current+0xd0/0xd0 [ 3454.541938] ? kasan_check_read+0x11/0x20 [ 3454.546103] ? _copy_to_user+0xc9/0x120 [ 3454.550082] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3454.555652] ksys_mmap_pgoff+0x102/0x650 [ 3454.559735] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3454.564501] ? trace_hardirqs_on+0xbd/0x310 [ 3454.568827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3454.574372] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3454.579738] ? trace_hardirqs_off_caller+0x300/0x300 [ 3454.584848] __x64_sys_mmap+0xe9/0x1b0 [ 3454.588746] do_syscall_64+0x1a3/0x800 [ 3454.592641] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3454.597575] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3454.602602] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3454.607487] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3454.612698] RIP: 0033:0x457ec9 [ 3454.615889] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3454.634793] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3454.642517] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3454.649786] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3454.657076] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3454.664350] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3454.671637] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3454.816890] memory: usage 307144kB, limit 307200kB, failcnt 59170 [ 3454.840379] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3454.847148] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3454.871094] Memory cgroup stats for /syz1: cache:28KB rss:256448KB rss_huge:217088KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207944KB active_anon:3916KB inactive_file:0KB active_file:0KB unevictable:44608KB [ 3454.900556] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13688,uid=0 [ 3454.921909] Memory cgroup out of memory: Kill process 13688 (syz-executor1) score 1145 or sacrifice child [ 3454.933045] Killed process 13688 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3455.005567] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3455.016035] CPU: 0 PID: 14140 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3455.023212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3455.032548] Call Trace: [ 3455.035137] dump_stack+0x1db/0x2d0 [ 3455.038768] ? dump_stack_print_info.cold+0x20/0x20 [ 3455.043824] dump_header+0x1e6/0x116c [ 3455.047651] ? add_lock_to_list.isra.0+0x450/0x450 [ 3455.052590] ? print_usage_bug+0xd0/0xd0 [ 3455.056641] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3455.061563] ? ___ratelimit+0x37c/0x686 [ 3455.065528] ? mark_held_locks+0xb1/0x100 [ 3455.069676] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3455.074774] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3455.079874] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3455.084453] ? trace_hardirqs_on+0xbd/0x310 [ 3455.088786] ? kasan_check_read+0x11/0x20 [ 3455.092940] ? ___ratelimit+0x37c/0x686 [ 3455.096926] ? trace_hardirqs_off_caller+0x300/0x300 [ 3455.102029] ? do_raw_spin_trylock+0x270/0x270 [ 3455.106615] ? trace_hardirqs_on_caller+0x310/0x310 [ 3455.111641] ? lock_acquire+0x1db/0x570 [ 3455.115615] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3455.120740] ? ___ratelimit+0xac/0x686 [ 3455.124630] ? idr_get_free+0xee0/0xee0 [ 3455.128596] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3455.133178] oom_kill_process.cold+0x10/0x9d4 [ 3455.137730] ? cgroup_procs_next+0x70/0x70 [ 3455.141959] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3455.146471] ? oom_badness+0xa50/0xa50 [ 3455.150382] ? oom_evaluate_task+0x540/0x540 [ 3455.154826] ? mem_cgroup_iter_break+0x30/0x30 [ 3455.159403] ? mutex_trylock+0x2d0/0x2d0 [ 3455.163460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3455.169027] ? rcu_read_unlock_special+0x380/0x380 [ 3455.173958] out_of_memory+0x885/0x1420 [ 3455.177956] ? mem_cgroup_iter+0x508/0xf30 [ 3455.182217] ? oom_killer_disable+0x340/0x340 [ 3455.186698] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3455.191792] ? lock_acquire+0x1db/0x570 [ 3455.195754] mem_cgroup_out_of_memory+0x160/0x210 [ 3455.200609] ? do_raw_spin_unlock+0xa0/0x330 [ 3455.205027] ? memcg_memory_event+0x40/0x40 [ 3455.209343] ? do_raw_spin_trylock+0x270/0x270 [ 3455.213936] ? _raw_spin_unlock+0x2d/0x50 [ 3455.218080] try_charge+0x12a9/0x19b0 [ 3455.221877] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3455.227438] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3455.232289] ? rcu_read_unlock_special+0x380/0x380 [ 3455.237220] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3455.242066] ? get_mem_cgroup_from_page+0x190/0x190 [ 3455.247088] ? rcu_read_lock_sched_held+0x110/0x130 [ 3455.252092] mem_cgroup_try_charge+0x43a/0xdb0 [ 3455.256659] ? mem_cgroup_protected+0xa10/0xa10 [ 3455.261351] ? mark_held_locks+0x100/0x100 [ 3455.265582] ? pmd_val+0x85/0x100 [ 3455.269036] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3455.274569] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3455.280125] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3455.285058] __handle_mm_fault+0x2594/0x55a0 [ 3455.289484] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3455.294325] ? check_preemption_disabled+0x48/0x290 [ 3455.299345] ? handle_mm_fault+0x3cc/0xc80 [ 3455.303583] ? lock_downgrade+0x910/0x910 [ 3455.307747] ? kasan_check_read+0x11/0x20 [ 3455.311905] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3455.317168] ? rcu_read_unlock_special+0x380/0x380 [ 3455.322087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3455.327619] ? check_preemption_disabled+0x48/0x290 [ 3455.332634] handle_mm_fault+0x4ec/0xc80 [ 3455.336684] ? __handle_mm_fault+0x55a0/0x55a0 [ 3455.341282] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3455.346296] __get_user_pages+0x8f7/0x1e10 [ 3455.350558] ? follow_page_mask+0x1f40/0x1f40 [ 3455.355055] ? lock_acquire+0x1db/0x570 [ 3455.359027] ? ___might_sleep+0x1e7/0x310 [ 3455.363167] ? lock_release+0xc40/0xc40 [ 3455.367140] ? find_held_lock+0x35/0x120 [ 3455.371190] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3455.375237] populate_vma_page_range+0x2bc/0x3b0 [ 3455.380002] ? memset+0x32/0x40 [ 3455.383298] ? follow_page+0x430/0x430 [ 3455.387179] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3455.392704] ? vmacache_update+0x114/0x140 [ 3455.396922] __mm_populate+0x27e/0x4c0 [ 3455.400812] ? populate_vma_page_range+0x3b0/0x3b0 [ 3455.405728] ? down_read_killable+0x150/0x150 [ 3455.410222] ? security_mmap_file+0x1a7/0x1e0 [ 3455.414732] vm_mmap_pgoff+0x277/0x2b0 [ 3455.418621] ? vma_is_stack_for_current+0xd0/0xd0 [ 3455.423488] ? check_preemption_disabled+0x48/0x290 [ 3455.428701] ksys_mmap_pgoff+0x102/0x650 [ 3455.432763] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3455.437519] ? trace_hardirqs_on+0xbd/0x310 [ 3455.441838] ? __do_page_fault+0x3f1/0xd60 [ 3455.446061] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3455.451411] ? trace_hardirqs_off_caller+0x300/0x300 [ 3455.456504] __x64_sys_mmap+0xe9/0x1b0 [ 3455.460404] do_syscall_64+0x1a3/0x800 [ 3455.464289] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3455.469216] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3455.474236] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3455.479081] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3455.484288] RIP: 0033:0x457ec9 [ 3455.487478] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3455.506374] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3455.514067] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3455.521322] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3455.528581] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3455.535848] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3455.543132] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3455.555398] memory: usage 304460kB, limit 307200kB, failcnt 59214 [ 3455.561714] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3455.568631] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3455.574790] Memory cgroup stats for /syz1: cache:28KB rss:256404KB rss_huge:215040KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207944KB active_anon:3904KB inactive_file:0KB active_file:0KB unevictable:44612KB [ 3455.596430] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13701,uid=0 [ 3455.611010] Memory cgroup out of memory: Kill process 13701 (syz-executor1) score 1145 or sacrifice child [ 3455.620818] Killed process 13701 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3455.641111] oom_reaper: reaped process 13701 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3455.643886] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3455.669646] CPU: 1 PID: 14116 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3455.676837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3455.686171] Call Trace: [ 3455.688762] dump_stack+0x1db/0x2d0 [ 3455.692378] ? dump_stack_print_info.cold+0x20/0x20 [ 3455.697385] dump_header+0x1e6/0x116c [ 3455.701189] ? add_lock_to_list.isra.0+0x450/0x450 [ 3455.706168] ? print_usage_bug+0xd0/0xd0 [ 3455.710221] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3455.715142] ? ___ratelimit+0x37c/0x686 [ 3455.719106] ? mark_held_locks+0xb1/0x100 [ 3455.723259] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3455.728362] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3455.733462] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3455.738054] ? trace_hardirqs_on+0xbd/0x310 [ 3455.742362] ? kasan_check_read+0x11/0x20 [ 3455.746498] ? ___ratelimit+0x37c/0x686 [ 3455.750458] ? trace_hardirqs_off_caller+0x300/0x300 [ 3455.755550] ? do_raw_spin_trylock+0x270/0x270 [ 3455.760133] ? trace_hardirqs_on_caller+0x310/0x310 [ 3455.765153] ? lock_acquire+0x1db/0x570 [ 3455.769132] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3455.774233] ? ___ratelimit+0xac/0x686 [ 3455.778108] ? idr_get_free+0xee0/0xee0 [ 3455.782067] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3455.786643] oom_kill_process.cold+0x10/0x9d4 [ 3455.791131] ? cgroup_procs_next+0x70/0x70 [ 3455.795356] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3455.799839] ? oom_badness+0xa50/0xa50 [ 3455.803713] ? oom_evaluate_task+0x540/0x540 [ 3455.808131] ? mem_cgroup_iter_break+0x30/0x30 [ 3455.812728] ? mutex_trylock+0x2d0/0x2d0 [ 3455.816797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3455.822361] ? rcu_read_unlock_special+0x380/0x380 [ 3455.827278] out_of_memory+0x885/0x1420 [ 3455.831241] ? mem_cgroup_iter+0x508/0xf30 [ 3455.835458] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3455.840562] ? oom_killer_disable+0x340/0x340 [ 3455.845074] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3455.850162] ? lock_acquire+0x1db/0x570 [ 3455.854127] mem_cgroup_out_of_memory+0x160/0x210 [ 3455.858987] ? do_raw_spin_unlock+0xa0/0x330 [ 3455.863395] ? memcg_memory_event+0x40/0x40 [ 3455.867711] ? do_raw_spin_trylock+0x270/0x270 [ 3455.872285] ? _raw_spin_unlock+0x2d/0x50 [ 3455.876425] try_charge+0xd44/0x19b0 [ 3455.880125] ? lock_downgrade+0x910/0x910 [ 3455.884269] ? kasan_check_read+0x11/0x20 [ 3455.888407] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3455.893233] ? get_mem_cgroup_from_mm+0x1cd/0x420 [ 3455.898087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3455.903611] ? lock_downgrade+0x910/0x910 [ 3455.907744] ? kasan_check_read+0x11/0x20 [ 3455.911912] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3455.917196] ? rcu_read_unlock_special+0x380/0x380 [ 3455.922170] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3455.927043] memcg_kmem_charge_memcg+0x7c/0x130 [ 3455.931727] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3455.936205] ? lock_release+0xc40/0xc40 [ 3455.940168] memcg_kmem_charge+0x13b/0x340 [ 3455.944413] __alloc_pages_nodemask+0x7b8/0xdc0 [ 3455.949186] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3455.954184] ? rcu_pm_notify+0xd0/0xd0 [ 3455.958067] ? rcu_read_lock_sched_held+0x110/0x130 [ 3455.963070] ? kmem_cache_alloc_node+0x347/0x710 [ 3455.967810] ? pci_mmcfg_check_reserved+0x170/0x170 [ 3455.972875] copy_process+0x847/0x8710 [ 3455.976756] ? ___might_sleep+0x1e7/0x310 [ 3455.980890] ? arch_local_save_flags+0x50/0x50 [ 3455.985455] ? __schedule+0x1e60/0x1e60 [ 3455.989436] ? do_raw_spin_trylock+0x270/0x270 [ 3455.994013] ? __cleanup_sighand+0x70/0x70 [ 3455.998235] ? futex_wait_queue_me+0x539/0x810 [ 3456.002815] ? refill_pi_state_cache.part.0+0x310/0x310 [ 3456.008178] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3456.013242] ? handle_futex_death+0x230/0x230 [ 3456.017722] ? fixup_owner+0x250/0x250 [ 3456.021593] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3456.026770] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3456.031773] ? futex_wait+0x6e6/0xa40 [ 3456.035562] ? print_usage_bug+0xd0/0xd0 [ 3456.039609] ? futex_wait_setup+0x430/0x430 [ 3456.043916] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3456.048922] ? __lock_acquire+0x572/0x4a30 [ 3456.053190] ? mark_held_locks+0x100/0x100 [ 3456.057412] ? do_futex+0x1b0/0x2910 [ 3456.061114] ? save_stack+0xa9/0xd0 [ 3456.064727] ? save_stack+0x45/0xd0 [ 3456.068338] ? add_lock_to_list.isra.0+0x450/0x450 [ 3456.073271] ? add_lock_to_list.isra.0+0x450/0x450 [ 3456.078210] ? exit_robust_list+0x290/0x290 [ 3456.082527] ? add_lock_to_list.isra.0+0x450/0x450 [ 3456.087474] ? __might_fault+0x12b/0x1e0 [ 3456.091527] ? find_held_lock+0x35/0x120 [ 3456.095587] ? __might_fault+0x12b/0x1e0 [ 3456.099637] ? lock_acquire+0x1db/0x570 [ 3456.103602] ? lock_downgrade+0x910/0x910 [ 3456.107738] ? lock_release+0xc40/0xc40 [ 3456.111709] ? trace_hardirqs_off_caller+0x300/0x300 [ 3456.116828] _do_fork+0x1a9/0x1170 [ 3456.120357] ? fork_idle+0x1d0/0x1d0 [ 3456.124062] ? kasan_check_read+0x11/0x20 [ 3456.128213] ? _copy_to_user+0xc9/0x120 [ 3456.132224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3456.137750] ? put_timespec64+0x115/0x1b0 [ 3456.141883] ? nsecs_to_jiffies+0x30/0x30 [ 3456.146030] ? do_syscall_64+0x8c/0x800 [ 3456.150019] ? do_syscall_64+0x8c/0x800 [ 3456.154005] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3456.158591] ? trace_hardirqs_on+0xbd/0x310 [ 3456.162915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3456.168439] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3456.173819] ? trace_hardirqs_off_caller+0x300/0x300 [ 3456.178911] __x64_sys_clone+0xbf/0x150 [ 3456.182876] do_syscall_64+0x1a3/0x800 [ 3456.186753] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3456.191672] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3456.196678] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3456.201545] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3456.206732] RIP: 0033:0x457ec9 [ 3456.209928] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3456.228823] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3456.236522] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9 [ 3456.243782] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3456.251050] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3456.258310] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3456.265575] R13: 00000000004be2a0 R14: 00000000004ce760 R15: 00000000ffffffff [ 3456.276607] memory: usage 292432kB, limit 307200kB, failcnt 59214 [ 3456.285521] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3456.292517] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3456.298923] Memory cgroup stats for /syz1: cache:28KB rss:244692KB rss_huge:202752KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:195020KB active_anon:3828KB inactive_file:0KB active_file:0KB unevictable:45824KB [ 3456.320535] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14112,uid=0 [ 3456.335327] Memory cgroup out of memory: Kill process 14112 (syz-executor1) score 1148 or sacrifice child [ 3456.345190] Killed process 14141 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:19 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:19 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00000000000000}, 0x0) 05:27:19 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x9) 05:27:19 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd2b}, 0x28) 05:27:19 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1e00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:19 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00], [], [], [0x2]}, 0x45c) [ 3456.358909] oom_reaper: reaped process 14141 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3456.476250] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:19 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd2c}, 0x28) [ 3456.524013] gfs2: fsid=_h: Now mounting FS... [ 3456.543936] attempt to access beyond end of device 05:27:19 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800], [], [], [0x2]}, 0x45c) 05:27:19 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80000000000000}, 0x0) 05:27:19 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3456.568297] loop3: rw=4096, want=136, limit=15 [ 3456.577795] gfs2: error 10 reading superblock [ 3456.582736] gfs2: fsid=_h: can't read superblock [ 3456.597531] gfs2: fsid=_h: can't read superblock: -5 05:27:20 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd2d}, 0x28) 05:27:20 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00], [], [], [0x2]}, 0x45c) 05:27:20 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0000000000000}, 0x0) [ 3456.875210] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:20 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd2e}, 0x28) [ 3456.916583] gfs2: fsid=_h: Now mounting FS... [ 3456.961734] attempt to access beyond end of device [ 3456.988788] loop3: rw=4096, want=136, limit=15 [ 3457.008385] gfs2: error 10 reading superblock [ 3457.031911] gfs2: fsid=_h: can't read superblock [ 3457.045469] gfs2: fsid=_h: can't read superblock: -5 05:27:20 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0xa) 05:27:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:20 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x1f00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:20 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000}, 0x0) 05:27:20 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800], [], [], [0x2]}, 0x45c) 05:27:20 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd2f}, 0x28) [ 3457.264122] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 05:27:20 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0) [ 3457.307443] CPU: 1 PID: 14199 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3457.314651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3457.324002] Call Trace: [ 3457.326595] dump_stack+0x1db/0x2d0 [ 3457.330251] ? dump_stack_print_info.cold+0x20/0x20 [ 3457.335305] dump_header+0x1e6/0x116c [ 3457.339129] ? add_lock_to_list.isra.0+0x450/0x450 [ 3457.344084] ? print_usage_bug+0xd0/0xd0 [ 3457.348169] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3457.353149] ? ___ratelimit+0x37c/0x686 [ 3457.357166] ? mark_held_locks+0xb1/0x100 [ 3457.361317] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3457.361331] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3457.361345] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3457.361360] ? trace_hardirqs_on+0xbd/0x310 [ 3457.361376] ? kasan_check_read+0x11/0x20 [ 3457.384621] ? ___ratelimit+0x37c/0x686 [ 3457.388605] ? trace_hardirqs_off_caller+0x300/0x300 [ 3457.393711] ? do_raw_spin_trylock+0x270/0x270 [ 3457.398311] ? trace_hardirqs_on_caller+0x310/0x310 [ 3457.403351] ? lock_acquire+0x1db/0x570 05:27:20 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}, 0x0) [ 3457.407352] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3457.412501] ? ___ratelimit+0xac/0x686 [ 3457.416400] ? idr_get_free+0xee0/0xee0 [ 3457.420381] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3457.424991] oom_kill_process.cold+0x10/0x9d4 [ 3457.429509] ? cgroup_procs_next+0x70/0x70 [ 3457.429533] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3457.438267] ? oom_badness+0xa50/0xa50 [ 3457.438285] ? oom_evaluate_task+0x540/0x540 [ 3457.438301] ? mem_cgroup_iter_break+0x30/0x30 [ 3457.451187] ? mutex_trylock+0x2d0/0x2d0 [ 3457.455265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3457.460844] ? rcu_read_unlock_special+0x380/0x380 [ 3457.465791] out_of_memory+0x885/0x1420 [ 3457.469780] ? mem_cgroup_iter+0x508/0xf30 [ 3457.474056] ? oom_killer_disable+0x340/0x340 [ 3457.478583] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3457.483699] ? lock_acquire+0x1db/0x570 [ 3457.487701] mem_cgroup_out_of_memory+0x160/0x210 [ 3457.492570] ? do_raw_spin_unlock+0xa0/0x330 [ 3457.497013] ? memcg_memory_event+0x40/0x40 [ 3457.501341] ? do_raw_spin_trylock+0x270/0x270 05:27:20 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) [ 3457.505945] ? _raw_spin_unlock+0x2d/0x50 [ 3457.510133] try_charge+0x12a9/0x19b0 [ 3457.513946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3457.519523] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3457.524390] ? rcu_read_unlock_special+0x380/0x380 [ 3457.529339] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3457.534195] ? get_mem_cgroup_from_page+0x190/0x190 [ 3457.539263] ? rcu_read_lock_sched_held+0x110/0x130 [ 3457.544309] mem_cgroup_try_charge+0x43a/0xdb0 [ 3457.548910] ? mem_cgroup_protected+0xa10/0xa10 [ 3457.553621] ? mark_held_locks+0x100/0x100 [ 3457.557863] ? pmd_val+0x85/0x100 [ 3457.557881] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3457.557894] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3457.557915] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3457.577380] __handle_mm_fault+0x2594/0x55a0 [ 3457.581815] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3457.586677] ? check_preemption_disabled+0x48/0x290 [ 3457.591709] ? handle_mm_fault+0x3cc/0xc80 [ 3457.596014] ? lock_downgrade+0x910/0x910 [ 3457.600173] ? kasan_check_read+0x11/0x20 [ 3457.604329] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3457.604348] ? rcu_read_unlock_special+0x380/0x380 [ 3457.604364] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3457.604383] ? check_preemption_disabled+0x48/0x290 [ 3457.614614] handle_mm_fault+0x4ec/0xc80 [ 3457.614635] ? __handle_mm_fault+0x55a0/0x55a0 [ 3457.614654] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3457.622273] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3457.625224] __get_user_pages+0x8f7/0x1e10 [ 3457.625255] ? follow_page_mask+0x1f40/0x1f40 [ 3457.625279] ? lock_acquire+0x1db/0x570 [ 3457.629514] gfs2: fsid=_h: Now mounting FS... [ 3457.633951] ? ___might_sleep+0x1e7/0x310 [ 3457.633979] ? lock_release+0xc40/0xc40 [ 3457.634007] ? find_held_lock+0x35/0x120 [ 3457.634024] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3457.634058] populate_vma_page_range+0x2bc/0x3b0 [ 3457.639625] attempt to access beyond end of device [ 3457.645648] ? memset+0x32/0x40 [ 3457.645667] ? follow_page+0x430/0x430 [ 3457.645682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3457.645695] ? vmacache_update+0x114/0x140 [ 3457.645715] __mm_populate+0x27e/0x4c0 [ 3457.650096] loop3: rw=4096, want=136, limit=15 [ 3457.654424] ? populate_vma_page_range+0x3b0/0x3b0 [ 3457.654440] ? down_read_killable+0x150/0x150 [ 3457.654459] ? security_mmap_file+0x1a7/0x1e0 [ 3457.654488] vm_mmap_pgoff+0x277/0x2b0 [ 3457.658628] gfs2: error 10 reading superblock [ 3457.662945] ? vma_is_stack_for_current+0xd0/0xd0 [ 3457.662963] ? kasan_check_read+0x11/0x20 [ 3457.662988] ? _copy_to_user+0xc9/0x120 [ 3457.663007] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3457.663042] ksys_mmap_pgoff+0x102/0x650 [ 3457.667446] gfs2: fsid=_h: can't read superblock [ 3457.671148] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3457.671164] ? trace_hardirqs_on+0xbd/0x310 [ 3457.671179] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3457.671198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3457.671213] ? trace_hardirqs_off_caller+0x300/0x300 [ 3457.675405] gfs2: fsid=_h: can't read superblock: -5 [ 3457.679318] __x64_sys_mmap+0xe9/0x1b0 [ 3457.679341] do_syscall_64+0x1a3/0x800 [ 3457.679361] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3457.679379] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3457.679417] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3457.728312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3457.728327] RIP: 0033:0x457ec9 [ 3457.728344] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3457.728352] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 05:27:21 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd30}, 0x28) 05:27:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:21 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00], [], [], [0x2]}, 0x45c) [ 3457.728366] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3457.728377] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3457.736756] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3457.736765] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3457.736775] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3458.003120] memory: usage 307200kB, limit 307200kB, failcnt 59247 [ 3458.016806] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3458.028442] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3458.034612] Memory cgroup stats for /syz1: cache:28KB rss:259160KB rss_huge:219136KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207944KB active_anon:3916KB inactive_file:0KB active_file:0KB unevictable:47328KB [ 3458.114366] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3458.127574] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13740,uid=0 [ 3458.134365] gfs2: fsid=_h: Now mounting FS... [ 3458.160932] attempt to access beyond end of device [ 3458.166430] loop3: rw=4096, want=136, limit=15 [ 3458.167170] Memory cgroup out of memory: Kill process 13740 (syz-executor1) score 1145 or sacrifice child [ 3458.187618] Killed process 13740 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3458.204859] oom_reaper: reaped process 13740 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3458.257614] gfs2: error 10 reading superblock [ 3458.262159] gfs2: fsid=_h: can't read superblock [ 3458.282709] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3458.292844] gfs2: fsid=_h: can't read superblock: -5 [ 3458.297334] net_ratelimit: 26 callbacks suppressed [ 3458.297342] protocol 88fb is buggy, dev hsr_slave_0 [ 3458.298169] protocol 88fb is buggy, dev hsr_slave_0 [ 3458.303012] protocol 88fb is buggy, dev hsr_slave_1 [ 3458.308078] protocol 88fb is buggy, dev hsr_slave_1 [ 3458.313147] protocol 88fb is buggy, dev hsr_slave_0 [ 3458.328184] protocol 88fb is buggy, dev hsr_slave_1 [ 3458.333300] protocol 88fb is buggy, dev hsr_slave_0 [ 3458.338397] protocol 88fb is buggy, dev hsr_slave_1 [ 3458.355950] CPU: 1 PID: 14243 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3458.363159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3458.372512] Call Trace: [ 3458.375101] dump_stack+0x1db/0x2d0 [ 3458.378733] ? dump_stack_print_info.cold+0x20/0x20 [ 3458.383760] dump_header+0x1e6/0x116c [ 3458.387563] ? add_lock_to_list.isra.0+0x450/0x450 [ 3458.387581] ? print_usage_bug+0xd0/0xd0 [ 3458.387599] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3458.396592] ? ___ratelimit+0x37c/0x686 [ 3458.405468] ? mark_held_locks+0xb1/0x100 [ 3458.409622] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3458.409636] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3458.409652] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3458.419832] ? trace_hardirqs_on+0xbd/0x310 [ 3458.419846] ? kasan_check_read+0x11/0x20 [ 3458.419864] ? ___ratelimit+0x37c/0x686 [ 3458.428778] ? trace_hardirqs_off_caller+0x300/0x300 [ 3458.428792] ? do_raw_spin_trylock+0x270/0x270 [ 3458.428821] ? trace_hardirqs_on_caller+0x310/0x310 [ 3458.428834] ? lock_acquire+0x1db/0x570 [ 3458.436943] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3458.460684] ? ___ratelimit+0xac/0x686 [ 3458.464591] ? idr_get_free+0xee0/0xee0 [ 3458.468565] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3458.473165] oom_kill_process.cold+0x10/0x9d4 [ 3458.477666] ? cgroup_procs_next+0x70/0x70 [ 3458.481905] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3458.486410] ? oom_badness+0xa50/0xa50 [ 3458.490307] ? oom_evaluate_task+0x540/0x540 [ 3458.494752] ? mem_cgroup_iter_break+0x30/0x30 [ 3458.499336] ? mutex_trylock+0x2d0/0x2d0 [ 3458.503414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3458.508971] ? rcu_read_unlock_special+0x380/0x380 [ 3458.513921] out_of_memory+0x885/0x1420 [ 3458.517900] ? mem_cgroup_iter+0x508/0xf30 [ 3458.522152] ? oom_killer_disable+0x340/0x340 [ 3458.526653] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3458.531775] ? lock_acquire+0x1db/0x570 [ 3458.535776] mem_cgroup_out_of_memory+0x160/0x210 [ 3458.540623] ? do_raw_spin_unlock+0xa0/0x330 [ 3458.545036] ? memcg_memory_event+0x40/0x40 [ 3458.549367] ? do_raw_spin_trylock+0x270/0x270 [ 3458.553979] ? _raw_spin_unlock+0x2d/0x50 [ 3458.558140] try_charge+0x12a9/0x19b0 [ 3458.561945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3458.567515] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3458.572366] ? rcu_read_unlock_special+0x380/0x380 [ 3458.577308] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3458.582155] ? get_mem_cgroup_from_page+0x190/0x190 [ 3458.587196] ? rcu_read_lock_sched_held+0x110/0x130 [ 3458.592229] mem_cgroup_try_charge+0x43a/0xdb0 [ 3458.596823] ? mem_cgroup_protected+0xa10/0xa10 [ 3458.601514] ? mark_held_locks+0x100/0x100 [ 3458.605753] ? pmd_val+0x85/0x100 [ 3458.609221] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3458.614777] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3458.620324] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3458.625260] __handle_mm_fault+0x2594/0x55a0 [ 3458.629684] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3458.634531] ? check_preemption_disabled+0x48/0x290 [ 3458.639550] ? handle_mm_fault+0x3cc/0xc80 [ 3458.643825] ? lock_downgrade+0x910/0x910 [ 3458.647985] ? kasan_check_read+0x11/0x20 [ 3458.652152] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3458.657432] ? rcu_read_unlock_special+0x380/0x380 [ 3458.662365] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3458.667908] ? check_preemption_disabled+0x48/0x290 [ 3458.672935] handle_mm_fault+0x4ec/0xc80 [ 3458.677009] ? __handle_mm_fault+0x55a0/0x55a0 [ 3458.681603] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3458.686629] __get_user_pages+0x8f7/0x1e10 [ 3458.690878] ? follow_page_mask+0x1f40/0x1f40 [ 3458.695378] ? trace_hardirqs_on+0xbd/0x310 [ 3458.699708] ? lock_acquire+0x1db/0x570 [ 3458.703724] ? ___might_sleep+0x1e7/0x310 [ 3458.707891] ? lock_release+0xc40/0xc40 [ 3458.711881] ? rwsem_wake+0x2fd/0x4a0 [ 3458.715685] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3458.719757] populate_vma_page_range+0x2bc/0x3b0 [ 3458.724519] ? memset+0x32/0x40 [ 3458.727807] ? follow_page+0x430/0x430 [ 3458.731692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3458.737251] ? vmacache_update+0x114/0x140 [ 3458.741496] __mm_populate+0x27e/0x4c0 [ 3458.745384] ? populate_vma_page_range+0x3b0/0x3b0 [ 3458.750324] ? down_read_killable+0x150/0x150 [ 3458.754818] ? security_mmap_file+0x1a7/0x1e0 [ 3458.759322] vm_mmap_pgoff+0x277/0x2b0 [ 3458.763219] ? vma_is_stack_for_current+0xd0/0xd0 [ 3458.768221] ? check_preemption_disabled+0x48/0x290 [ 3458.773291] ksys_mmap_pgoff+0x102/0x650 [ 3458.777379] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3458.782136] ? trace_hardirqs_on+0xbd/0x310 [ 3458.786457] ? __do_page_fault+0x3f1/0xd60 [ 3458.790704] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3458.796070] ? trace_hardirqs_off_caller+0x300/0x300 [ 3458.801175] __x64_sys_mmap+0xe9/0x1b0 [ 3458.805069] do_syscall_64+0x1a3/0x800 [ 3458.808964] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3458.813919] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3458.818942] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3458.823802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3458.829013] RIP: 0033:0x457ec9 [ 3458.832215] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3458.851157] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3458.858864] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3458.866132] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3458.873427] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3458.880694] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3458.887961] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3458.898392] protocol 88fb is buggy, dev hsr_slave_0 [ 3458.903489] protocol 88fb is buggy, dev hsr_slave_1 [ 3458.910971] memory: usage 307004kB, limit 307200kB, failcnt 59275 [ 3458.918042] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3458.925014] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3458.931961] Memory cgroup stats for /syz1: cache:28KB rss:258948KB rss_huge:219136KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207820KB active_anon:3880KB inactive_file:0KB active_file:0KB unevictable:47272KB [ 3458.961760] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14198,uid=0 [ 3458.978111] Memory cgroup out of memory: Kill process 14198 (syz-executor1) score 1146 or sacrifice child [ 3458.992464] Killed process 14244 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3459.024114] syz-executor1 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 3459.034899] CPU: 1 PID: 14199 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3459.042106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3459.051450] Call Trace: [ 3459.054028] dump_stack+0x1db/0x2d0 [ 3459.057645] ? dump_stack_print_info.cold+0x20/0x20 [ 3459.062652] dump_header+0x1e6/0x116c [ 3459.066436] ? add_lock_to_list.isra.0+0x450/0x450 [ 3459.071370] ? print_usage_bug+0xd0/0xd0 [ 3459.075423] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3459.080337] ? ___ratelimit+0x37c/0x686 [ 3459.084297] ? mark_held_locks+0xb1/0x100 [ 3459.088441] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3459.093527] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3459.098667] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3459.103237] ? trace_hardirqs_on+0xbd/0x310 [ 3459.107546] ? kasan_check_read+0x11/0x20 [ 3459.111695] ? ___ratelimit+0x37c/0x686 [ 3459.115658] ? trace_hardirqs_off_caller+0x300/0x300 [ 3459.120744] ? do_raw_spin_trylock+0x270/0x270 [ 3459.125312] ? trace_hardirqs_on_caller+0x310/0x310 [ 3459.130334] ? lock_acquire+0x1db/0x570 [ 3459.134298] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3459.139386] ? ___ratelimit+0xac/0x686 [ 3459.143258] ? idr_get_free+0xee0/0xee0 [ 3459.147231] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3459.151806] oom_kill_process.cold+0x10/0x9d4 [ 3459.156288] ? cgroup_procs_next+0x70/0x70 [ 3459.160515] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3459.165019] ? oom_badness+0xa50/0xa50 [ 3459.168896] ? oom_evaluate_task+0x540/0x540 [ 3459.173291] ? mem_cgroup_iter_break+0x30/0x30 [ 3459.177872] ? mutex_trylock+0x2d0/0x2d0 [ 3459.181920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3459.187497] ? rcu_read_unlock_special+0x380/0x380 [ 3459.192420] out_of_memory+0x885/0x1420 [ 3459.196392] ? mem_cgroup_iter+0x508/0xf30 [ 3459.200613] ? oom_killer_disable+0x340/0x340 [ 3459.205127] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3459.210216] ? lock_acquire+0x1db/0x570 [ 3459.214197] mem_cgroup_out_of_memory+0x160/0x210 [ 3459.219056] ? do_raw_spin_unlock+0xa0/0x330 [ 3459.223448] ? memcg_memory_event+0x40/0x40 [ 3459.227754] ? do_raw_spin_trylock+0x270/0x270 [ 3459.232344] ? _raw_spin_unlock+0x2d/0x50 [ 3459.236501] try_charge+0xd44/0x19b0 [ 3459.240207] ? check_preemption_disabled+0x48/0x290 [ 3459.245231] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3459.250066] ? rcu_read_lock_sched_held+0x110/0x130 [ 3459.255067] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 3459.259920] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3459.264950] ? ____cache_alloc_node+0x1be/0x1e0 [ 3459.269607] ? cache_grow_begin+0x599/0x8c0 [ 3459.273943] ? cache_grow_begin+0x599/0x8c0 [ 3459.278255] memcg_kmem_charge_memcg+0x7c/0x130 [ 3459.282908] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3459.287405] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3459.292945] ? __cpuset_node_allowed+0x19f/0x640 [ 3459.297687] cache_grow_begin+0x25f/0x8c0 [ 3459.301819] ? kasan_check_read+0x11/0x20 [ 3459.305951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3459.311477] ? mempolicy_slab_node+0x139/0x390 [ 3459.316050] fallback_alloc+0x1fd/0x2d0 [ 3459.320013] ____cache_alloc_node+0x1be/0x1e0 [ 3459.324498] kmem_cache_alloc_node+0xe3/0x710 [ 3459.328988] ? pci_mmcfg_check_reserved+0x170/0x170 [ 3459.334012] copy_process+0x405b/0x8710 [ 3459.337988] ? ___might_sleep+0x1e7/0x310 [ 3459.342120] ? arch_local_save_flags+0x50/0x50 [ 3459.346686] ? __schedule+0x1e60/0x1e60 [ 3459.350645] ? do_raw_spin_trylock+0x270/0x270 [ 3459.355216] ? __cleanup_sighand+0x70/0x70 [ 3459.359436] ? futex_wait_queue_me+0x539/0x810 [ 3459.364007] ? refill_pi_state_cache.part.0+0x310/0x310 [ 3459.369356] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3459.374364] ? handle_futex_death+0x230/0x230 [ 3459.378875] ? print_usage_bug+0xd0/0xd0 [ 3459.382948] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3459.388139] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3459.393141] ? futex_wait+0x6e6/0xa40 [ 3459.396943] ? print_usage_bug+0xd0/0xd0 [ 3459.400995] ? futex_wait_setup+0x430/0x430 [ 3459.405321] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3459.410324] ? __lock_acquire+0x572/0x4a30 [ 3459.414565] ? mark_held_locks+0x100/0x100 [ 3459.418805] ? do_futex+0x1b0/0x2910 [ 3459.422524] ? save_stack+0xa9/0xd0 [ 3459.426140] ? add_lock_to_list.isra.0+0x450/0x450 [ 3459.431055] ? add_lock_to_list.isra.0+0x450/0x450 [ 3459.435971] ? exit_robust_list+0x290/0x290 [ 3459.440319] ? add_lock_to_list.isra.0+0x450/0x450 [ 3459.445238] ? __might_fault+0x12b/0x1e0 [ 3459.449283] ? find_held_lock+0x35/0x120 [ 3459.453331] ? __might_fault+0x12b/0x1e0 [ 3459.457394] ? lock_acquire+0x1db/0x570 [ 3459.461355] ? lock_downgrade+0x910/0x910 [ 3459.465495] ? lock_release+0xc40/0xc40 [ 3459.469457] ? trace_hardirqs_off_caller+0x300/0x300 [ 3459.474545] _do_fork+0x1a9/0x1170 [ 3459.478077] ? fork_idle+0x1d0/0x1d0 [ 3459.481791] ? kasan_check_read+0x11/0x20 [ 3459.485925] ? _copy_to_user+0xc9/0x120 [ 3459.489915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3459.495466] ? put_timespec64+0x115/0x1b0 [ 3459.499605] ? nsecs_to_jiffies+0x30/0x30 [ 3459.503756] ? do_syscall_64+0x8c/0x800 [ 3459.507719] ? do_syscall_64+0x8c/0x800 [ 3459.511678] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3459.516245] ? trace_hardirqs_on+0xbd/0x310 [ 3459.520552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3459.526077] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3459.531426] ? trace_hardirqs_off_caller+0x300/0x300 [ 3459.536519] __x64_sys_clone+0xbf/0x150 [ 3459.540482] do_syscall_64+0x1a3/0x800 [ 3459.544376] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3459.549294] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3459.554318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3459.559155] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3459.564329] RIP: 0033:0x457ec9 [ 3459.567513] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3459.586414] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3459.594111] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9 [ 3459.601364] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3459.608618] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3459.615871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3459.623139] R13: 00000000004be2a0 R14: 00000000004ce760 R15: 00000000ffffffff [ 3459.635292] memory: usage 292452kB, limit 307200kB, failcnt 59275 [ 3459.641701] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3459.648916] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3459.655052] Memory cgroup stats for /syz1: cache:28KB rss:244616KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:195020KB active_anon:3812KB inactive_file:0KB active_file:0KB unevictable:45824KB 05:27:23 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0xb) 05:27:23 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400], [], [], [0x2]}, 0x45c) 05:27:23 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd31}, 0x28) 05:27:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:23 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:23 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0) [ 3459.676627] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14198,uid=0 [ 3459.691425] Memory cgroup out of memory: Kill process 14198 (syz-executor1) score 1146 or sacrifice child [ 3459.701242] Killed process 14199 (syz-executor1) total-vm:70664kB, anon-rss:15044kB, file-rss:33748kB, shmem-rss:0kB [ 3459.712879] oom_reaper: reaped process 14199 (syz-executor1), now anon-rss:15104kB, file-rss:32788kB, shmem-rss:0kB 05:27:23 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00], [], [], [0x2]}, 0x45c) [ 3459.852901] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:23 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd32}, 0x28) [ 3459.990080] gfs2: fsid=_h: Now mounting FS... 05:27:23 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [], [], [0x2]}, 0x45c) [ 3460.038076] attempt to access beyond end of device [ 3460.046855] loop3: rw=4096, want=136, limit=16 [ 3460.063385] gfs2: error 10 reading superblock [ 3460.089167] gfs2: fsid=_h: can't read superblock 05:27:23 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd33}, 0x28) 05:27:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3460.112114] gfs2: fsid=_h: can't read superblock: -5 05:27:23 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [], [], [0x2]}, 0x45c) [ 3460.331704] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3460.385279] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3460.392112] CPU: 0 PID: 14271 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3460.399313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3460.408666] Call Trace: [ 3460.411264] dump_stack+0x1db/0x2d0 [ 3460.414907] ? dump_stack_print_info.cold+0x20/0x20 [ 3460.419948] dump_header+0x1e6/0x116c [ 3460.423775] ? add_lock_to_list.isra.0+0x450/0x450 [ 3460.428715] ? print_usage_bug+0xd0/0xd0 [ 3460.432803] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3460.437742] ? ___ratelimit+0x37c/0x686 [ 3460.441730] ? mark_held_locks+0xb1/0x100 [ 3460.445896] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3460.451022] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3460.451039] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3460.451056] ? trace_hardirqs_on+0xbd/0x310 [ 3460.451071] ? kasan_check_read+0x11/0x20 [ 3460.451087] ? ___ratelimit+0x37c/0x686 [ 3460.451103] ? trace_hardirqs_off_caller+0x300/0x300 [ 3460.460775] ? do_raw_spin_trylock+0x270/0x270 [ 3460.460792] ? trace_hardirqs_on_caller+0x310/0x310 [ 3460.460805] ? lock_acquire+0x1db/0x570 [ 3460.460829] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3460.460846] ? ___ratelimit+0xac/0x686 [ 3460.460864] ? idr_get_free+0xee0/0xee0 [ 3460.460878] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3460.460903] oom_kill_process.cold+0x10/0x9d4 [ 3460.460921] ? cgroup_procs_next+0x70/0x70 [ 3460.460940] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3460.460955] ? oom_badness+0xa50/0xa50 [ 3460.460992] ? oom_evaluate_task+0x540/0x540 [ 3460.461009] ? mem_cgroup_iter_break+0x30/0x30 [ 3460.461021] ? mutex_trylock+0x2d0/0x2d0 [ 3460.461036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3460.461064] ? rcu_read_unlock_special+0x380/0x380 [ 3460.461086] out_of_memory+0x885/0x1420 [ 3460.461103] ? mem_cgroup_iter+0x508/0xf30 [ 3460.461122] ? oom_killer_disable+0x340/0x340 [ 3460.461140] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3460.461155] ? lock_acquire+0x1db/0x570 [ 3460.461181] mem_cgroup_out_of_memory+0x160/0x210 [ 3460.461195] ? do_raw_spin_unlock+0xa0/0x330 [ 3460.461211] ? memcg_memory_event+0x40/0x40 [ 3460.461225] ? do_raw_spin_trylock+0x270/0x270 [ 3460.461250] ? _raw_spin_unlock+0x2d/0x50 [ 3460.461267] try_charge+0x12a9/0x19b0 [ 3460.461283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3460.461305] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3460.461322] ? rcu_read_unlock_special+0x380/0x380 [ 3460.461346] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3460.461364] ? get_mem_cgroup_from_page+0x190/0x190 [ 3460.461386] ? rcu_read_lock_sched_held+0x110/0x130 [ 3460.461406] mem_cgroup_try_charge+0x43a/0xdb0 [ 3460.461427] ? mem_cgroup_protected+0xa10/0xa10 [ 3460.461451] ? mark_held_locks+0x100/0x100 [ 3460.461468] ? pmd_val+0x85/0x100 [ 3460.461483] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3460.461496] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3460.461518] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3460.461537] __handle_mm_fault+0x2594/0x55a0 [ 3460.461562] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3460.461579] ? check_preemption_disabled+0x48/0x290 [ 3460.461595] ? handle_mm_fault+0x3cc/0xc80 [ 3460.461625] ? lock_downgrade+0x910/0x910 [ 3460.461639] ? kasan_check_read+0x11/0x20 [ 3460.461654] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3460.461671] ? rcu_read_unlock_special+0x380/0x380 [ 3460.461687] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3460.461701] ? check_preemption_disabled+0x48/0x290 [ 3460.461752] handle_mm_fault+0x4ec/0xc80 [ 3460.461771] ? __handle_mm_fault+0x55a0/0x55a0 [ 3460.461787] ? __get_user_pages+0x8b7/0x1e10 [ 3460.461808] __get_user_pages+0x8f7/0x1e10 [ 3460.461850] ? follow_page_mask+0x1f40/0x1f40 [ 3460.461887] ? lock_acquire+0x1db/0x570 [ 3460.461920] ? ___might_sleep+0x1e7/0x310 [ 3460.461937] ? lock_release+0xc40/0xc40 [ 3460.461949] ? find_held_lock+0x35/0x120 [ 3460.461966] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3460.462006] populate_vma_page_range+0x2bc/0x3b0 [ 3460.462021] ? memset+0x32/0x40 [ 3460.462037] ? follow_page+0x430/0x430 [ 3460.462051] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3460.462064] ? vmacache_update+0x114/0x140 [ 3460.462086] __mm_populate+0x27e/0x4c0 [ 3460.462105] ? populate_vma_page_range+0x3b0/0x3b0 [ 3460.462118] ? down_read_killable+0x150/0x150 [ 3460.462137] ? security_mmap_file+0x1a7/0x1e0 [ 3460.462160] vm_mmap_pgoff+0x277/0x2b0 [ 3460.462182] ? vma_is_stack_for_current+0xd0/0xd0 [ 3460.462204] ? check_preemption_disabled+0x48/0x290 [ 3460.462227] ksys_mmap_pgoff+0x102/0x650 [ 3460.462248] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3460.462262] ? trace_hardirqs_on+0xbd/0x310 [ 3460.462278] ? __do_page_fault+0x3f1/0xd60 [ 3460.462294] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3460.462309] ? trace_hardirqs_off_caller+0x300/0x300 [ 3460.462327] __x64_sys_mmap+0xe9/0x1b0 [ 3460.462348] do_syscall_64+0x1a3/0x800 [ 3460.462367] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3460.462384] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3460.462405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3460.462429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3460.462441] RIP: 0033:0x457ec9 [ 3460.462456] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3460.462464] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3460.462478] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3460.462487] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3460.462495] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3460.462504] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3460.462513] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3460.478569] gfs2: fsid=_h: Now mounting FS... [ 3460.535003] memory: usage 303920kB, limit 307200kB, failcnt 59301 [ 3460.540023] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3460.583343] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3460.624034] attempt to access beyond end of device [ 3460.631251] Memory cgroup stats for /syz1: cache:28KB rss:259008KB rss_huge:217088KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207820KB active_anon:3880KB inactive_file:0KB active_file:0KB unevictable:47428KB 05:27:24 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0xc) 05:27:24 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd34}, 0x28) 05:27:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:24 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) [ 3460.676890] loop3: rw=4096, want=136, limit=16 [ 3460.706221] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14266,uid=0 [ 3460.773696] Memory cgroup out of memory: Kill process 14266 (syz-executor1) score 1147 or sacrifice child [ 3460.784340] gfs2: error 10 reading superblock [ 3460.797454] gfs2: fsid=_h: can't read superblock [ 3460.804272] gfs2: fsid=_h: can't read superblock: -5 [ 3460.808190] Killed process 14277 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:24 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x2010, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:24 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000], [], [], [0x2]}, 0x45c) 05:27:24 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd35}, 0x28) 05:27:24 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000], [], [], [0x2]}, 0x45c) 05:27:24 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd36}, 0x28) [ 3461.353190] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3461.400607] gfs2: fsid=_h: Now mounting FS... 05:27:24 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000], [], [], [0x2]}, 0x45c) [ 3461.431226] attempt to access beyond end of device [ 3461.444451] loop3: rw=4096, want=136, limit=16 [ 3461.462892] gfs2: error 10 reading superblock 05:27:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:24 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd37}, 0x28) [ 3461.492585] gfs2: fsid=_h: can't read superblock [ 3461.509787] gfs2: fsid=_h: can't read superblock: -5 05:27:25 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0xd) 05:27:25 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000], [], [], [0x2]}, 0x45c) [ 3461.701263] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3461.725581] gfs2: fsid=_h: Now mounting FS... [ 3461.753348] attempt to access beyond end of device 05:27:25 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd38}, 0x28) [ 3461.775864] loop3: rw=4096, want=136, limit=16 [ 3461.793808] gfs2: error 10 reading superblock [ 3461.808816] gfs2: fsid=_h: can't read superblock [ 3461.825052] gfs2: fsid=_h: can't read superblock: -5 [ 3461.844847] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 05:27:25 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x0) [ 3461.878298] CPU: 1 PID: 14350 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3461.885547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3461.894918] Call Trace: [ 3461.897536] dump_stack+0x1db/0x2d0 [ 3461.901662] ? dump_stack_print_info.cold+0x20/0x20 [ 3461.906699] dump_header+0x1e6/0x116c [ 3461.910551] ? add_lock_to_list.isra.0+0x450/0x450 [ 3461.915526] ? print_usage_bug+0xd0/0xd0 [ 3461.919592] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3461.924530] ? ___ratelimit+0x37c/0x686 [ 3461.928522] ? mark_held_locks+0xb1/0x100 [ 3461.928542] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3461.928557] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3461.928574] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3461.937819] ? trace_hardirqs_on+0xbd/0x310 [ 3461.937834] ? kasan_check_read+0x11/0x20 [ 3461.937849] ? ___ratelimit+0x37c/0x686 [ 3461.937866] ? trace_hardirqs_off_caller+0x300/0x300 [ 3461.965065] ? do_raw_spin_trylock+0x270/0x270 [ 3461.969673] ? trace_hardirqs_on_caller+0x310/0x310 [ 3461.974695] ? lock_acquire+0x1db/0x570 [ 3461.978707] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3461.983829] ? ___ratelimit+0xac/0x686 [ 3461.983863] ? idr_get_free+0xee0/0xee0 [ 3461.983878] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3461.996359] oom_kill_process.cold+0x10/0x9d4 [ 3461.996380] ? cgroup_procs_next+0x70/0x70 [ 3461.996398] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3462.005129] ? oom_badness+0xa50/0xa50 [ 3462.005151] ? oom_evaluate_task+0x540/0x540 [ 3462.005170] ? mem_cgroup_iter_break+0x30/0x30 [ 3462.013542] ? mutex_trylock+0x2d0/0x2d0 [ 3462.013558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3462.013586] ? rcu_read_unlock_special+0x380/0x380 [ 3462.022628] out_of_memory+0x885/0x1420 [ 3462.022662] ? mem_cgroup_iter+0x508/0xf30 [ 3462.022682] ? oom_killer_disable+0x340/0x340 [ 3462.032263] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3462.032280] ? lock_acquire+0x1db/0x570 [ 3462.032307] mem_cgroup_out_of_memory+0x160/0x210 [ 3462.032322] ? do_raw_spin_unlock+0xa0/0x330 [ 3462.032339] ? memcg_memory_event+0x40/0x40 [ 3462.041223] ? do_raw_spin_trylock+0x270/0x270 [ 3462.041251] ? _raw_spin_unlock+0x2d/0x50 [ 3462.041269] try_charge+0x12a9/0x19b0 [ 3462.041286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3462.090604] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3462.095448] ? rcu_read_unlock_special+0x380/0x380 [ 3462.100407] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3462.105256] ? get_mem_cgroup_from_page+0x190/0x190 [ 3462.110281] ? rcu_read_lock_sched_held+0x110/0x130 [ 3462.115305] mem_cgroup_try_charge+0x43a/0xdb0 [ 3462.119900] ? mem_cgroup_protected+0xa10/0xa10 [ 3462.124582] ? mark_held_locks+0x100/0x100 [ 3462.128818] ? pmd_val+0x85/0x100 [ 3462.132279] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3462.137815] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3462.143374] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3462.148309] __handle_mm_fault+0x2594/0x55a0 [ 3462.152729] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3462.157593] ? check_preemption_disabled+0x48/0x290 [ 3462.162630] ? handle_mm_fault+0x3cc/0xc80 [ 3462.166894] ? lock_downgrade+0x910/0x910 [ 3462.171045] ? kasan_check_read+0x11/0x20 [ 3462.175198] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3462.180482] ? rcu_read_unlock_special+0x380/0x380 [ 3462.185428] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3462.190967] ? check_preemption_disabled+0x48/0x290 [ 3462.196011] handle_mm_fault+0x4ec/0xc80 [ 3462.200099] ? __handle_mm_fault+0x55a0/0x55a0 [ 3462.204683] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3462.209707] __get_user_pages+0x8f7/0x1e10 [ 3462.213969] ? follow_page_mask+0x1f40/0x1f40 [ 3462.218503] ? lock_acquire+0x1db/0x570 [ 3462.222480] ? ___might_sleep+0x1e7/0x310 [ 3462.226635] ? lock_release+0xc40/0xc40 [ 3462.230608] ? find_held_lock+0x35/0x120 [ 3462.234673] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3462.238743] populate_vma_page_range+0x2bc/0x3b0 [ 3462.243505] ? memset+0x32/0x40 [ 3462.246786] ? follow_page+0x430/0x430 [ 3462.250676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3462.256227] ? vmacache_update+0x114/0x140 [ 3462.260471] __mm_populate+0x27e/0x4c0 [ 3462.264387] ? populate_vma_page_range+0x3b0/0x3b0 [ 3462.269321] ? down_read_killable+0x150/0x150 [ 3462.273826] ? security_mmap_file+0x1a7/0x1e0 [ 3462.278335] vm_mmap_pgoff+0x277/0x2b0 [ 3462.282233] ? vma_is_stack_for_current+0xd0/0xd0 [ 3462.287075] ? kasan_check_read+0x11/0x20 [ 3462.291224] ? _copy_to_user+0xc9/0x120 [ 3462.295203] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3462.300752] ksys_mmap_pgoff+0x102/0x650 [ 3462.304822] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3462.309577] ? trace_hardirqs_on+0xbd/0x310 [ 3462.313897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3462.319438] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3462.324800] ? trace_hardirqs_off_caller+0x300/0x300 [ 3462.329905] __x64_sys_mmap+0xe9/0x1b0 [ 3462.333830] do_syscall_64+0x1a3/0x800 [ 3462.337726] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3462.342657] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3462.347677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3462.352530] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3462.357737] RIP: 0033:0x457ec9 [ 3462.360935] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3462.379836] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3462.387546] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3462.394830] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3462.402098] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3462.409365] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3462.416629] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3462.487714] memory: usage 307200kB, limit 307200kB, failcnt 59319 [ 3462.494000] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3462.500865] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3462.507019] Memory cgroup stats for /syz1: cache:28KB rss:262016KB rss_huge:217088KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220736KB active_anon:3996KB inactive_file:0KB active_file:0KB unevictable:37460KB [ 3462.529607] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13796,uid=0 [ 3462.544310] Memory cgroup out of memory: Kill process 13796 (syz-executor1) score 1145 or sacrifice child [ 3462.555014] Killed process 13796 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3462.571595] oom_reaper: reaped process 13796 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:25 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x2100, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:25 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000], [], [], [0x2]}, 0x45c) 05:27:25 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd39}, 0x28) 05:27:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3462.660090] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3462.685330] CPU: 1 PID: 14362 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3462.692536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3462.702324] Call Trace: [ 3462.702348] dump_stack+0x1db/0x2d0 05:27:26 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd3a}, 0x28) [ 3462.702368] ? dump_stack_print_info.cold+0x20/0x20 [ 3462.702397] dump_header+0x1e6/0x116c [ 3462.702416] ? add_lock_to_list.isra.0+0x450/0x450 [ 3462.726107] ? print_usage_bug+0xd0/0xd0 [ 3462.730188] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3462.735134] ? ___ratelimit+0x37c/0x686 [ 3462.739128] ? mark_held_locks+0xb1/0x100 [ 3462.743295] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3462.748411] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3462.753530] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3462.758128] ? trace_hardirqs_on+0xbd/0x310 [ 3462.758144] ? kasan_check_read+0x11/0x20 [ 3462.758161] ? ___ratelimit+0x37c/0x686 [ 3462.758176] ? trace_hardirqs_off_caller+0x300/0x300 [ 3462.758191] ? do_raw_spin_trylock+0x270/0x270 [ 3462.758207] ? trace_hardirqs_on_caller+0x310/0x310 [ 3462.766659] ? lock_acquire+0x1db/0x570 [ 3462.766682] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3462.766699] ? ___ratelimit+0xac/0x686 [ 3462.766717] ? idr_get_free+0xee0/0xee0 [ 3462.802733] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3462.807350] oom_kill_process.cold+0x10/0x9d4 [ 3462.811866] ? cgroup_procs_next+0x70/0x70 [ 3462.816117] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3462.820619] ? oom_badness+0xa50/0xa50 [ 3462.820641] ? oom_evaluate_task+0x540/0x540 [ 3462.820659] ? mem_cgroup_iter_break+0x30/0x30 [ 3462.833524] ? mutex_trylock+0x2d0/0x2d0 [ 3462.833542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3462.833572] ? rcu_read_unlock_special+0x380/0x380 [ 3462.833595] out_of_memory+0x885/0x1420 [ 3462.852059] ? mem_cgroup_iter+0x508/0xf30 [ 3462.856308] ? oom_killer_disable+0x340/0x340 [ 3462.860820] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3462.865933] ? lock_acquire+0x1db/0x570 [ 3462.865962] mem_cgroup_out_of_memory+0x160/0x210 [ 3462.865988] ? do_raw_spin_unlock+0xa0/0x330 [ 3462.866011] ? memcg_memory_event+0x40/0x40 [ 3462.883582] ? do_raw_spin_trylock+0x270/0x270 [ 3462.888184] ? _raw_spin_unlock+0x2d/0x50 [ 3462.892401] try_charge+0x12a9/0x19b0 [ 3462.897504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3462.897529] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 05:27:26 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000], [], [], [0x2]}, 0x45c) [ 3462.897548] ? rcu_read_unlock_special+0x380/0x380 [ 3462.897573] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3462.897590] ? get_mem_cgroup_from_page+0x190/0x190 [ 3462.922891] ? rcu_read_lock_sched_held+0x110/0x130 [ 3462.927921] mem_cgroup_try_charge+0x43a/0xdb0 [ 3462.932518] ? mem_cgroup_protected+0xa10/0xa10 [ 3462.937221] ? mark_held_locks+0x100/0x100 [ 3462.941496] ? pmd_val+0x85/0x100 [ 3462.944962] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3462.950524] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3462.956085] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3462.961019] __handle_mm_fault+0x2594/0x55a0 [ 3462.965429] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3462.970273] ? check_preemption_disabled+0x48/0x290 [ 3462.975292] ? handle_mm_fault+0x3cc/0xc80 [ 3462.979535] ? lock_downgrade+0x910/0x910 [ 3462.983676] ? kasan_check_read+0x11/0x20 [ 3462.987827] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3462.993110] ? rcu_read_unlock_special+0x380/0x380 [ 3462.998037] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3463.003616] ? check_preemption_disabled+0x48/0x290 [ 3463.008652] handle_mm_fault+0x4ec/0xc80 [ 3463.012773] ? __handle_mm_fault+0x55a0/0x55a0 [ 3463.017367] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3463.022373] __get_user_pages+0x8f7/0x1e10 [ 3463.026598] ? follow_page_mask+0x1f40/0x1f40 [ 3463.031104] ? trace_hardirqs_on+0xbd/0x310 [ 3463.035459] ? lock_acquire+0x1db/0x570 [ 3463.039457] ? ___might_sleep+0x1e7/0x310 [ 3463.043605] ? lock_release+0xc40/0xc40 [ 3463.047589] ? rwsem_wake+0x2fd/0x4a0 [ 3463.051390] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3463.055466] populate_vma_page_range+0x2bc/0x3b0 [ 3463.060225] ? memset+0x32/0x40 [ 3463.063499] ? follow_page+0x430/0x430 [ 3463.067384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3463.072933] ? vmacache_update+0x114/0x140 [ 3463.077172] __mm_populate+0x27e/0x4c0 [ 3463.081071] ? populate_vma_page_range+0x3b0/0x3b0 [ 3463.086012] ? down_read_killable+0x150/0x150 [ 3463.090505] ? security_mmap_file+0x1a7/0x1e0 [ 3463.095003] vm_mmap_pgoff+0x277/0x2b0 [ 3463.098949] ? vma_is_stack_for_current+0xd0/0xd0 [ 3463.103820] ? check_preemption_disabled+0x48/0x290 [ 3463.108832] ksys_mmap_pgoff+0x102/0x650 [ 3463.112890] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3463.117631] ? trace_hardirqs_on+0xbd/0x310 [ 3463.121952] ? __do_page_fault+0x3f1/0xd60 [ 3463.126210] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3463.131560] ? trace_hardirqs_off_caller+0x300/0x300 [ 3463.136651] __x64_sys_mmap+0xe9/0x1b0 [ 3463.140546] do_syscall_64+0x1a3/0x800 [ 3463.144450] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3463.149377] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3463.154402] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3463.159263] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3463.164450] RIP: 0033:0x457ec9 [ 3463.167651] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3463.186538] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3463.194252] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3463.201522] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3463.208790] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3463.216069] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3463.223353] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3463.232953] memory: usage 307196kB, limit 307200kB, failcnt 59362 [ 3463.239362] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3463.246226] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3463.252875] Memory cgroup stats for /syz1: cache:28KB 05:27:26 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd3b}, 0x28) [ 3463.252906] rss:261996KB rss_huge:215040KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222660KB active_anon:3984KB inactive_file:0KB active_file:0KB unevictable:35476KB [ 3463.301426] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13844,uid=0 05:27:26 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0}, 0x0) [ 3463.338671] Memory cgroup out of memory: Kill process 13844 (syz-executor1) score 1145 or sacrifice child [ 3463.363376] Killed process 13844 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3463.480018] syz-executor1 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 3463.512512] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3463.516513] CPU: 1 PID: 14350 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3463.526340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3463.534841] gfs2: fsid=_h: Now mounting FS... [ 3463.535696] Call Trace: [ 3463.542793] dump_stack+0x1db/0x2d0 [ 3463.546240] attempt to access beyond end of device [ 3463.546434] ? dump_stack_print_info.cold+0x20/0x20 [ 3463.553730] loop3: rw=4096, want=136, limit=16 [ 3463.556387] dump_header+0x1e6/0x116c [ 3463.556407] ? add_lock_to_list.isra.0+0x450/0x450 [ 3463.556426] ? print_usage_bug+0xd0/0xd0 [ 3463.556444] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3463.561188] gfs2: error 10 reading superblock [ 3463.564830] ? ___ratelimit+0x37c/0x686 [ 3463.564853] ? mark_held_locks+0xb1/0x100 [ 3463.564871] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3463.564888] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3463.569958] gfs2: fsid=_h: can't read superblock [ 3463.573860] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3463.573877] ? trace_hardirqs_on+0xbd/0x310 [ 3463.573893] ? kasan_check_read+0x11/0x20 [ 3463.573909] ? ___ratelimit+0x37c/0x686 [ 3463.573924] ? trace_hardirqs_off_caller+0x300/0x300 [ 3463.578985] gfs2: fsid=_h: can't read superblock: -5 [ 3463.583324] ? do_raw_spin_trylock+0x270/0x270 [ 3463.583341] ? trace_hardirqs_on_caller+0x310/0x310 [ 3463.583355] ? lock_acquire+0x1db/0x570 [ 3463.583378] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3463.583394] ? ___ratelimit+0xac/0x686 [ 3463.628543] ? idr_get_free+0xee0/0xee0 [ 3463.628559] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3463.628585] oom_kill_process.cold+0x10/0x9d4 [ 3463.628604] ? cgroup_procs_next+0x70/0x70 [ 3463.628621] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3463.638329] ? oom_badness+0xa50/0xa50 [ 3463.638351] ? oom_evaluate_task+0x540/0x540 [ 3463.638384] ? mem_cgroup_iter_break+0x30/0x30 [ 3463.638397] ? mutex_trylock+0x2d0/0x2d0 [ 3463.638412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3463.638447] ? rcu_read_unlock_special+0x380/0x380 [ 3463.647416] out_of_memory+0x885/0x1420 [ 3463.647435] ? mem_cgroup_iter+0x508/0xf30 [ 3463.647456] ? oom_killer_disable+0x340/0x340 [ 3463.647474] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3463.647497] ? lock_acquire+0x1db/0x570 [ 3463.656473] mem_cgroup_out_of_memory+0x160/0x210 [ 3463.656494] ? do_raw_spin_unlock+0xa0/0x330 [ 3463.656512] ? memcg_memory_event+0x40/0x40 [ 3463.665046] ? do_raw_spin_trylock+0x270/0x270 [ 3463.665074] ? _raw_spin_unlock+0x2d/0x50 [ 3463.665092] try_charge+0xd44/0x19b0 [ 3463.665111] ? check_preemption_disabled+0x48/0x290 [ 3463.673837] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3463.673865] ? rcu_read_lock_sched_held+0x110/0x130 [ 3463.673880] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 3463.673902] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3463.682269] ? ____cache_alloc_node+0x1be/0x1e0 [ 3463.682285] ? cache_grow_begin+0x599/0x8c0 [ 3463.682300] ? cache_grow_begin+0x599/0x8c0 [ 3463.682321] memcg_kmem_charge_memcg+0x7c/0x130 [ 3463.682336] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3463.801136] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3463.806671] ? __cpuset_node_allowed+0x19f/0x640 [ 3463.811429] cache_grow_begin+0x25f/0x8c0 [ 3463.815574] ? kasan_check_read+0x11/0x20 [ 3463.819728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3463.825262] ? mempolicy_slab_node+0x139/0x390 [ 3463.829875] fallback_alloc+0x1fd/0x2d0 [ 3463.833872] ____cache_alloc_node+0x1be/0x1e0 [ 3463.838392] kmem_cache_alloc_node+0xe3/0x710 [ 3463.842904] ? pci_mmcfg_check_reserved+0x170/0x170 [ 3463.847929] copy_process+0x405b/0x8710 [ 3463.851945] ? ___might_sleep+0x1e7/0x310 [ 3463.856122] ? arch_local_save_flags+0x50/0x50 [ 3463.860706] ? __schedule+0x1e60/0x1e60 [ 3463.864694] ? do_raw_spin_trylock+0x270/0x270 [ 3463.869293] ? __cleanup_sighand+0x70/0x70 [ 3463.873527] ? futex_wait_queue_me+0x539/0x810 [ 3463.878113] ? refill_pi_state_cache.part.0+0x310/0x310 [ 3463.883476] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3463.888509] ? handle_futex_death+0x230/0x230 [ 3463.893012] ? print_usage_bug+0xd0/0xd0 [ 3463.897071] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3463.902783] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3463.907797] ? futex_wait+0x6e6/0xa40 [ 3463.911601] ? print_usage_bug+0xd0/0xd0 [ 3463.915662] ? futex_wait_setup+0x430/0x430 [ 3463.919986] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3463.925014] ? __lock_acquire+0x572/0x4a30 [ 3463.929270] ? mark_held_locks+0x100/0x100 [ 3463.933531] ? do_futex+0x1b0/0x2910 [ 3463.937253] ? save_stack+0xa9/0xd0 [ 3463.940884] ? add_lock_to_list.isra.0+0x450/0x450 [ 3463.945810] ? add_lock_to_list.isra.0+0x450/0x450 [ 3463.950777] ? exit_robust_list+0x290/0x290 [ 3463.955101] ? add_lock_to_list.isra.0+0x450/0x450 [ 3463.960036] ? __might_fault+0x12b/0x1e0 [ 3463.964096] ? find_held_lock+0x35/0x120 [ 3463.968163] ? __might_fault+0x12b/0x1e0 [ 3463.972255] ? lock_acquire+0x1db/0x570 [ 3463.976240] ? lock_downgrade+0x910/0x910 [ 3463.980408] ? lock_release+0xc40/0xc40 [ 3463.984390] ? trace_hardirqs_off_caller+0x300/0x300 [ 3463.989509] _do_fork+0x1a9/0x1170 [ 3463.993060] ? fork_idle+0x1d0/0x1d0 [ 3463.996794] ? kasan_check_read+0x11/0x20 [ 3464.000962] ? _copy_to_user+0xc9/0x120 [ 3464.004953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3464.010526] ? put_timespec64+0x115/0x1b0 [ 3464.014708] ? nsecs_to_jiffies+0x30/0x30 [ 3464.018865] ? do_syscall_64+0x8c/0x800 [ 3464.022858] ? do_syscall_64+0x8c/0x800 [ 3464.026847] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3464.031447] ? trace_hardirqs_on+0xbd/0x310 [ 3464.035771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3464.041312] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3464.046694] ? trace_hardirqs_off_caller+0x300/0x300 [ 3464.051819] __x64_sys_clone+0xbf/0x150 [ 3464.055800] do_syscall_64+0x1a3/0x800 [ 3464.059696] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3464.064630] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3464.069681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3464.074538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3464.079741] RIP: 0033:0x457ec9 [ 3464.082952] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3464.101858] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3464.109565] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9 [ 3464.116849] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3464.124115] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3464.131397] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3464.138666] R13: 00000000004be2a0 R14: 00000000004ce760 R15: 00000000ffffffff [ 3464.159725] memory: usage 304464kB, limit 307200kB, failcnt 59362 [ 3464.166141] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3464.180726] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3464.198640] Memory cgroup stats for /syz1: cache:28KB rss:259272KB rss_huge:210944KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:209736KB active_anon:3916KB inactive_file:0KB active_file:0KB unevictable:45824KB [ 3464.227449] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13895,uid=0 [ 3464.247421] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3464.252188] Memory cgroup out of memory: Kill process 13895 (syz-executor1) score 1145 or sacrifice child [ 3464.257799] gfs2: fsid=_h: Now mounting FS... [ 3464.268367] Killed process 13895 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3464.279691] oom_reaper: reaped process 13895 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3464.307396] attempt to access beyond end of device [ 3464.312556] loop3: rw=4096, want=136, limit=16 [ 3464.317432] gfs2: error 10 reading superblock [ 3464.322145] gfs2: fsid=_h: can't read superblock [ 3464.327115] gfs2: fsid=_h: can't read superblock: -5 05:27:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:27 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [], [], [0x2]}, 0x45c) 05:27:27 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0xe) 05:27:27 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd3c}, 0x28) 05:27:27 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x2200, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:27 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}, 0x0) 05:27:27 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000], [], [], [0x2]}, 0x45c) 05:27:27 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd3d}, 0x28) [ 3464.537448] net_ratelimit: 26 callbacks suppressed [ 3464.537457] protocol 88fb is buggy, dev hsr_slave_0 [ 3464.537970] protocol 88fb is buggy, dev hsr_slave_0 [ 3464.542478] protocol 88fb is buggy, dev hsr_slave_1 [ 3464.547891] protocol 88fb is buggy, dev hsr_slave_1 [ 3464.564091] protocol 88fb is buggy, dev hsr_slave_0 [ 3464.570015] protocol 88fb is buggy, dev hsr_slave_1 [ 3464.576723] protocol 88fb is buggy, dev hsr_slave_0 [ 3464.582332] protocol 88fb is buggy, dev hsr_slave_1 05:27:28 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000], [], [], [0x2]}, 0x45c) 05:27:28 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd3e}, 0x28) [ 3464.754471] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3464.807744] gfs2: fsid=_h: Now mounting FS... [ 3464.841031] attempt to access beyond end of device [ 3464.878140] loop3: rw=4096, want=136, limit=17 05:27:28 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:28 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000], [], [], [0x2]}, 0x45c) [ 3464.903360] gfs2: error 10 reading superblock [ 3464.918068] gfs2: fsid=_h: can't read superblock [ 3464.935262] gfs2: fsid=_h: can't read superblock: -5 05:27:28 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd3f}, 0x28) 05:27:28 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000], [], [], [0x2]}, 0x45c) 05:27:28 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0xf) [ 3465.192774] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3465.246771] gfs2: fsid=_h: Now mounting FS... [ 3465.257297] protocol 88fb is buggy, dev hsr_slave_0 [ 3465.262373] protocol 88fb is buggy, dev hsr_slave_1 [ 3465.268054] attempt to access beyond end of device 05:27:28 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd40}, 0x28) [ 3465.295865] loop3: rw=4096, want=136, limit=17 [ 3465.307645] gfs2: error 10 reading superblock [ 3465.329302] gfs2: fsid=_h: can't read superblock [ 3465.381413] gfs2: fsid=_h: can't read superblock: -5 [ 3465.466639] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3465.494392] CPU: 0 PID: 14458 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3465.501617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3465.510976] Call Trace: [ 3465.513625] dump_stack+0x1db/0x2d0 [ 3465.517276] ? dump_stack_print_info.cold+0x20/0x20 [ 3465.522313] dump_header+0x1e6/0x116c [ 3465.526134] ? add_lock_to_list.isra.0+0x450/0x450 [ 3465.531074] ? print_usage_bug+0xd0/0xd0 [ 3465.535147] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3465.540090] ? ___ratelimit+0x37c/0x686 [ 3465.544092] ? mark_held_locks+0xb1/0x100 [ 3465.544112] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3465.544129] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3465.544144] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3465.553386] ? trace_hardirqs_on+0xbd/0x310 [ 3465.563097] ? kasan_check_read+0x11/0x20 [ 3465.563115] ? ___ratelimit+0x37c/0x686 [ 3465.563131] ? trace_hardirqs_off_caller+0x300/0x300 [ 3465.563148] ? do_raw_spin_trylock+0x270/0x270 [ 3465.575637] ? trace_hardirqs_on_caller+0x310/0x310 [ 3465.575651] ? lock_acquire+0x1db/0x570 [ 3465.575673] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3465.575687] ? ___ratelimit+0xac/0x686 [ 3465.594359] ? idr_get_free+0xee0/0xee0 [ 3465.594375] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3465.594414] oom_kill_process.cold+0x10/0x9d4 [ 3465.603396] ? cgroup_procs_next+0x70/0x70 [ 3465.603414] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3465.603429] ? oom_badness+0xa50/0xa50 [ 3465.603446] ? oom_evaluate_task+0x540/0x540 [ 3465.616499] ? mem_cgroup_iter_break+0x30/0x30 [ 3465.616513] ? mutex_trylock+0x2d0/0x2d0 [ 3465.616527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3465.616554] ? rcu_read_unlock_special+0x380/0x380 [ 3465.652618] out_of_memory+0x885/0x1420 [ 3465.656608] ? mem_cgroup_iter+0x508/0xf30 [ 3465.660867] ? oom_killer_disable+0x340/0x340 [ 3465.665372] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3465.670522] ? lock_acquire+0x1db/0x570 [ 3465.674518] mem_cgroup_out_of_memory+0x160/0x210 [ 3465.679361] ? do_raw_spin_unlock+0xa0/0x330 [ 3465.683783] ? memcg_memory_event+0x40/0x40 [ 3465.688132] ? do_raw_spin_trylock+0x270/0x270 [ 3465.692736] ? _raw_spin_unlock+0x2d/0x50 [ 3465.696902] try_charge+0x12a9/0x19b0 [ 3465.700708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3465.706248] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3465.711107] ? rcu_read_unlock_special+0x380/0x380 [ 3465.716045] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3465.720915] ? get_mem_cgroup_from_page+0x190/0x190 [ 3465.726008] ? rcu_read_lock_sched_held+0x110/0x130 [ 3465.731030] mem_cgroup_try_charge+0x43a/0xdb0 [ 3465.735660] ? mem_cgroup_protected+0xa10/0xa10 [ 3465.740355] ? mark_held_locks+0x100/0x100 [ 3465.744589] ? pmd_val+0x85/0x100 [ 3465.748047] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3465.753582] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3465.759127] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3465.764065] __handle_mm_fault+0x2594/0x55a0 [ 3465.768500] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3465.773346] ? check_preemption_disabled+0x48/0x290 [ 3465.778366] ? handle_mm_fault+0x3cc/0xc80 [ 3465.782612] ? lock_downgrade+0x910/0x910 [ 3465.786761] ? kasan_check_read+0x11/0x20 [ 3465.790926] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3465.796236] ? rcu_read_unlock_special+0x380/0x380 [ 3465.801184] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3465.806722] ? check_preemption_disabled+0x48/0x290 [ 3465.811748] handle_mm_fault+0x4ec/0xc80 [ 3465.815811] ? __handle_mm_fault+0x55a0/0x55a0 [ 3465.820397] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3465.825420] __get_user_pages+0x8f7/0x1e10 [ 3465.829678] ? follow_page_mask+0x1f40/0x1f40 [ 3465.834181] ? lock_acquire+0x1db/0x570 [ 3465.838167] ? ___might_sleep+0x1e7/0x310 [ 3465.842319] ? lock_release+0xc40/0xc40 [ 3465.846308] ? find_held_lock+0x35/0x120 [ 3465.850371] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3465.854451] populate_vma_page_range+0x2bc/0x3b0 [ 3465.859235] ? memset+0x32/0x40 [ 3465.862534] ? follow_page+0x430/0x430 [ 3465.866421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3465.871974] ? vmacache_update+0x114/0x140 [ 3465.876244] __mm_populate+0x27e/0x4c0 [ 3465.880140] ? populate_vma_page_range+0x3b0/0x3b0 [ 3465.885068] ? down_read_killable+0x150/0x150 [ 3465.889570] ? security_mmap_file+0x1a7/0x1e0 [ 3465.894099] vm_mmap_pgoff+0x277/0x2b0 [ 3465.898013] ? vma_is_stack_for_current+0xd0/0xd0 [ 3465.902994] ? kasan_check_read+0x11/0x20 [ 3465.907140] ? _copy_to_user+0xc9/0x120 [ 3465.911115] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3465.916659] ksys_mmap_pgoff+0x102/0x650 [ 3465.920726] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3465.925488] ? trace_hardirqs_on+0xbd/0x310 [ 3465.929813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3465.935353] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3465.940720] ? trace_hardirqs_off_caller+0x300/0x300 [ 3465.945826] __x64_sys_mmap+0xe9/0x1b0 [ 3465.949721] do_syscall_64+0x1a3/0x800 [ 3465.953614] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3465.958547] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3465.963586] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3465.968441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3465.973641] RIP: 0033:0x457ec9 [ 3465.976832] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3465.995746] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3466.003487] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3466.010757] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3466.018049] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3466.025342] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3466.032608] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3466.052292] memory: usage 305020kB, limit 307200kB, failcnt 59410 05:27:29 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x2300, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:29 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000], [], [], [0x2]}, 0x45c) 05:27:29 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x0) 05:27:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:29 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd41}, 0x28) [ 3466.063246] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3466.071205] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3466.102138] Memory cgroup stats for /syz1: cache:28KB rss:262072KB rss_huge:212992KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222660KB active_anon:3996KB inactive_file:0KB active_file:0KB unevictable:35544KB [ 3466.132064] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13967,uid=0 [ 3466.154661] Memory cgroup out of memory: Kill process 13967 (syz-executor1) score 1145 or sacrifice child [ 3466.174459] Killed process 13967 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:29 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd42}, 0x28) [ 3466.222505] oom_reaper: reaped process 13967 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:29 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000], [], [], [0x2]}, 0x45c) [ 3466.355918] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3466.389265] gfs2: fsid=_h: Now mounting FS... 05:27:29 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000], [], [], [0x2]}, 0x45c) 05:27:29 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r1 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r1, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r0, r5, 0x0, 0x102001695) listen(0xffffffffffffffff, 0x0) 05:27:29 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd43}, 0x28) [ 3466.488208] attempt to access beyond end of device [ 3466.493189] loop3: rw=4096, want=136, limit=17 [ 3466.547325] gfs2: error 10 reading superblock [ 3466.613039] gfs2: fsid=_h: can't read superblock [ 3466.647837] gfs2: fsid=_h: can't read superblock: -5 [ 3466.790256] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3466.796879] gfs2: fsid=_h: Now mounting FS... [ 3466.850594] attempt to access beyond end of device [ 3466.875202] loop3: rw=4096, want=136, limit=17 [ 3466.905863] gfs2: error 10 reading superblock [ 3466.921797] gfs2: fsid=_h: can't read superblock [ 3466.964368] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3466.968827] gfs2: fsid=_h: can't read superblock: -5 [ 3466.974359] CPU: 0 PID: 14486 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3466.986303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3466.995658] Call Trace: [ 3466.998266] dump_stack+0x1db/0x2d0 [ 3467.001909] ? dump_stack_print_info.cold+0x20/0x20 [ 3467.006951] dump_header+0x1e6/0x116c [ 3467.010792] ? add_lock_to_list.isra.0+0x450/0x450 [ 3467.015743] ? print_usage_bug+0xd0/0xd0 [ 3467.019832] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3467.024795] ? ___ratelimit+0x37c/0x686 [ 3467.028803] ? mark_held_locks+0xb1/0x100 [ 3467.032963] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3467.038098] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3467.043229] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3467.047833] ? trace_hardirqs_on+0xbd/0x310 [ 3467.052161] ? kasan_check_read+0x11/0x20 [ 3467.056331] ? ___ratelimit+0x37c/0x686 [ 3467.060312] ? trace_hardirqs_off_caller+0x300/0x300 [ 3467.065427] ? do_raw_spin_trylock+0x270/0x270 [ 3467.070054] ? trace_hardirqs_on_caller+0x310/0x310 [ 3467.075089] ? lock_acquire+0x1db/0x570 [ 3467.079095] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3467.084208] ? ___ratelimit+0xac/0x686 [ 3467.088111] ? idr_get_free+0xee0/0xee0 [ 3467.092097] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3467.096705] oom_kill_process.cold+0x10/0x9d4 [ 3467.101239] ? cgroup_procs_next+0x70/0x70 [ 3467.105485] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3467.110010] ? oom_badness+0xa50/0xa50 [ 3467.113935] ? oom_evaluate_task+0x540/0x540 [ 3467.118353] ? mem_cgroup_iter_break+0x30/0x30 [ 3467.122939] ? mutex_trylock+0x2d0/0x2d0 [ 3467.127015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3467.132583] ? rcu_read_unlock_special+0x380/0x380 [ 3467.132607] out_of_memory+0x885/0x1420 [ 3467.132624] ? mem_cgroup_iter+0x508/0xf30 [ 3467.132645] ? oom_killer_disable+0x340/0x340 [ 3467.132660] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3467.132674] ? lock_acquire+0x1db/0x570 [ 3467.132713] mem_cgroup_out_of_memory+0x160/0x210 [ 3467.145823] ? do_raw_spin_unlock+0xa0/0x330 [ 3467.155400] ? memcg_memory_event+0x40/0x40 [ 3467.168623] ? do_raw_spin_trylock+0x270/0x270 [ 3467.177512] ? _raw_spin_unlock+0x2d/0x50 [ 3467.177532] try_charge+0x12a9/0x19b0 [ 3467.177548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3467.177571] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3467.177589] ? rcu_read_unlock_special+0x380/0x380 [ 3467.177615] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3467.177634] ? get_mem_cgroup_from_page+0x190/0x190 [ 3467.177657] ? rcu_read_lock_sched_held+0x110/0x130 [ 3467.177675] mem_cgroup_try_charge+0x43a/0xdb0 [ 3467.191160] ? mem_cgroup_protected+0xa10/0xa10 [ 3467.224961] ? mark_held_locks+0x100/0x100 [ 3467.229213] ? pmd_val+0x85/0x100 [ 3467.232672] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3467.238221] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3467.243776] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3467.248717] __handle_mm_fault+0x2594/0x55a0 [ 3467.253140] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3467.258006] ? check_preemption_disabled+0x48/0x290 [ 3467.263028] ? handle_mm_fault+0x3cc/0xc80 [ 3467.267280] ? lock_downgrade+0x910/0x910 [ 3467.271427] ? kasan_check_read+0x11/0x20 [ 3467.275606] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3467.280890] ? rcu_read_unlock_special+0x380/0x380 [ 3467.285824] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3467.291406] ? check_preemption_disabled+0x48/0x290 [ 3467.296464] handle_mm_fault+0x4ec/0xc80 [ 3467.300549] ? __handle_mm_fault+0x55a0/0x55a0 [ 3467.305145] __get_user_pages+0x8f7/0x1e10 [ 3467.309410] ? follow_page_mask+0x1f40/0x1f40 [ 3467.313921] ? trace_hardirqs_on+0xbd/0x310 [ 3467.318248] ? lock_acquire+0x1db/0x570 [ 3467.322232] ? ___might_sleep+0x1e7/0x310 [ 3467.326387] ? lock_release+0xc40/0xc40 [ 3467.330382] ? rwsem_wake+0x2fd/0x4a0 [ 3467.334207] populate_vma_page_range+0x2bc/0x3b0 [ 3467.338974] ? memset+0x32/0x40 [ 3467.342279] ? follow_page+0x430/0x430 [ 3467.346172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3467.351735] ? vmacache_update+0x114/0x140 [ 3467.355987] __mm_populate+0x27e/0x4c0 [ 3467.359889] ? populate_vma_page_range+0x3b0/0x3b0 [ 3467.364837] ? down_read_killable+0x150/0x150 [ 3467.369338] ? security_mmap_file+0x1a7/0x1e0 [ 3467.373844] vm_mmap_pgoff+0x277/0x2b0 [ 3467.377746] ? vma_is_stack_for_current+0xd0/0xd0 [ 3467.382601] ? check_preemption_disabled+0x48/0x290 [ 3467.387652] ksys_mmap_pgoff+0x102/0x650 [ 3467.391748] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3467.396509] ? trace_hardirqs_on+0xbd/0x310 [ 3467.400837] ? __do_page_fault+0x3f1/0xd60 [ 3467.405089] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3467.410453] ? trace_hardirqs_off_caller+0x300/0x300 [ 3467.415565] __x64_sys_mmap+0xe9/0x1b0 [ 3467.419478] do_syscall_64+0x1a3/0x800 [ 3467.423370] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3467.428321] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3467.433375] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3467.438231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3467.443419] RIP: 0033:0x457ec9 [ 3467.446611] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3467.465512] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3467.473219] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3467.480491] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3467.487763] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3467.495034] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3467.502301] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3467.517836] memory: usage 307136kB, limit 307200kB, failcnt 59431 [ 3467.525315] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3467.532387] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3467.538728] Memory cgroup stats for /syz1: cache:28KB rss:264088KB rss_huge:215040KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220612KB active_anon:4016KB inactive_file:0KB active_file:0KB unevictable:39644KB [ 3467.560761] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=13988,uid=0 [ 3467.576205] Memory cgroup out of memory: Kill process 13988 (syz-executor1) score 1145 or sacrifice child [ 3467.586432] Killed process 13988 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3467.600537] oom_reaper: reaped process 13988 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:31 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x10) 05:27:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], [], [], [0x2]}, 0x45c) 05:27:31 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd44}, 0x28) 05:27:31 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r1 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r1, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r0, r5, 0x0, 0x102001695) listen(0xffffffffffffffff, 0x0) 05:27:31 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x406}, 0x0) 05:27:31 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x3002, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000], [], [], [0x2]}, 0x45c) [ 3467.800668] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3467.860712] gfs2: fsid=_h: Now mounting FS... 05:27:31 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd45}, 0x28) [ 3467.893729] attempt to access beyond end of device [ 3467.908398] loop3: rw=4096, want=136, limit=24 [ 3467.913309] gfs2: error 10 reading superblock 05:27:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000], [], [], [0x2]}, 0x45c) [ 3467.942370] gfs2: fsid=_h: can't read superblock [ 3467.967006] gfs2: fsid=_h: can't read superblock: -5 05:27:31 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd46}, 0x28) 05:27:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000], [], [], [0x2]}, 0x45c) 05:27:31 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r1 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r1, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r0) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r0, r5, 0x0, 0x102001695) listen(0xffffffffffffffff, 0x0) [ 3468.264464] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3468.286276] gfs2: fsid=_h: Now mounting FS... [ 3468.324083] attempt to access beyond end of device [ 3468.365332] loop3: rw=4096, want=136, limit=24 [ 3468.399663] gfs2: error 10 reading superblock [ 3468.404450] gfs2: fsid=_h: can't read superblock [ 3468.437833] gfs2: fsid=_h: can't read superblock: -5 [ 3468.449195] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3468.468698] CPU: 1 PID: 14534 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3468.475933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3468.485287] Call Trace: [ 3468.487890] dump_stack+0x1db/0x2d0 [ 3468.491539] ? dump_stack_print_info.cold+0x20/0x20 [ 3468.496576] dump_header+0x1e6/0x116c [ 3468.500395] ? add_lock_to_list.isra.0+0x450/0x450 [ 3468.505351] ? print_usage_bug+0xd0/0xd0 [ 3468.509425] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3468.514368] ? ___ratelimit+0x37c/0x686 [ 3468.518361] ? mark_held_locks+0xb1/0x100 [ 3468.518380] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3468.518397] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3468.527647] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3468.527663] ? trace_hardirqs_on+0xbd/0x310 [ 3468.527679] ? kasan_check_read+0x11/0x20 [ 3468.527695] ? ___ratelimit+0x37c/0x686 [ 3468.527711] ? trace_hardirqs_off_caller+0x300/0x300 [ 3468.554895] ? do_raw_spin_trylock+0x270/0x270 [ 3468.559501] ? trace_hardirqs_on_caller+0x310/0x310 [ 3468.564530] ? lock_acquire+0x1db/0x570 [ 3468.568527] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3468.573650] ? ___ratelimit+0xac/0x686 [ 3468.577557] ? idr_get_free+0xee0/0xee0 [ 3468.581537] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3468.586134] oom_kill_process.cold+0x10/0x9d4 [ 3468.586152] ? cgroup_procs_next+0x70/0x70 [ 3468.594876] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3468.599380] ? oom_badness+0xa50/0xa50 [ 3468.599401] ? oom_evaluate_task+0x540/0x540 [ 3468.599421] ? mem_cgroup_iter_break+0x30/0x30 [ 3468.607692] ? mutex_trylock+0x2d0/0x2d0 [ 3468.607708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3468.607737] ? rcu_read_unlock_special+0x380/0x380 [ 3468.616361] out_of_memory+0x885/0x1420 [ 3468.626805] ? mem_cgroup_iter+0x508/0xf30 [ 3468.634997] ? oom_killer_disable+0x340/0x340 [ 3468.635017] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3468.635033] ? lock_acquire+0x1db/0x570 [ 3468.648588] mem_cgroup_out_of_memory+0x160/0x210 [ 3468.653440] ? do_raw_spin_unlock+0xa0/0x330 [ 3468.657864] ? memcg_memory_event+0x40/0x40 [ 3468.662194] ? do_raw_spin_trylock+0x270/0x270 [ 3468.666792] ? _raw_spin_unlock+0x2d/0x50 [ 3468.670951] try_charge+0x12a9/0x19b0 [ 3468.674770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3468.680321] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3468.680340] ? rcu_read_unlock_special+0x380/0x380 [ 3468.680363] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3468.694948] ? get_mem_cgroup_from_page+0x190/0x190 [ 3468.699994] ? rcu_read_lock_sched_held+0x110/0x130 [ 3468.705029] mem_cgroup_try_charge+0x43a/0xdb0 [ 3468.709633] ? mem_cgroup_protected+0xa10/0xa10 [ 3468.714334] ? mark_held_locks+0x100/0x100 [ 3468.718574] ? pmd_val+0x85/0x100 [ 3468.722030] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3468.727570] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3468.733118] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3468.738057] __handle_mm_fault+0x2594/0x55a0 [ 3468.742479] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3468.747333] ? check_preemption_disabled+0x48/0x290 [ 3468.752362] ? handle_mm_fault+0x3cc/0xc80 [ 3468.756615] ? lock_downgrade+0x910/0x910 [ 3468.760766] ? kasan_check_read+0x11/0x20 [ 3468.764917] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3468.770333] ? rcu_read_unlock_special+0x380/0x380 [ 3468.775267] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3468.780809] ? check_preemption_disabled+0x48/0x290 [ 3468.785848] handle_mm_fault+0x4ec/0xc80 [ 3468.789921] ? __handle_mm_fault+0x55a0/0x55a0 [ 3468.794519] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3468.799544] __get_user_pages+0x8f7/0x1e10 [ 3468.803793] ? follow_page_mask+0x1f40/0x1f40 [ 3468.808294] ? trace_hardirqs_on+0xbd/0x310 [ 3468.812624] ? lock_acquire+0x1db/0x570 [ 3468.816604] ? ___might_sleep+0x1e7/0x310 [ 3468.820763] ? lock_release+0xc40/0xc40 [ 3468.824743] ? rwsem_wake+0x2fd/0x4a0 [ 3468.828557] populate_vma_page_range+0x2bc/0x3b0 [ 3468.833315] ? memset+0x32/0x40 [ 3468.836597] ? follow_page+0x430/0x430 [ 3468.840496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3468.846037] ? vmacache_update+0x114/0x140 [ 3468.850288] __mm_populate+0x27e/0x4c0 [ 3468.854184] ? populate_vma_page_range+0x3b0/0x3b0 [ 3468.859118] ? down_read_killable+0x150/0x150 [ 3468.863619] ? security_mmap_file+0x1a7/0x1e0 [ 3468.868134] vm_mmap_pgoff+0x277/0x2b0 [ 3468.872036] ? vma_is_stack_for_current+0xd0/0xd0 [ 3468.876893] ? check_preemption_disabled+0x48/0x290 [ 3468.881924] ksys_mmap_pgoff+0x102/0x650 [ 3468.886004] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3468.890765] ? trace_hardirqs_on+0xbd/0x310 [ 3468.895094] ? __do_page_fault+0x3f1/0xd60 [ 3468.899353] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3468.904730] ? trace_hardirqs_off_caller+0x300/0x300 [ 3468.909839] __x64_sys_mmap+0xe9/0x1b0 [ 3468.913736] do_syscall_64+0x1a3/0x800 [ 3468.917630] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3468.922564] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3468.927592] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3468.932445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3468.937632] RIP: 0033:0x457ec9 [ 3468.940848] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3468.959747] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3468.967460] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3468.974734] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3468.982011] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3468.989280] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3468.996547] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3469.020583] memory: usage 307100kB, limit 307200kB, failcnt 59458 [ 3469.026846] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3469.035572] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3469.042392] Memory cgroup stats for /syz1: cache:28KB rss:264212KB rss_huge:212992KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220612KB active_anon:4016KB inactive_file:0KB active_file:0KB unevictable:39668KB [ 3469.067692] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14032,uid=0 [ 3469.082413] Memory cgroup out of memory: Kill process 14032 (syz-executor1) score 1145 or sacrifice child [ 3469.092281] Killed process 14032 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3469.110378] oom_reaper: reaped process 14032 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:32 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000], [], [], [0x2]}, 0x45c) 05:27:32 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd47}, 0x28) 05:27:32 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x11) 05:27:32 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x3003, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:32 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x604}, 0x0) 05:27:32 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000], [], [], [0x2]}, 0x45c) [ 3469.294082] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3469.327477] gfs2: fsid=_h: Now mounting FS... [ 3469.332505] attempt to access beyond end of device 05:27:32 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd48}, 0x28) [ 3469.354959] loop3: rw=4096, want=136, limit=24 [ 3469.372054] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3469.384513] gfs2: error 10 reading superblock [ 3469.407690] gfs2: fsid=_h: can't read superblock [ 3469.429615] gfs2: fsid=_h: can't read superblock: -5 [ 3469.433030] CPU: 1 PID: 14572 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3469.441925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3469.451290] Call Trace: [ 3469.453888] dump_stack+0x1db/0x2d0 [ 3469.457529] ? dump_stack_print_info.cold+0x20/0x20 [ 3469.462561] dump_header+0x1e6/0x116c [ 3469.466370] ? add_lock_to_list.isra.0+0x450/0x450 [ 3469.471304] ? print_usage_bug+0xd0/0xd0 [ 3469.475371] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3469.480306] ? ___ratelimit+0x37c/0x686 [ 3469.484292] ? mark_held_locks+0xb1/0x100 [ 3469.488448] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3469.493553] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3469.498658] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3469.503247] ? trace_hardirqs_on+0xbd/0x310 [ 3469.507585] ? kasan_check_read+0x11/0x20 [ 3469.511740] ? ___ratelimit+0x37c/0x686 [ 3469.515715] ? trace_hardirqs_off_caller+0x300/0x300 [ 3469.520822] ? do_raw_spin_trylock+0x270/0x270 [ 3469.525404] ? trace_hardirqs_on_caller+0x310/0x310 [ 3469.530423] ? lock_acquire+0x1db/0x570 [ 3469.534406] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3469.539547] ? ___ratelimit+0xac/0x686 [ 3469.543480] ? idr_get_free+0xee0/0xee0 [ 3469.547463] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3469.552067] oom_kill_process.cold+0x10/0x9d4 [ 3469.556575] ? cgroup_procs_next+0x70/0x70 [ 3469.560820] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3469.565321] ? oom_badness+0xa50/0xa50 [ 3469.569218] ? oom_evaluate_task+0x540/0x540 [ 3469.573636] ? mem_cgroup_iter_break+0x30/0x30 [ 3469.578217] ? mutex_trylock+0x2d0/0x2d0 [ 3469.582281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3469.587833] ? rcu_read_unlock_special+0x380/0x380 [ 3469.592772] out_of_memory+0x885/0x1420 [ 3469.596753] ? mem_cgroup_iter+0x508/0xf30 [ 3469.601017] ? oom_killer_disable+0x340/0x340 [ 3469.605534] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3469.610642] ? lock_acquire+0x1db/0x570 [ 3469.614630] mem_cgroup_out_of_memory+0x160/0x210 [ 3469.619473] ? do_raw_spin_unlock+0xa0/0x330 [ 3469.623892] ? memcg_memory_event+0x40/0x40 [ 3469.628214] ? do_raw_spin_trylock+0x270/0x270 [ 3469.632834] ? _raw_spin_unlock+0x2d/0x50 [ 3469.636995] try_charge+0x12a9/0x19b0 [ 3469.640803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3469.646350] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3469.651202] ? rcu_read_unlock_special+0x380/0x380 [ 3469.656145] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3469.660999] ? get_mem_cgroup_from_page+0x190/0x190 [ 3469.666027] ? rcu_read_lock_sched_held+0x110/0x130 [ 3469.671056] mem_cgroup_try_charge+0x43a/0xdb0 [ 3469.675654] ? mem_cgroup_protected+0xa10/0xa10 [ 3469.680337] ? mark_held_locks+0x100/0x100 [ 3469.684576] ? pmd_val+0x85/0x100 [ 3469.688048] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3469.693585] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3469.699133] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3469.704083] __handle_mm_fault+0x2594/0x55a0 [ 3469.708523] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3469.713383] ? check_preemption_disabled+0x48/0x290 [ 3469.718417] ? handle_mm_fault+0x3cc/0xc80 [ 3469.722671] ? lock_downgrade+0x910/0x910 [ 3469.726819] ? kasan_check_read+0x11/0x20 [ 3469.730970] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3469.736265] ? rcu_read_unlock_special+0x380/0x380 [ 3469.741199] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3469.746738] ? check_preemption_disabled+0x48/0x290 [ 3469.751781] handle_mm_fault+0x4ec/0xc80 [ 3469.755892] ? __handle_mm_fault+0x55a0/0x55a0 [ 3469.760480] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3469.765512] __get_user_pages+0x8f7/0x1e10 [ 3469.769778] ? follow_page_mask+0x1f40/0x1f40 [ 3469.774287] ? lock_acquire+0x1db/0x570 [ 3469.778267] ? ___might_sleep+0x1e7/0x310 [ 3469.782420] ? lock_release+0xc40/0xc40 [ 3469.786428] ? find_held_lock+0x35/0x120 [ 3469.790503] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3469.794574] populate_vma_page_range+0x2bc/0x3b0 [ 3469.799337] ? memset+0x32/0x40 [ 3469.802630] ? follow_page+0x430/0x430 [ 3469.806522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3469.812071] ? vmacache_update+0x114/0x140 [ 3469.816313] __mm_populate+0x27e/0x4c0 [ 3469.820208] ? populate_vma_page_range+0x3b0/0x3b0 [ 3469.825140] ? down_read_killable+0x150/0x150 [ 3469.829654] ? security_mmap_file+0x1a7/0x1e0 [ 3469.834166] vm_mmap_pgoff+0x277/0x2b0 [ 3469.838115] ? vma_is_stack_for_current+0xd0/0xd0 [ 3469.842966] ? kasan_check_read+0x11/0x20 [ 3469.847130] ? _copy_to_user+0xc9/0x120 [ 3469.851112] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3469.856655] ksys_mmap_pgoff+0x102/0x650 [ 3469.860729] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3469.865486] ? trace_hardirqs_on+0xbd/0x310 [ 3469.869822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3469.875363] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3469.880732] ? trace_hardirqs_off_caller+0x300/0x300 [ 3469.885840] __x64_sys_mmap+0xe9/0x1b0 [ 3469.889740] do_syscall_64+0x1a3/0x800 [ 3469.893651] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3469.898601] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3469.904088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3469.908943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3469.914136] RIP: 0033:0x457ec9 [ 3469.917334] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3469.936250] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3469.943962] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3469.951238] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3469.958509] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3469.965781] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3469.973062] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3469.987441] net_ratelimit: 22 callbacks suppressed [ 3469.987449] protocol 88fb is buggy, dev hsr_slave_0 [ 3469.997656] protocol 88fb is buggy, dev hsr_slave_1 [ 3470.002811] protocol 88fb is buggy, dev hsr_slave_0 [ 3470.007960] protocol 88fb is buggy, dev hsr_slave_1 05:27:33 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00}, 0x0) 05:27:33 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000], [], [], [0x2]}, 0x45c) [ 3470.110125] memory: usage 307200kB, limit 307200kB, failcnt 59466 [ 3470.139342] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:27:33 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x3a01, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:33 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3470.208450] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:27:33 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd49}, 0x28) [ 3470.237548] Memory cgroup stats for /syz1: cache:28KB rss:264380KB rss_huge:212992KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220868KB active_anon:4052KB inactive_file:0KB active_file:0KB unevictable:39468KB [ 3470.311460] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14561,uid=0 [ 3470.344885] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:33 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000], [], [], [0x2]}, 0x45c) [ 3470.358442] gfs2: fsid=_h: Now mounting FS... [ 3470.366044] Memory cgroup out of memory: Kill process 14561 (syz-executor1) score 1146 or sacrifice child [ 3470.377923] attempt to access beyond end of device [ 3470.385291] loop3: rw=4096, want=136, limit=29 [ 3470.395729] Killed process 14561 (syz-executor1) total-vm:70664kB, anon-rss:15252kB, file-rss:32768kB, shmem-rss:0kB [ 3470.407380] gfs2: error 10 reading superblock [ 3470.415751] gfs2: fsid=_h: can't read superblock [ 3470.426936] gfs2: fsid=_h: can't read superblock: -5 05:27:33 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd4a}, 0x28) [ 3470.669332] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3470.676200] gfs2: fsid=_h: Now mounting FS... [ 3470.711098] attempt to access beyond end of device [ 3470.723543] loop3: rw=4096, want=136, limit=29 [ 3470.745324] gfs2: error 10 reading superblock [ 3470.750347] gfs2: fsid=_h: can't read superblock [ 3470.755338] gfs2: fsid=_h: can't read superblock: -5 05:27:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x12) 05:27:34 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000], [], [], [0x2]}, 0x45c) 05:27:34 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:34 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd4b}, 0x28) 05:27:34 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], [], [], [0x2]}, 0x45c) 05:27:34 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ac5}, 0x0) 05:27:34 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd4c}, 0x28) 05:27:34 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x3c01, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) [ 3471.017303] protocol 88fb is buggy, dev hsr_slave_0 [ 3471.017344] protocol 88fb is buggy, dev hsr_slave_1 [ 3471.022451] protocol 88fb is buggy, dev hsr_slave_1 [ 3471.032561] protocol 88fb is buggy, dev hsr_slave_0 [ 3471.037726] protocol 88fb is buggy, dev hsr_slave_1 [ 3471.042863] protocol 88fb is buggy, dev hsr_slave_0 05:27:34 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000], [], [], [0x2]}, 0x45c) [ 3471.197703] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3471.224027] gfs2: fsid=_h: Now mounting FS... [ 3471.269124] attempt to access beyond end of device 05:27:34 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd4d}, 0x28) [ 3471.300207] loop3: rw=4096, want=136, limit=30 [ 3471.317758] gfs2: error 10 reading superblock [ 3471.322503] gfs2: fsid=_h: can't read superblock [ 3471.342179] gfs2: fsid=_h: can't read superblock: -5 [ 3471.354959] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3471.387350] CPU: 0 PID: 14637 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3471.394549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3471.403902] Call Trace: [ 3471.406496] dump_stack+0x1db/0x2d0 [ 3471.410136] ? dump_stack_print_info.cold+0x20/0x20 [ 3471.415209] dump_header+0x1e6/0x116c [ 3471.419037] ? add_lock_to_list.isra.0+0x450/0x450 [ 3471.423976] ? print_usage_bug+0xd0/0xd0 [ 3471.428081] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3471.433050] ? ___ratelimit+0x37c/0x686 [ 3471.437054] ? mark_held_locks+0xb1/0x100 [ 3471.441210] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3471.446345] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3471.451484] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3471.456072] ? trace_hardirqs_on+0xbd/0x310 [ 3471.460395] ? kasan_check_read+0x11/0x20 [ 3471.464548] ? ___ratelimit+0x37c/0x686 [ 3471.468525] ? trace_hardirqs_off_caller+0x300/0x300 [ 3471.473627] ? do_raw_spin_trylock+0x270/0x270 [ 3471.478212] ? trace_hardirqs_on_caller+0x310/0x310 [ 3471.483229] ? lock_acquire+0x1db/0x570 [ 3471.487223] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3471.492333] ? ___ratelimit+0xac/0x686 [ 3471.496242] ? idr_get_free+0xee0/0xee0 [ 3471.500219] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3471.504809] oom_kill_process.cold+0x10/0x9d4 [ 3471.509308] ? cgroup_procs_next+0x70/0x70 [ 3471.513550] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3471.518051] ? oom_badness+0xa50/0xa50 [ 3471.521961] ? oom_evaluate_task+0x540/0x540 [ 3471.526391] ? mem_cgroup_iter_break+0x30/0x30 [ 3471.530976] ? mutex_trylock+0x2d0/0x2d0 [ 3471.535059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3471.540628] ? rcu_read_unlock_special+0x380/0x380 [ 3471.545571] out_of_memory+0x885/0x1420 [ 3471.549556] ? mem_cgroup_iter+0x508/0xf30 [ 3471.553795] ? oom_killer_disable+0x340/0x340 [ 3471.558324] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3471.563431] ? lock_acquire+0x1db/0x570 [ 3471.567432] mem_cgroup_out_of_memory+0x160/0x210 [ 3471.572288] ? do_raw_spin_unlock+0xa0/0x330 [ 3471.576712] ? memcg_memory_event+0x40/0x40 [ 3471.581045] ? do_raw_spin_trylock+0x270/0x270 [ 3471.585683] ? _raw_spin_unlock+0x2d/0x50 [ 3471.589850] try_charge+0x12a9/0x19b0 [ 3471.593652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3471.599214] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3471.604076] ? rcu_read_unlock_special+0x380/0x380 [ 3471.609025] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3471.613869] ? get_mem_cgroup_from_page+0x190/0x190 [ 3471.618896] ? rcu_read_lock_sched_held+0x110/0x130 [ 3471.623918] mem_cgroup_try_charge+0x43a/0xdb0 [ 3471.628502] ? mem_cgroup_protected+0xa10/0xa10 [ 3471.633200] ? mark_held_locks+0x100/0x100 [ 3471.637439] ? pmd_val+0x85/0x100 [ 3471.640896] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3471.646452] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3471.652012] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3471.656945] __handle_mm_fault+0x2594/0x55a0 [ 3471.661447] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3471.666290] ? check_preemption_disabled+0x48/0x290 [ 3471.671328] ? handle_mm_fault+0x3cc/0xc80 [ 3471.675594] ? lock_downgrade+0x910/0x910 [ 3471.679756] ? kasan_check_read+0x11/0x20 [ 3471.683921] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3471.689217] ? rcu_read_unlock_special+0x380/0x380 [ 3471.694207] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3471.699752] ? check_preemption_disabled+0x48/0x290 [ 3471.704785] handle_mm_fault+0x4ec/0xc80 [ 3471.708862] ? __handle_mm_fault+0x55a0/0x55a0 [ 3471.713451] ? __get_user_pages+0x4e7/0x1e10 [ 3471.717870] __get_user_pages+0x8f7/0x1e10 [ 3471.722124] ? follow_page_mask+0x1f40/0x1f40 [ 3471.726634] ? lock_acquire+0x1db/0x570 [ 3471.730613] ? ___might_sleep+0x1e7/0x310 [ 3471.734765] ? lock_release+0xc40/0xc40 [ 3471.738741] ? find_held_lock+0x35/0x120 [ 3471.742812] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3471.746879] populate_vma_page_range+0x2bc/0x3b0 [ 3471.751635] ? memset+0x32/0x40 [ 3471.754948] ? follow_page+0x430/0x430 [ 3471.758834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3471.764371] ? vmacache_update+0x114/0x140 [ 3471.768637] __mm_populate+0x27e/0x4c0 [ 3471.772531] ? populate_vma_page_range+0x3b0/0x3b0 [ 3471.777459] ? down_read_killable+0x150/0x150 [ 3471.782020] ? security_mmap_file+0x1a7/0x1e0 [ 3471.786550] vm_mmap_pgoff+0x277/0x2b0 [ 3471.790447] ? vma_is_stack_for_current+0xd0/0xd0 [ 3471.795289] ? kasan_check_read+0x11/0x20 [ 3471.799434] ? _copy_to_user+0xc9/0x120 [ 3471.803410] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3471.808954] ksys_mmap_pgoff+0x102/0x650 [ 3471.813048] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3471.817803] ? trace_hardirqs_on+0xbd/0x310 [ 3471.822123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3471.827659] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3471.833054] ? trace_hardirqs_off_caller+0x300/0x300 [ 3471.838165] __x64_sys_mmap+0xe9/0x1b0 [ 3471.842077] do_syscall_64+0x1a3/0x800 [ 3471.845966] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3471.850917] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3471.855942] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3471.860793] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3471.865999] RIP: 0033:0x457ec9 [ 3471.869224] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3471.888133] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3471.895839] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 05:27:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3471.903268] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3471.910563] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3471.917841] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3471.925107] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff 05:27:35 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000], [], [], [0x2]}, 0x45c) [ 3472.037306] memory: usage 307200kB, limit 307200kB, failcnt 59489 [ 3472.043579] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3472.075805] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3472.126110] Memory cgroup stats for /syz1: cache:28KB rss:268560KB rss_huge:215040KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220860KB active_anon:4076KB inactive_file:0KB active_file:0KB unevictable:43724KB [ 3472.225480] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14040,uid=0 [ 3472.246256] Memory cgroup out of memory: Kill process 14040 (syz-executor1) score 1145 or sacrifice child [ 3472.256559] Killed process 14040 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3472.369012] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3472.378817] CPU: 1 PID: 14675 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3472.386007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3472.395350] Call Trace: [ 3472.397954] dump_stack+0x1db/0x2d0 [ 3472.401611] ? dump_stack_print_info.cold+0x20/0x20 [ 3472.406644] dump_header+0x1e6/0x116c [ 3472.410451] ? add_lock_to_list.isra.0+0x450/0x450 [ 3472.415370] ? print_usage_bug+0xd0/0xd0 [ 3472.419435] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3472.424350] ? ___ratelimit+0x37c/0x686 [ 3472.428345] ? mark_held_locks+0xb1/0x100 [ 3472.432482] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3472.437583] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3472.442718] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3472.447317] ? trace_hardirqs_on+0xbd/0x310 [ 3472.451625] ? kasan_check_read+0x11/0x20 [ 3472.455759] ? ___ratelimit+0x37c/0x686 [ 3472.459720] ? trace_hardirqs_off_caller+0x300/0x300 [ 3472.464808] ? do_raw_spin_trylock+0x270/0x270 [ 3472.469377] ? trace_hardirqs_on_caller+0x310/0x310 [ 3472.474379] ? lock_acquire+0x1db/0x570 [ 3472.478354] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3472.483446] ? ___ratelimit+0xac/0x686 [ 3472.487319] ? idr_get_free+0xee0/0xee0 [ 3472.491279] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3472.495869] oom_kill_process.cold+0x10/0x9d4 [ 3472.500356] ? cgroup_procs_next+0x70/0x70 [ 3472.504578] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3472.509086] ? oom_badness+0xa50/0xa50 [ 3472.512993] ? oom_evaluate_task+0x540/0x540 [ 3472.517410] ? mem_cgroup_iter_break+0x30/0x30 [ 3472.521992] ? mutex_trylock+0x2d0/0x2d0 [ 3472.526048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3472.531611] ? rcu_read_unlock_special+0x380/0x380 [ 3472.536535] out_of_memory+0x885/0x1420 [ 3472.540506] ? mem_cgroup_iter+0x508/0xf30 [ 3472.544747] ? oom_killer_disable+0x340/0x340 [ 3472.549252] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3472.554360] ? lock_acquire+0x1db/0x570 [ 3472.558352] mem_cgroup_out_of_memory+0x160/0x210 [ 3472.563203] ? do_raw_spin_unlock+0xa0/0x330 [ 3472.567607] ? memcg_memory_event+0x40/0x40 [ 3472.571929] ? do_raw_spin_trylock+0x270/0x270 [ 3472.576561] ? _raw_spin_unlock+0x2d/0x50 [ 3472.580718] try_charge+0x12a9/0x19b0 [ 3472.584526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3472.590075] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3472.594913] ? rcu_read_unlock_special+0x380/0x380 [ 3472.599840] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3472.604677] ? get_mem_cgroup_from_page+0x190/0x190 [ 3472.609690] ? rcu_read_lock_sched_held+0x110/0x130 [ 3472.614704] mem_cgroup_try_charge+0x43a/0xdb0 [ 3472.619285] ? mem_cgroup_protected+0xa10/0xa10 [ 3472.623953] ? mark_held_locks+0x100/0x100 [ 3472.628223] ? pmd_val+0x85/0x100 [ 3472.631672] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3472.637217] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3472.642767] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3472.647697] __handle_mm_fault+0x2594/0x55a0 [ 3472.652107] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3472.656947] ? check_preemption_disabled+0x48/0x290 [ 3472.661960] ? handle_mm_fault+0x3cc/0xc80 [ 3472.666219] ? lock_downgrade+0x910/0x910 [ 3472.670401] ? kasan_check_read+0x11/0x20 [ 3472.674578] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3472.679907] ? rcu_read_unlock_special+0x380/0x380 [ 3472.684836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3472.690381] ? check_preemption_disabled+0x48/0x290 [ 3472.695441] handle_mm_fault+0x4ec/0xc80 [ 3472.699513] ? __handle_mm_fault+0x55a0/0x55a0 [ 3472.704095] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3472.709108] __get_user_pages+0x8f7/0x1e10 [ 3472.713346] ? follow_page_mask+0x1f40/0x1f40 [ 3472.717839] ? lock_acquire+0x1db/0x570 [ 3472.721810] ? ___might_sleep+0x1e7/0x310 [ 3472.725956] ? lock_release+0xc40/0xc40 [ 3472.729941] ? find_held_lock+0x35/0x120 [ 3472.734021] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3472.738097] populate_vma_page_range+0x2bc/0x3b0 [ 3472.742849] ? memset+0x32/0x40 [ 3472.746124] ? follow_page+0x430/0x430 [ 3472.750035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3472.755577] ? vmacache_update+0x114/0x140 [ 3472.759809] __mm_populate+0x27e/0x4c0 [ 3472.763707] ? populate_vma_page_range+0x3b0/0x3b0 [ 3472.768829] ? down_read_killable+0x150/0x150 [ 3472.773326] ? security_mmap_file+0x1a7/0x1e0 [ 3472.777822] vm_mmap_pgoff+0x277/0x2b0 [ 3472.781711] ? vma_is_stack_for_current+0xd0/0xd0 [ 3472.786673] ? check_preemption_disabled+0x48/0x290 [ 3472.791693] ksys_mmap_pgoff+0x102/0x650 [ 3472.795773] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3472.800535] ? trace_hardirqs_on+0xbd/0x310 [ 3472.804861] ? __do_page_fault+0x3f1/0xd60 [ 3472.809105] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3472.814464] ? trace_hardirqs_off_caller+0x300/0x300 [ 3472.819563] __x64_sys_mmap+0xe9/0x1b0 [ 3472.823453] do_syscall_64+0x1a3/0x800 [ 3472.827341] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3472.832278] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3472.837305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3472.842188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3472.847372] RIP: 0033:0x457ec9 [ 3472.850561] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3472.869455] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3472.877155] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3472.884417] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3472.891681] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3472.898946] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3472.906253] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3472.916336] memory: usage 307156kB, limit 307200kB, failcnt 59543 [ 3472.922715] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3472.929574] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3472.935735] Memory cgroup stats for /syz1: cache:28KB rss:268508KB rss_huge:215040KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220736KB active_anon:4028KB inactive_file:0KB active_file:0KB unevictable:43844KB [ 3472.957333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14092,uid=0 05:27:36 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x13) 05:27:36 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd4e}, 0x28) 05:27:36 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, 0x0) 05:27:36 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x3f00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000], [], [], [0x2]}, 0x45c) 05:27:36 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3472.971950] Memory cgroup out of memory: Kill process 14092 (syz-executor1) score 1145 or sacrifice child [ 3472.981805] Killed process 14092 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3473.006981] oom_reaper: reaped process 14092 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000], [], [], [0x2]}, 0x45c) 05:27:36 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd4f}, 0x28) [ 3473.158178] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3473.175394] gfs2: fsid=_h: Now mounting FS... [ 3473.194118] attempt to access beyond end of device [ 3473.213592] loop3: rw=4096, want=136, limit=31 [ 3473.237349] gfs2: error 10 reading superblock [ 3473.257145] gfs2: fsid=_h: can't read superblock [ 3473.292733] gfs2: fsid=_h: can't read superblock: -5 05:27:36 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd50}, 0x28) 05:27:36 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000], [], [], [0x2]}, 0x45c) 05:27:36 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd51}, 0x28) [ 3473.592835] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3473.617639] gfs2: fsid=_h: Now mounting FS... [ 3473.634589] attempt to access beyond end of device [ 3473.647569] loop3: rw=4096, want=136, limit=31 [ 3473.652319] gfs2: error 10 reading superblock [ 3473.668863] gfs2: fsid=_h: can't read superblock [ 3473.683370] gfs2: fsid=_h: can't read superblock: -5 [ 3473.727939] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3473.771103] CPU: 1 PID: 14696 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3473.778316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3473.787676] Call Trace: [ 3473.790284] dump_stack+0x1db/0x2d0 [ 3473.793937] ? dump_stack_print_info.cold+0x20/0x20 [ 3473.799004] dump_header+0x1e6/0x116c [ 3473.802828] ? add_lock_to_list.isra.0+0x450/0x450 [ 3473.807782] ? print_usage_bug+0xd0/0xd0 [ 3473.811865] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3473.816957] ? ___ratelimit+0x37c/0x686 [ 3473.820978] ? mark_held_locks+0xb1/0x100 [ 3473.825167] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3473.830290] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3473.835413] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3473.840156] ? trace_hardirqs_on+0xbd/0x310 [ 3473.844502] ? kasan_check_read+0x11/0x20 [ 3473.848660] ? ___ratelimit+0x37c/0x686 [ 3473.852631] ? trace_hardirqs_off_caller+0x300/0x300 [ 3473.857727] ? do_raw_spin_trylock+0x270/0x270 [ 3473.862307] ? trace_hardirqs_on_caller+0x310/0x310 [ 3473.867317] ? lock_acquire+0x1db/0x570 [ 3473.871293] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3473.876405] ? ___ratelimit+0xac/0x686 [ 3473.880298] ? idr_get_free+0xee0/0xee0 [ 3473.884271] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3473.888933] oom_kill_process.cold+0x10/0x9d4 [ 3473.893448] ? cgroup_procs_next+0x70/0x70 [ 3473.897694] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3473.902185] ? oom_badness+0xa50/0xa50 [ 3473.906072] ? oom_evaluate_task+0x540/0x540 [ 3473.910481] ? mem_cgroup_iter_break+0x30/0x30 [ 3473.915078] ? mutex_trylock+0x2d0/0x2d0 [ 3473.919150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3473.924750] ? rcu_read_unlock_special+0x380/0x380 [ 3473.929680] out_of_memory+0x885/0x1420 [ 3473.933652] ? mem_cgroup_iter+0x508/0xf30 [ 3473.937886] ? oom_killer_disable+0x340/0x340 [ 3473.942384] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3473.947483] ? lock_acquire+0x1db/0x570 [ 3473.951461] mem_cgroup_out_of_memory+0x160/0x210 [ 3473.956298] ? do_raw_spin_unlock+0xa0/0x330 [ 3473.960706] ? memcg_memory_event+0x40/0x40 [ 3473.965098] ? do_raw_spin_trylock+0x270/0x270 [ 3473.969714] ? _raw_spin_unlock+0x2d/0x50 [ 3473.973872] try_charge+0x12a9/0x19b0 [ 3473.977682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3473.983233] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3473.988089] ? rcu_read_unlock_special+0x380/0x380 [ 3473.993038] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3473.997877] ? get_mem_cgroup_from_page+0x190/0x190 [ 3474.002907] ? rcu_read_lock_sched_held+0x110/0x130 [ 3474.008005] mem_cgroup_try_charge+0x43a/0xdb0 [ 3474.012589] ? mem_cgroup_protected+0xa10/0xa10 [ 3474.017267] ? mark_held_locks+0x100/0x100 [ 3474.021509] ? pmd_val+0x85/0x100 [ 3474.024959] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3474.030513] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3474.036064] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3474.041026] __handle_mm_fault+0x2594/0x55a0 [ 3474.045438] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3474.050279] ? check_preemption_disabled+0x48/0x290 [ 3474.055337] ? handle_mm_fault+0x3cc/0xc80 [ 3474.059579] ? lock_downgrade+0x910/0x910 [ 3474.063724] ? kasan_check_read+0x11/0x20 [ 3474.067870] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3474.073189] ? rcu_read_unlock_special+0x380/0x380 [ 3474.078118] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3474.083654] ? check_preemption_disabled+0x48/0x290 [ 3474.088683] handle_mm_fault+0x4ec/0xc80 [ 3474.092748] ? __handle_mm_fault+0x55a0/0x55a0 [ 3474.097345] ? __get_user_pages+0xa32/0x1e10 [ 3474.101746] __get_user_pages+0x8f7/0x1e10 [ 3474.106001] ? follow_page_mask+0x1f40/0x1f40 [ 3474.110500] ? trace_hardirqs_on+0xbd/0x310 [ 3474.114837] ? lock_acquire+0x1db/0x570 [ 3474.118824] ? ___might_sleep+0x1e7/0x310 [ 3474.122969] ? lock_release+0xc40/0xc40 [ 3474.126959] ? rwsem_wake+0x2fd/0x4a0 [ 3474.130775] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3474.134841] populate_vma_page_range+0x2bc/0x3b0 [ 3474.139608] ? memset+0x32/0x40 [ 3474.142886] ? follow_page+0x430/0x430 [ 3474.146768] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3474.152309] ? vmacache_update+0x114/0x140 [ 3474.156545] __mm_populate+0x27e/0x4c0 [ 3474.160434] ? populate_vma_page_range+0x3b0/0x3b0 [ 3474.165401] ? down_read_killable+0x150/0x150 [ 3474.169943] ? security_mmap_file+0x1a7/0x1e0 [ 3474.174442] vm_mmap_pgoff+0x277/0x2b0 [ 3474.178329] ? vma_is_stack_for_current+0xd0/0xd0 [ 3474.183175] ? check_preemption_disabled+0x48/0x290 [ 3474.188237] ksys_mmap_pgoff+0x102/0x650 [ 3474.192299] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3474.197064] ? trace_hardirqs_on+0xbd/0x310 [ 3474.201399] ? __do_page_fault+0x3f1/0xd60 [ 3474.205632] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3474.211010] ? trace_hardirqs_off_caller+0x300/0x300 [ 3474.216116] __x64_sys_mmap+0xe9/0x1b0 [ 3474.220019] do_syscall_64+0x1a3/0x800 [ 3474.223910] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3474.228841] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3474.233870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3474.238714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3474.243898] RIP: 0033:0x457ec9 [ 3474.247087] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3474.266010] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3474.273714] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3474.280979] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3474.288275] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3474.295588] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3474.302853] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3474.316567] memory: usage 307200kB, limit 307200kB, failcnt 59602 [ 3474.323511] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3474.330636] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3474.354714] Memory cgroup stats for /syz1: cache:28KB rss:268484KB rss_huge:212992KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220860KB active_anon:4064KB inactive_file:0KB active_file:0KB unevictable:43656KB [ 3474.401581] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14174,uid=0 [ 3474.416470] Memory cgroup out of memory: Kill process 14174 (syz-executor1) score 1145 or sacrifice child [ 3474.426426] Killed process 14174 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3474.466572] oom_reaper: reaped process 14174 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:37 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x14) 05:27:37 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000], [], [], [0x2]}, 0x45c) 05:27:37 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd52}, 0x28) 05:27:37 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0) 05:27:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:37 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:38 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd53}, 0x28) 05:27:38 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [], [0x2]}, 0x45c) [ 3474.688145] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3474.737037] gfs2: fsid=_h: Now mounting FS... [ 3474.746723] attempt to access beyond end of device [ 3474.771063] loop3: rw=4096, want=136, limit=32 [ 3474.795853] gfs2: error 10 reading superblock [ 3474.820840] gfs2: fsid=_h: can't read superblock 05:27:38 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd54}, 0x28) [ 3474.857307] gfs2: fsid=_h: can't read superblock: -5 [ 3474.880510] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 05:27:38 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [], [0x2]}, 0x45c) [ 3474.961222] CPU: 0 PID: 14744 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3474.968481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3474.977868] Call Trace: [ 3474.980494] dump_stack+0x1db/0x2d0 [ 3474.984162] ? dump_stack_print_info.cold+0x20/0x20 [ 3474.984201] dump_header+0x1e6/0x116c [ 3474.984223] ? add_lock_to_list.isra.0+0x450/0x450 [ 3474.984240] ? print_usage_bug+0xd0/0xd0 [ 3475.002180] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3475.007145] ? ___ratelimit+0x37c/0x686 [ 3475.011146] ? mark_held_locks+0xb1/0x100 [ 3475.015345] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3475.020472] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3475.025590] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3475.030188] ? trace_hardirqs_on+0xbd/0x310 [ 3475.034529] ? kasan_check_read+0x11/0x20 [ 3475.038691] ? ___ratelimit+0x37c/0x686 [ 3475.042684] ? trace_hardirqs_off_caller+0x300/0x300 [ 3475.047801] ? do_raw_spin_trylock+0x270/0x270 [ 3475.052409] ? trace_hardirqs_on_caller+0x310/0x310 [ 3475.057446] ? lock_acquire+0x1db/0x570 [ 3475.061461] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3475.066586] ? ___ratelimit+0xac/0x686 [ 3475.070491] ? idr_get_free+0xee0/0xee0 [ 3475.074479] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3475.079200] oom_kill_process.cold+0x10/0x9d4 [ 3475.083729] ? cgroup_procs_next+0x70/0x70 [ 3475.088028] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3475.092547] ? oom_badness+0xa50/0xa50 [ 3475.096465] ? oom_evaluate_task+0x540/0x540 [ 3475.100900] ? mem_cgroup_iter_break+0x30/0x30 [ 3475.105500] ? mutex_trylock+0x2d0/0x2d0 [ 3475.109574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3475.115155] ? rcu_read_unlock_special+0x380/0x380 [ 3475.120129] out_of_memory+0x885/0x1420 [ 3475.124122] ? mem_cgroup_iter+0x508/0xf30 [ 3475.128376] ? oom_killer_disable+0x340/0x340 [ 3475.132888] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3475.138029] ? lock_acquire+0x1db/0x570 [ 3475.142056] mem_cgroup_out_of_memory+0x160/0x210 [ 3475.146920] ? do_raw_spin_unlock+0xa0/0x330 [ 3475.151356] ? memcg_memory_event+0x40/0x40 [ 3475.155704] ? do_raw_spin_trylock+0x270/0x270 [ 3475.160324] ? _raw_spin_unlock+0x2d/0x50 [ 3475.164517] try_charge+0x12a9/0x19b0 [ 3475.168341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3475.173904] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3475.177668] net_ratelimit: 17 callbacks suppressed [ 3475.177677] protocol 88fb is buggy, dev hsr_slave_0 [ 3475.178775] ? rcu_read_unlock_special+0x380/0x380 [ 3475.183764] protocol 88fb is buggy, dev hsr_slave_1 [ 3475.188744] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3475.188760] ? get_mem_cgroup_from_page+0x190/0x190 [ 3475.188782] ? rcu_read_lock_sched_held+0x110/0x130 [ 3475.188815] mem_cgroup_try_charge+0x43a/0xdb0 [ 3475.193825] protocol 88fb is buggy, dev hsr_slave_0 [ 3475.198752] ? mem_cgroup_protected+0xa10/0xa10 [ 3475.198783] ? mark_held_locks+0x100/0x100 [ 3475.198799] ? pmd_val+0x85/0x100 [ 3475.203688] protocol 88fb is buggy, dev hsr_slave_1 [ 3475.208655] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3475.208669] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3475.208698] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3475.213805] protocol 88fb is buggy, dev hsr_slave_0 [ 3475.218294] __handle_mm_fault+0x2594/0x55a0 [ 3475.218320] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3475.218339] ? check_preemption_disabled+0x48/0x290 [ 3475.223397] protocol 88fb is buggy, dev hsr_slave_1 [ 3475.228045] ? handle_mm_fault+0x3cc/0xc80 [ 3475.228082] ? lock_downgrade+0x910/0x910 [ 3475.289928] ? kasan_check_read+0x11/0x20 [ 3475.294103] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3475.299403] ? rcu_read_unlock_special+0x380/0x380 [ 3475.304354] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3475.309909] ? check_preemption_disabled+0x48/0x290 [ 3475.314971] handle_mm_fault+0x4ec/0xc80 [ 3475.319111] ? __handle_mm_fault+0x55a0/0x55a0 [ 3475.323719] ? __get_user_pages+0xa99/0x1e10 [ 3475.328168] __get_user_pages+0x8f7/0x1e10 [ 3475.332440] ? follow_page_mask+0x1f40/0x1f40 [ 3475.336958] ? lock_acquire+0x1db/0x570 [ 3475.341005] ? ___might_sleep+0x1e7/0x310 [ 3475.345175] ? lock_release+0xc40/0xc40 [ 3475.349167] ? find_held_lock+0x35/0x120 [ 3475.353251] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3475.357328] populate_vma_page_range+0x2bc/0x3b0 [ 3475.362097] ? memset+0x32/0x40 [ 3475.365405] ? follow_page+0x430/0x430 [ 3475.369312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3475.374882] ? vmacache_update+0x114/0x140 [ 3475.379158] __mm_populate+0x27e/0x4c0 [ 3475.383093] ? populate_vma_page_range+0x3b0/0x3b0 [ 3475.388078] ? down_read_killable+0x150/0x150 [ 3475.392599] ? security_mmap_file+0x1a7/0x1e0 [ 3475.397189] vm_mmap_pgoff+0x277/0x2b0 [ 3475.401120] ? vma_is_stack_for_current+0xd0/0xd0 [ 3475.406011] ? kasan_check_read+0x11/0x20 [ 3475.410199] ? _copy_to_user+0xc9/0x120 [ 3475.414201] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3475.419756] ksys_mmap_pgoff+0x102/0x650 [ 3475.423837] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3475.428605] ? trace_hardirqs_on+0xbd/0x310 [ 3475.432934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3475.438486] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3475.443857] ? trace_hardirqs_off_caller+0x300/0x300 [ 3475.448978] __x64_sys_mmap+0xe9/0x1b0 [ 3475.452947] do_syscall_64+0x1a3/0x800 [ 3475.456849] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3475.461796] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3475.466825] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3475.471689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3475.476885] RIP: 0033:0x457ec9 [ 3475.480091] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3475.499016] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 05:27:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3475.506733] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3475.514031] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3475.521310] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3475.528587] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3475.535868] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3475.543435] protocol 88fb is buggy, dev hsr_slave_0 [ 3475.548594] protocol 88fb is buggy, dev hsr_slave_1 [ 3475.574329] memory: usage 307200kB, limit 307200kB, failcnt 59674 [ 3475.583934] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3475.603770] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:39 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f00}, 0x0) [ 3475.628661] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3475.634832] Memory cgroup stats for /syz1: cache:28KB rss:268552KB rss_huge:208896KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220984KB active_anon:4100KB inactive_file:0KB active_file:0KB unevictable:43504KB [ 3475.667602] gfs2: fsid=_h: Now mounting FS... [ 3475.678765] attempt to access beyond end of device [ 3475.693413] loop3: rw=4096, want=136, limit=32 [ 3475.715754] gfs2: error 10 reading superblock [ 3475.746261] gfs2: fsid=_h: can't read superblock [ 3475.772077] gfs2: fsid=_h: can't read superblock: -5 [ 3475.833611] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14184,uid=0 [ 3475.865376] Memory cgroup out of memory: Kill process 14184 (syz-executor1) score 1145 or sacrifice child [ 3475.882057] Killed process 14184 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3475.902134] oom_reaper: reaped process 14184 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3476.014358] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3476.024491] CPU: 0 PID: 14771 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3476.031692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3476.031699] Call Trace: [ 3476.031721] dump_stack+0x1db/0x2d0 [ 3476.031740] ? dump_stack_print_info.cold+0x20/0x20 [ 3476.031769] dump_header+0x1e6/0x116c [ 3476.031788] ? add_lock_to_list.isra.0+0x450/0x450 [ 3476.031807] ? print_usage_bug+0xd0/0xd0 [ 3476.031826] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3476.031843] ? ___ratelimit+0x37c/0x686 [ 3476.031868] ? mark_held_locks+0xb1/0x100 [ 3476.052437] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3476.052454] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3476.052470] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3476.052486] ? trace_hardirqs_on+0xbd/0x310 [ 3476.088508] ? kasan_check_read+0x11/0x20 [ 3476.097407] ? ___ratelimit+0x37c/0x686 [ 3476.097423] ? trace_hardirqs_off_caller+0x300/0x300 [ 3476.097438] ? do_raw_spin_trylock+0x270/0x270 [ 3476.097453] ? trace_hardirqs_on_caller+0x310/0x310 [ 3476.097467] ? lock_acquire+0x1db/0x570 [ 3476.097491] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3476.097515] ? ___ratelimit+0xac/0x686 [ 3476.133348] ? idr_get_free+0xee0/0xee0 [ 3476.137347] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3476.141965] oom_kill_process.cold+0x10/0x9d4 [ 3476.146501] ? cgroup_procs_next+0x70/0x70 [ 3476.150763] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3476.155281] ? oom_badness+0xa50/0xa50 [ 3476.159214] ? oom_evaluate_task+0x540/0x540 [ 3476.163646] ? mem_cgroup_iter_break+0x30/0x30 [ 3476.168245] ? mutex_trylock+0x2d0/0x2d0 [ 3476.172316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3476.177876] ? rcu_read_unlock_special+0x380/0x380 [ 3476.182816] out_of_memory+0x885/0x1420 [ 3476.186791] ? mem_cgroup_iter+0x508/0xf30 [ 3476.191106] ? oom_killer_disable+0x340/0x340 [ 3476.195612] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3476.200722] ? lock_acquire+0x1db/0x570 [ 3476.204708] mem_cgroup_out_of_memory+0x160/0x210 [ 3476.209556] ? do_raw_spin_unlock+0xa0/0x330 [ 3476.213982] ? memcg_memory_event+0x40/0x40 [ 3476.218329] ? do_raw_spin_trylock+0x270/0x270 [ 3476.223009] ? _raw_spin_unlock+0x2d/0x50 [ 3476.227162] try_charge+0x12a9/0x19b0 [ 3476.230960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3476.236516] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3476.241366] ? rcu_read_unlock_special+0x380/0x380 [ 3476.246308] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3476.251162] ? get_mem_cgroup_from_page+0x190/0x190 [ 3476.256194] ? rcu_read_lock_sched_held+0x110/0x130 [ 3476.261220] mem_cgroup_try_charge+0x43a/0xdb0 [ 3476.265815] ? mem_cgroup_protected+0xa10/0xa10 [ 3476.270487] ? mark_held_locks+0x100/0x100 [ 3476.274720] ? pmd_val+0x85/0x100 [ 3476.278181] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3476.283724] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3476.289389] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3476.294327] __handle_mm_fault+0x2594/0x55a0 [ 3476.298756] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3476.303608] ? check_preemption_disabled+0x48/0x290 [ 3476.308633] ? handle_mm_fault+0x3cc/0xc80 [ 3476.312880] ? lock_downgrade+0x910/0x910 [ 3476.317033] ? kasan_check_read+0x11/0x20 [ 3476.321191] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3476.326485] ? rcu_read_unlock_special+0x380/0x380 [ 3476.331423] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3476.336955] ? check_preemption_disabled+0x48/0x290 [ 3476.341970] handle_mm_fault+0x4ec/0xc80 [ 3476.346065] ? __handle_mm_fault+0x55a0/0x55a0 [ 3476.350668] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3476.355687] __get_user_pages+0x8f7/0x1e10 [ 3476.359943] ? follow_page_mask+0x1f40/0x1f40 [ 3476.364458] ? trace_hardirqs_on+0xbd/0x310 [ 3476.368803] ? lock_acquire+0x1db/0x570 [ 3476.372784] ? ___might_sleep+0x1e7/0x310 [ 3476.376929] ? lock_release+0xc40/0xc40 [ 3476.380915] ? rwsem_wake+0x2fd/0x4a0 [ 3476.384726] populate_vma_page_range+0x2bc/0x3b0 [ 3476.389489] ? memset+0x32/0x40 [ 3476.392779] ? follow_page+0x430/0x430 [ 3476.396661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3476.402193] ? vmacache_update+0x114/0x140 [ 3476.406427] __mm_populate+0x27e/0x4c0 [ 3476.410315] ? populate_vma_page_range+0x3b0/0x3b0 [ 3476.415241] ? down_read_killable+0x150/0x150 [ 3476.419750] ? security_mmap_file+0x1a7/0x1e0 [ 3476.424254] vm_mmap_pgoff+0x277/0x2b0 [ 3476.428158] ? vma_is_stack_for_current+0xd0/0xd0 [ 3476.433031] ? check_preemption_disabled+0x48/0x290 [ 3476.438076] ksys_mmap_pgoff+0x102/0x650 [ 3476.442148] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3476.446899] ? trace_hardirqs_on+0xbd/0x310 [ 3476.451222] ? __do_page_fault+0x3f1/0xd60 [ 3476.455457] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3476.460829] ? trace_hardirqs_off_caller+0x300/0x300 [ 3476.465940] __x64_sys_mmap+0xe9/0x1b0 [ 3476.469831] do_syscall_64+0x1a3/0x800 [ 3476.473715] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3476.478652] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3476.483677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3476.488535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3476.493736] RIP: 0033:0x457ec9 [ 3476.496953] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3476.515854] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3476.523566] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3476.530836] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3476.538120] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3476.545391] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3476.552662] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3476.561056] protocol 88fb is buggy, dev hsr_slave_0 [ 3476.566129] protocol 88fb is buggy, dev hsr_slave_1 [ 3476.572731] memory: usage 307200kB, limit 307200kB, failcnt 59718 [ 3476.581553] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3476.593714] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3476.602458] Memory cgroup stats for /syz1: cache:28KB rss:269528KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220860KB active_anon:4080KB inactive_file:0KB active_file:0KB unevictable:44676KB [ 3476.624365] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14334,uid=0 [ 3476.639797] Memory cgroup out of memory: Kill process 14334 (syz-executor1) score 1145 or sacrifice child [ 3476.649895] Killed process 14334 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:40 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x15) 05:27:40 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x2]}, 0x45c) 05:27:40 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd55}, 0x28) 05:27:40 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x4088, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:40 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80fe}, 0x0) [ 3476.671530] oom_reaper: reaped process 14334 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:40 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe}, 0x0) [ 3476.792434] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:40 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [], [0x2]}, 0x45c) 05:27:40 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd56}, 0x28) [ 3476.929094] gfs2: fsid=_h: Now mounting FS... [ 3476.958681] attempt to access beyond end of device [ 3476.970934] loop3: rw=4096, want=136, limit=32 [ 3476.988941] gfs2: error 10 reading superblock 05:27:40 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [], [], [0x2]}, 0x45c) [ 3477.005801] gfs2: fsid=_h: can't read superblock [ 3477.029388] gfs2: fsid=_h: can't read superblock: -5 05:27:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4), 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:40 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd57}, 0x28) 05:27:40 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x16) 05:27:40 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], [], [0x2]}, 0x45c) 05:27:40 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd58}, 0x28) [ 3477.336597] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3477.399465] gfs2: fsid=_h: Now mounting FS... [ 3477.458567] attempt to access beyond end of device [ 3477.504619] loop3: rw=4096, want=136, limit=32 [ 3477.515266] gfs2: error 10 reading superblock [ 3477.535834] gfs2: fsid=_h: can't read superblock [ 3477.555709] gfs2: fsid=_h: can't read superblock: -5 [ 3477.637301] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3477.646979] CPU: 0 PID: 14831 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3477.654191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3477.663548] Call Trace: [ 3477.666146] dump_stack+0x1db/0x2d0 [ 3477.669770] ? dump_stack_print_info.cold+0x20/0x20 [ 3477.674790] dump_header+0x1e6/0x116c [ 3477.678591] ? add_lock_to_list.isra.0+0x450/0x450 [ 3477.683520] ? print_usage_bug+0xd0/0xd0 [ 3477.687578] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3477.692589] ? ___ratelimit+0x37c/0x686 [ 3477.696595] ? mark_held_locks+0xb1/0x100 [ 3477.700749] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3477.705861] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3477.710960] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3477.715556] ? trace_hardirqs_on+0xbd/0x310 [ 3477.719871] ? kasan_check_read+0x11/0x20 [ 3477.724046] ? ___ratelimit+0x37c/0x686 [ 3477.728075] ? trace_hardirqs_off_caller+0x300/0x300 [ 3477.733215] ? do_raw_spin_trylock+0x270/0x270 [ 3477.737804] ? trace_hardirqs_on_caller+0x310/0x310 [ 3477.742839] ? lock_acquire+0x1db/0x570 [ 3477.746825] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3477.751937] ? ___ratelimit+0xac/0x686 [ 3477.755842] ? idr_get_free+0xee0/0xee0 [ 3477.759835] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3477.764452] oom_kill_process.cold+0x10/0x9d4 [ 3477.768969] ? cgroup_procs_next+0x70/0x70 [ 3477.773243] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3477.777733] ? oom_badness+0xa50/0xa50 [ 3477.781622] ? oom_evaluate_task+0x540/0x540 [ 3477.786037] ? mem_cgroup_iter_break+0x30/0x30 [ 3477.790611] ? mutex_trylock+0x2d0/0x2d0 [ 3477.794678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3477.800234] ? rcu_read_unlock_special+0x380/0x380 [ 3477.805169] out_of_memory+0x885/0x1420 [ 3477.809141] ? mem_cgroup_iter+0x508/0xf30 [ 3477.813374] ? oom_killer_disable+0x340/0x340 [ 3477.817880] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3477.823041] ? lock_acquire+0x1db/0x570 [ 3477.827052] mem_cgroup_out_of_memory+0x160/0x210 [ 3477.831905] ? do_raw_spin_unlock+0xa0/0x330 [ 3477.836322] ? memcg_memory_event+0x40/0x40 [ 3477.840732] ? do_raw_spin_trylock+0x270/0x270 [ 3477.845321] ? _raw_spin_unlock+0x2d/0x50 [ 3477.849465] try_charge+0x12a9/0x19b0 [ 3477.853261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3477.858800] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3477.863640] ? rcu_read_unlock_special+0x380/0x380 [ 3477.868635] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3477.873525] ? get_mem_cgroup_from_page+0x190/0x190 [ 3477.878543] ? rcu_read_lock_sched_held+0x110/0x130 [ 3477.883573] mem_cgroup_try_charge+0x43a/0xdb0 [ 3477.888184] ? mem_cgroup_protected+0xa10/0xa10 [ 3477.892878] ? mark_held_locks+0x100/0x100 [ 3477.897113] ? pmd_val+0x85/0x100 [ 3477.900671] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3477.906204] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3477.911740] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3477.916669] __handle_mm_fault+0x2594/0x55a0 [ 3477.921082] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3477.925920] ? check_preemption_disabled+0x48/0x290 [ 3477.930940] ? handle_mm_fault+0x3cc/0xc80 [ 3477.935183] ? lock_downgrade+0x910/0x910 [ 3477.939327] ? kasan_check_read+0x11/0x20 [ 3477.943479] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3477.948765] ? rcu_read_unlock_special+0x380/0x380 [ 3477.953688] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3477.959223] ? check_preemption_disabled+0x48/0x290 [ 3477.964238] handle_mm_fault+0x4ec/0xc80 [ 3477.968304] ? __handle_mm_fault+0x55a0/0x55a0 [ 3477.972880] ? __get_user_pages+0x175f/0x1e10 [ 3477.977373] __get_user_pages+0x8f7/0x1e10 [ 3477.981624] ? follow_page_mask+0x1f40/0x1f40 [ 3477.986130] ? lock_acquire+0x1db/0x570 [ 3477.990103] ? ___might_sleep+0x1e7/0x310 [ 3477.994262] ? lock_release+0xc40/0xc40 [ 3477.998242] ? find_held_lock+0x35/0x120 [ 3478.002307] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3478.006380] populate_vma_page_range+0x2bc/0x3b0 [ 3478.011135] ? memset+0x32/0x40 [ 3478.014410] ? follow_page+0x430/0x430 [ 3478.018293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3478.023823] ? vmacache_update+0x114/0x140 [ 3478.028060] __mm_populate+0x27e/0x4c0 [ 3478.031949] ? populate_vma_page_range+0x3b0/0x3b0 [ 3478.036875] ? down_read_killable+0x150/0x150 [ 3478.041367] ? security_mmap_file+0x1a7/0x1e0 [ 3478.045861] vm_mmap_pgoff+0x277/0x2b0 [ 3478.049762] ? vma_is_stack_for_current+0xd0/0xd0 [ 3478.054624] ? kasan_check_read+0x11/0x20 [ 3478.058767] ? _copy_to_user+0xc9/0x120 [ 3478.062785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3478.068334] ksys_mmap_pgoff+0x102/0x650 [ 3478.072401] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3478.077154] ? trace_hardirqs_on+0xbd/0x310 [ 3478.081511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3478.087050] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3478.092468] ? trace_hardirqs_off_caller+0x300/0x300 [ 3478.097584] __x64_sys_mmap+0xe9/0x1b0 [ 3478.101475] do_syscall_64+0x1a3/0x800 [ 3478.105361] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3478.110287] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3478.115302] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3478.120161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3478.125360] RIP: 0033:0x457ec9 [ 3478.128547] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3478.147439] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3478.155142] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3478.162404] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3478.169667] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3478.176936] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3478.184205] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3478.193978] memory: usage 307200kB, limit 307200kB, failcnt 59769 [ 3478.200340] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3478.207106] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3478.213325] Memory cgroup stats for /syz1: cache:28KB rss:269604KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220980KB active_anon:4120KB inactive_file:0KB active_file:0KB unevictable:44544KB [ 3478.234857] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14363,uid=0 [ 3478.249443] Memory cgroup out of memory: Kill process 14363 (syz-executor1) score 1145 or sacrifice child [ 3478.259270] Killed process 14363 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3478.280658] oom_reaper: reaped process 14363 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:41 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [], [], [0x2]}, 0x45c) 05:27:41 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd59}, 0x28) 05:27:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4), 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:41 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc52a}, 0x0) 05:27:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [], [], [0x2]}, 0x45c) [ 3478.475489] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3478.537110] gfs2: fsid=_h: Now mounting FS... 05:27:41 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd5a}, 0x28) [ 3478.563584] attempt to access beyond end of device [ 3478.590916] loop3: rw=4096, want=136, limit=36 [ 3478.618963] gfs2: error 10 reading superblock 05:27:42 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x17) [ 3478.641198] gfs2: fsid=_h: can't read superblock [ 3478.674092] gfs2: fsid=_h: can't read superblock: -5 05:27:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4), 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:42 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48], [], [], [0x2]}, 0x45c) 05:27:42 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd5b}, 0x28) 05:27:42 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c], [], [], [0x2]}, 0x45c) [ 3478.910324] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3478.931695] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3478.957370] gfs2: fsid=_h: Now mounting FS... [ 3478.978239] attempt to access beyond end of device [ 3478.985663] CPU: 0 PID: 14870 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3478.992874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3479.002235] Call Trace: [ 3479.004837] dump_stack+0x1db/0x2d0 [ 3479.008485] ? dump_stack_print_info.cold+0x20/0x20 [ 3479.013526] dump_header+0x1e6/0x116c [ 3479.017344] ? add_lock_to_list.isra.0+0x450/0x450 [ 3479.022293] ? print_usage_bug+0xd0/0xd0 [ 3479.026369] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3479.031317] ? ___ratelimit+0x37c/0x686 [ 3479.035416] ? mark_held_locks+0xb1/0x100 [ 3479.039581] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3479.044700] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3479.049815] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3479.054408] ? trace_hardirqs_on+0xbd/0x310 [ 3479.058751] ? kasan_check_read+0x11/0x20 [ 3479.062911] ? ___ratelimit+0x37c/0x686 [ 3479.066894] ? trace_hardirqs_off_caller+0x300/0x300 [ 3479.072027] ? do_raw_spin_trylock+0x270/0x270 [ 3479.076623] ? trace_hardirqs_on_caller+0x310/0x310 [ 3479.081663] ? lock_acquire+0x1db/0x570 [ 3479.085783] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3479.090900] ? ___ratelimit+0xac/0x686 [ 3479.094843] ? idr_get_free+0xee0/0xee0 [ 3479.098833] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3479.103439] oom_kill_process.cold+0x10/0x9d4 [ 3479.108019] ? cgroup_procs_next+0x70/0x70 [ 3479.112277] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3479.116782] ? oom_badness+0xa50/0xa50 [ 3479.120688] ? oom_evaluate_task+0x540/0x540 [ 3479.125109] ? mem_cgroup_iter_break+0x30/0x30 [ 3479.129702] ? mutex_trylock+0x2d0/0x2d0 [ 3479.133772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3479.139345] ? rcu_read_unlock_special+0x380/0x380 [ 3479.144294] out_of_memory+0x885/0x1420 [ 3479.148286] ? mem_cgroup_iter+0x508/0xf30 [ 3479.152538] ? oom_killer_disable+0x340/0x340 [ 3479.157060] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3479.162181] ? lock_acquire+0x1db/0x570 [ 3479.166226] mem_cgroup_out_of_memory+0x160/0x210 [ 3479.171081] ? do_raw_spin_unlock+0xa0/0x330 [ 3479.175500] ? memcg_memory_event+0x40/0x40 [ 3479.179835] ? do_raw_spin_trylock+0x270/0x270 [ 3479.184443] ? _raw_spin_unlock+0x2d/0x50 [ 3479.188613] try_charge+0x12a9/0x19b0 [ 3479.192516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3479.198075] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3479.202933] ? rcu_read_unlock_special+0x380/0x380 [ 3479.207883] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3479.212736] ? get_mem_cgroup_from_page+0x190/0x190 [ 3479.217768] ? rcu_read_lock_sched_held+0x110/0x130 [ 3479.222802] mem_cgroup_try_charge+0x43a/0xdb0 [ 3479.227458] ? mem_cgroup_protected+0xa10/0xa10 [ 3479.232195] ? mark_held_locks+0x100/0x100 [ 3479.236443] ? pmd_val+0x85/0x100 [ 3479.239907] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3479.245451] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3479.251029] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3479.255981] __handle_mm_fault+0x2594/0x55a0 [ 3479.260436] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3479.265294] ? check_preemption_disabled+0x48/0x290 [ 3479.270327] ? handle_mm_fault+0x3cc/0xc80 [ 3479.274592] ? lock_downgrade+0x910/0x910 [ 3479.278755] ? kasan_check_read+0x11/0x20 [ 3479.282920] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3479.288213] ? rcu_read_unlock_special+0x380/0x380 [ 3479.293155] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3479.298709] ? check_preemption_disabled+0x48/0x290 [ 3479.303744] handle_mm_fault+0x4ec/0xc80 [ 3479.307821] ? __handle_mm_fault+0x55a0/0x55a0 [ 3479.312415] ? follow_page_mask+0x1a1/0x1f40 [ 3479.316841] __get_user_pages+0x8f7/0x1e10 [ 3479.321102] ? follow_page_mask+0x1f40/0x1f40 [ 3479.325619] ? lock_acquire+0x1db/0x570 [ 3479.329608] ? ___might_sleep+0x1e7/0x310 [ 3479.333774] ? lock_release+0xc40/0xc40 [ 3479.337759] ? find_held_lock+0x35/0x120 [ 3479.341835] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3479.345917] populate_vma_page_range+0x2bc/0x3b0 [ 3479.350737] ? memset+0x32/0x40 [ 3479.354046] ? follow_page+0x430/0x430 [ 3479.357942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3479.363491] ? vmacache_update+0x114/0x140 [ 3479.367745] __mm_populate+0x27e/0x4c0 [ 3479.371654] ? populate_vma_page_range+0x3b0/0x3b0 [ 3479.376594] ? down_read_killable+0x150/0x150 [ 3479.381108] ? security_mmap_file+0x1a7/0x1e0 [ 3479.385627] vm_mmap_pgoff+0x277/0x2b0 [ 3479.389536] ? vma_is_stack_for_current+0xd0/0xd0 [ 3479.394388] ? kasan_check_read+0x11/0x20 [ 3479.398551] ? _copy_to_user+0xc9/0x120 [ 3479.402542] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3479.408095] ksys_mmap_pgoff+0x102/0x650 [ 3479.412178] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3479.416946] ? trace_hardirqs_on+0xbd/0x310 [ 3479.421322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3479.426873] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3479.432251] ? trace_hardirqs_off_caller+0x300/0x300 [ 3479.437372] __x64_sys_mmap+0xe9/0x1b0 [ 3479.441280] do_syscall_64+0x1a3/0x800 [ 3479.445183] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3479.450129] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3479.455209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3479.460078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3479.465275] RIP: 0033:0x457ec9 [ 3479.468476] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3479.487394] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3479.495116] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3479.502399] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3479.509679] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3479.516958] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3479.524257] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3479.539383] loop3: rw=4096, want=136, limit=36 [ 3479.553020] gfs2: error 10 reading superblock [ 3479.576204] gfs2: fsid=_h: can't read superblock [ 3479.588890] gfs2: fsid=_h: can't read superblock: -5 [ 3479.727718] memory: usage 307184kB, limit 307200kB, failcnt 59836 [ 3479.747680] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3479.760530] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3479.770200] Memory cgroup stats for /syz1: cache:28KB rss:269492KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218932KB active_anon:4120KB inactive_file:0KB active_file:0KB unevictable:46532KB [ 3479.799694] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14415,uid=0 05:27:43 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x4c00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:43 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000}, 0x0) 05:27:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [], [], [0x2]}, 0x45c) 05:27:43 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(0x0, 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:43 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd5c}, 0x28) [ 3479.821400] Memory cgroup out of memory: Kill process 14415 (syz-executor1) score 1145 or sacrifice child [ 3479.854660] Killed process 14415 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c], [], [], [0x2]}, 0x45c) [ 3479.934730] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:43 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd5d}, 0x28) [ 3479.982312] gfs2: fsid=_h: Now mounting FS... [ 3480.008891] attempt to access beyond end of device [ 3480.029466] loop3: rw=4096, want=136, limit=38 [ 3480.055299] gfs2: error 10 reading superblock [ 3480.079569] gfs2: fsid=_h: can't read superblock [ 3480.103232] gfs2: fsid=_h: can't read superblock: -5 [ 3480.264482] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3480.277428] CPU: 1 PID: 14912 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3480.284644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3480.294025] Call Trace: [ 3480.296633] dump_stack+0x1db/0x2d0 [ 3480.300277] ? dump_stack_print_info.cold+0x20/0x20 [ 3480.305318] dump_header+0x1e6/0x116c [ 3480.309140] ? add_lock_to_list.isra.0+0x450/0x450 [ 3480.314084] ? print_usage_bug+0xd0/0xd0 [ 3480.318164] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3480.323108] ? ___ratelimit+0x37c/0x686 [ 3480.327101] ? mark_held_locks+0xb1/0x100 [ 3480.331266] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3480.336388] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3480.341511] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3480.346107] ? trace_hardirqs_on+0xbd/0x310 [ 3480.350439] ? kasan_check_read+0x11/0x20 [ 3480.354597] ? ___ratelimit+0x37c/0x686 [ 3480.358586] ? trace_hardirqs_off_caller+0x300/0x300 [ 3480.363703] ? do_raw_spin_trylock+0x270/0x270 [ 3480.368296] ? trace_hardirqs_on_caller+0x310/0x310 [ 3480.373321] ? lock_acquire+0x1db/0x570 [ 3480.377316] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3480.382434] ? ___ratelimit+0xac/0x686 [ 3480.386337] ? idr_get_free+0xee0/0xee0 [ 3480.390328] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3480.394935] oom_kill_process.cold+0x10/0x9d4 [ 3480.399449] ? cgroup_procs_next+0x70/0x70 [ 3480.403700] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3480.408208] ? oom_badness+0xa50/0xa50 [ 3480.412111] ? oom_evaluate_task+0x540/0x540 [ 3480.416537] ? mem_cgroup_iter_break+0x30/0x30 [ 3480.421133] ? mutex_trylock+0x2d0/0x2d0 [ 3480.425209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3480.430774] ? rcu_read_unlock_special+0x380/0x380 [ 3480.435724] out_of_memory+0x885/0x1420 [ 3480.439719] ? mem_cgroup_iter+0x508/0xf30 [ 3480.443975] ? oom_killer_disable+0x340/0x340 [ 3480.448564] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3480.453680] ? lock_acquire+0x1db/0x570 [ 3480.457680] mem_cgroup_out_of_memory+0x160/0x210 [ 3480.462535] ? do_raw_spin_unlock+0xa0/0x330 [ 3480.466957] ? memcg_memory_event+0x40/0x40 [ 3480.471306] ? do_raw_spin_trylock+0x270/0x270 [ 3480.475909] ? _raw_spin_unlock+0x2d/0x50 [ 3480.480074] try_charge+0x12a9/0x19b0 [ 3480.483886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3480.489446] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3480.494303] ? rcu_read_unlock_special+0x380/0x380 [ 3480.499257] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3480.504113] ? get_mem_cgroup_from_page+0x190/0x190 [ 3480.509150] ? rcu_read_lock_sched_held+0x110/0x130 [ 3480.514184] mem_cgroup_try_charge+0x43a/0xdb0 [ 3480.518787] ? mem_cgroup_protected+0xa10/0xa10 [ 3480.523478] ? mark_held_locks+0x100/0x100 [ 3480.527729] ? pmd_val+0x85/0x100 [ 3480.531195] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3480.536746] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3480.542301] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3480.547250] __handle_mm_fault+0x2594/0x55a0 [ 3480.551682] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3480.556541] ? check_preemption_disabled+0x48/0x290 [ 3480.561572] ? handle_mm_fault+0x3cc/0xc80 [ 3480.565838] ? lock_downgrade+0x910/0x910 [ 3480.570017] ? kasan_check_read+0x11/0x20 [ 3480.574184] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3480.579473] ? rcu_read_unlock_special+0x380/0x380 [ 3480.584419] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3480.589971] ? check_preemption_disabled+0x48/0x290 [ 3480.595041] handle_mm_fault+0x4ec/0xc80 [ 3480.599124] ? __handle_mm_fault+0x55a0/0x55a0 [ 3480.603718] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3480.608753] __get_user_pages+0x8f7/0x1e10 [ 3480.613028] ? follow_page_mask+0x1f40/0x1f40 [ 3480.617541] ? trace_hardirqs_on+0xbd/0x310 [ 3480.621877] ? lock_acquire+0x1db/0x570 [ 3480.625868] ? ___might_sleep+0x1e7/0x310 [ 3480.630045] ? lock_release+0xc40/0xc40 [ 3480.634046] ? rwsem_wake+0x2fd/0x4a0 [ 3480.637858] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3480.641938] populate_vma_page_range+0x2bc/0x3b0 [ 3480.646704] ? memset+0x32/0x40 [ 3480.650012] ? follow_page+0x430/0x430 [ 3480.653912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3480.659460] ? vmacache_update+0x114/0x140 [ 3480.663714] __mm_populate+0x27e/0x4c0 [ 3480.667625] ? populate_vma_page_range+0x3b0/0x3b0 [ 3480.672566] ? down_read_killable+0x150/0x150 [ 3480.677076] ? security_mmap_file+0x1a7/0x1e0 [ 3480.681590] vm_mmap_pgoff+0x277/0x2b0 [ 3480.685495] ? vma_is_stack_for_current+0xd0/0xd0 [ 3480.690361] ? check_preemption_disabled+0x48/0x290 [ 3480.695393] ksys_mmap_pgoff+0x102/0x650 [ 3480.699471] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3480.704247] ? trace_hardirqs_on+0xbd/0x310 [ 3480.708580] ? __do_page_fault+0x3f1/0xd60 [ 3480.712831] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3480.718209] ? trace_hardirqs_off_caller+0x300/0x300 [ 3480.723327] __x64_sys_mmap+0xe9/0x1b0 [ 3480.727233] do_syscall_64+0x1a3/0x800 [ 3480.731136] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3480.736079] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3480.741113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3480.745977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3480.751203] RIP: 0033:0x457ec9 [ 3480.754405] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3480.773479] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3480.781206] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3480.788533] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3480.795810] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3480.803086] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3480.810363] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3480.826525] memory: usage 307200kB, limit 307200kB, failcnt 59889 [ 3480.833476] net_ratelimit: 22 callbacks suppressed [ 3480.833484] protocol 88fb is buggy, dev hsr_slave_0 [ 3480.833554] protocol 88fb is buggy, dev hsr_slave_1 [ 3480.833695] protocol 88fb is buggy, dev hsr_slave_0 [ 3480.833753] protocol 88fb is buggy, dev hsr_slave_1 [ 3480.887414] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3480.894199] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3480.900431] Memory cgroup stats for /syz1: cache:28KB rss:269440KB rss_huge:204800KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218932KB active_anon:4124KB inactive_file:0KB active_file:0KB unevictable:46456KB [ 3480.921981] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14443,uid=0 [ 3480.922057] Memory cgroup out of memory: Kill process 14443 (syz-executor1) score 1145 or sacrifice child [ 3480.922133] Killed process 14443 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:44 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x18) 05:27:44 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74], [], [], [0x2]}, 0x45c) 05:27:44 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd5e}, 0x28) 05:27:44 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(0x0, 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:44 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00}, 0x0) 05:27:44 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x5603, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) [ 3481.106687] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3481.134388] gfs2: fsid=_h: Now mounting FS... 05:27:44 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], [], [], [0x2]}, 0x45c) 05:27:44 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd5f}, 0x28) [ 3481.152951] attempt to access beyond end of device [ 3481.161460] loop3: rw=4096, want=136, limit=43 [ 3481.179143] gfs2: error 10 reading superblock [ 3481.187117] gfs2: fsid=_h: can't read superblock [ 3481.194801] gfs2: fsid=_h: can't read superblock: -5 05:27:44 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd60}, 0x28) [ 3481.349094] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3481.363621] gfs2: fsid=_h: Now mounting FS... [ 3481.379810] attempt to access beyond end of device [ 3481.417343] protocol 88fb is buggy, dev hsr_slave_0 [ 3481.421415] loop3: rw=4096, want=136, limit=43 [ 3481.422496] protocol 88fb is buggy, dev hsr_slave_1 [ 3481.429559] gfs2: error 10 reading superblock [ 3481.432235] protocol 88fb is buggy, dev hsr_slave_0 [ 3481.441769] protocol 88fb is buggy, dev hsr_slave_1 [ 3481.443118] gfs2: fsid=_h: can't read superblock [ 3481.446905] protocol 88fb is buggy, dev hsr_slave_0 [ 3481.456729] protocol 88fb is buggy, dev hsr_slave_1 05:27:44 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300], [], [], [0x2]}, 0x45c) 05:27:44 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(0x0, 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3481.489358] gfs2: fsid=_h: can't read superblock: -5 05:27:44 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500], [], [], [0x2]}, 0x45c) [ 3481.625116] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3481.666773] CPU: 1 PID: 14940 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3481.674120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3481.683496] Call Trace: [ 3481.686122] dump_stack+0x1db/0x2d0 [ 3481.689786] ? dump_stack_print_info.cold+0x20/0x20 [ 3481.694846] dump_header+0x1e6/0x116c [ 3481.698676] ? add_lock_to_list.isra.0+0x450/0x450 [ 3481.703636] ? print_usage_bug+0xd0/0xd0 [ 3481.707729] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3481.712687] ? ___ratelimit+0x37c/0x686 [ 3481.716694] ? mark_held_locks+0xb1/0x100 [ 3481.720875] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3481.726020] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3481.726038] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3481.726055] ? trace_hardirqs_on+0xbd/0x310 [ 3481.726070] ? kasan_check_read+0x11/0x20 [ 3481.726088] ? ___ratelimit+0x37c/0x686 [ 3481.748234] ? trace_hardirqs_off_caller+0x300/0x300 [ 3481.753364] ? do_raw_spin_trylock+0x270/0x270 [ 3481.757969] ? trace_hardirqs_on_caller+0x310/0x310 [ 3481.763041] ? lock_acquire+0x1db/0x570 [ 3481.767060] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3481.772190] ? ___ratelimit+0xac/0x686 [ 3481.776099] ? idr_get_free+0xee0/0xee0 [ 3481.780091] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3481.784694] oom_kill_process.cold+0x10/0x9d4 [ 3481.789211] ? cgroup_procs_next+0x70/0x70 [ 3481.793482] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3481.798048] ? oom_badness+0xa50/0xa50 [ 3481.801954] ? oom_evaluate_task+0x540/0x540 [ 3481.806379] ? mem_cgroup_iter_break+0x30/0x30 [ 3481.810977] ? mutex_trylock+0x2d0/0x2d0 [ 3481.815076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3481.820818] ? rcu_read_unlock_special+0x380/0x380 [ 3481.825772] out_of_memory+0x885/0x1420 [ 3481.829763] ? mem_cgroup_iter+0x508/0xf30 [ 3481.834039] ? oom_killer_disable+0x340/0x340 [ 3481.838643] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3481.843765] ? lock_acquire+0x1db/0x570 [ 3481.847768] mem_cgroup_out_of_memory+0x160/0x210 [ 3481.852629] ? do_raw_spin_unlock+0xa0/0x330 [ 3481.857056] ? memcg_memory_event+0x40/0x40 [ 3481.861389] ? do_raw_spin_trylock+0x270/0x270 [ 3481.866012] ? _raw_spin_unlock+0x2d/0x50 [ 3481.870179] try_charge+0x12a9/0x19b0 [ 3481.874011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3481.879573] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3481.884434] ? rcu_read_unlock_special+0x380/0x380 [ 3481.889387] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3481.894246] ? get_mem_cgroup_from_page+0x190/0x190 [ 3481.899795] ? rcu_read_lock_sched_held+0x110/0x130 [ 3481.904834] mem_cgroup_try_charge+0x43a/0xdb0 [ 3481.909440] ? mem_cgroup_protected+0xa10/0xa10 [ 3481.914135] ? mark_held_locks+0x100/0x100 [ 3481.918387] ? pmd_val+0x85/0x100 [ 3481.921854] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3481.927447] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3481.933027] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3481.937976] __handle_mm_fault+0x2594/0x55a0 [ 3481.942423] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3481.947292] ? check_preemption_disabled+0x48/0x290 [ 3481.952323] ? handle_mm_fault+0x3cc/0xc80 [ 3481.956588] ? lock_downgrade+0x910/0x910 [ 3481.960751] ? kasan_check_read+0x11/0x20 [ 3481.964915] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3481.970208] ? rcu_read_unlock_special+0x380/0x380 [ 3481.975152] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3481.980706] ? check_preemption_disabled+0x48/0x290 [ 3481.985746] handle_mm_fault+0x4ec/0xc80 [ 3481.989824] ? __handle_mm_fault+0x55a0/0x55a0 [ 3481.994419] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3481.999451] __get_user_pages+0x8f7/0x1e10 [ 3482.003712] ? follow_page_mask+0x1f40/0x1f40 [ 3482.008229] ? lock_acquire+0x1db/0x570 [ 3482.013064] ? ___might_sleep+0x1e7/0x310 [ 3482.017232] ? lock_release+0xc40/0xc40 [ 3482.021265] ? find_held_lock+0x35/0x120 [ 3482.025388] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3482.029476] populate_vma_page_range+0x2bc/0x3b0 [ 3482.034252] ? memset+0x32/0x40 [ 3482.037546] ? follow_page+0x430/0x430 [ 3482.042102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.047654] ? vmacache_update+0x114/0x140 [ 3482.051910] __mm_populate+0x27e/0x4c0 [ 3482.055815] ? populate_vma_page_range+0x3b0/0x3b0 [ 3482.060754] ? down_read_killable+0x150/0x150 [ 3482.065263] ? security_mmap_file+0x1a7/0x1e0 [ 3482.069778] vm_mmap_pgoff+0x277/0x2b0 [ 3482.073683] ? vma_is_stack_for_current+0xd0/0xd0 [ 3482.078545] ? kasan_check_read+0x11/0x20 [ 3482.082707] ? _copy_to_user+0xc9/0x120 [ 3482.086694] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3482.092252] ksys_mmap_pgoff+0x102/0x650 [ 3482.096335] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3482.101105] ? trace_hardirqs_on+0xbd/0x310 [ 3482.105489] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.111055] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3482.116431] ? trace_hardirqs_off_caller+0x300/0x300 [ 3482.121549] __x64_sys_mmap+0xe9/0x1b0 [ 3482.125454] do_syscall_64+0x1a3/0x800 [ 3482.129402] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3482.134348] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3482.139387] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3482.144255] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3482.149452] RIP: 0033:0x457ec9 [ 3482.152661] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3482.171577] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3482.179298] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3482.186576] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3482.193853] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3482.201134] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3482.208416] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3482.313358] memory: usage 307200kB, limit 307200kB, failcnt 59922 [ 3482.331762] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3482.345686] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3482.365337] Memory cgroup stats for /syz1: cache:28KB rss:273704KB rss_huge:204800KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218932KB active_anon:4140KB inactive_file:0KB active_file:0KB unevictable:50760KB [ 3482.429247] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14490,uid=0 [ 3482.445107] Memory cgroup out of memory: Kill process 14490 (syz-executor1) score 1145 or sacrifice child [ 3482.455157] Killed process 14490 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3482.538522] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3482.548317] CPU: 0 PID: 14943 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3482.555499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3482.564904] Call Trace: [ 3482.567496] dump_stack+0x1db/0x2d0 [ 3482.571122] ? dump_stack_print_info.cold+0x20/0x20 [ 3482.576140] dump_header+0x1e6/0x116c [ 3482.579948] ? add_lock_to_list.isra.0+0x450/0x450 [ 3482.584883] ? print_usage_bug+0xd0/0xd0 [ 3482.588942] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3482.593909] ? ___ratelimit+0x37c/0x686 [ 3482.597897] ? mark_held_locks+0xb1/0x100 [ 3482.602070] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3482.607246] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3482.612359] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3482.616982] ? trace_hardirqs_on+0xbd/0x310 [ 3482.621330] ? kasan_check_read+0x11/0x20 [ 3482.625483] ? ___ratelimit+0x37c/0x686 [ 3482.629454] ? trace_hardirqs_off_caller+0x300/0x300 [ 3482.634554] ? do_raw_spin_trylock+0x270/0x270 [ 3482.639148] ? trace_hardirqs_on_caller+0x310/0x310 [ 3482.644167] ? lock_acquire+0x1db/0x570 [ 3482.648140] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3482.653239] ? ___ratelimit+0xac/0x686 [ 3482.657120] ? idr_get_free+0xee0/0xee0 [ 3482.661097] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3482.665714] oom_kill_process.cold+0x10/0x9d4 [ 3482.670202] ? cgroup_procs_next+0x70/0x70 [ 3482.674426] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3482.678925] ? oom_badness+0xa50/0xa50 [ 3482.682841] ? oom_evaluate_task+0x540/0x540 [ 3482.687270] ? mem_cgroup_iter_break+0x30/0x30 [ 3482.691841] ? mutex_trylock+0x2d0/0x2d0 [ 3482.695889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.701437] ? rcu_read_unlock_special+0x380/0x380 [ 3482.706367] out_of_memory+0x885/0x1420 [ 3482.710331] ? mem_cgroup_iter+0x508/0xf30 [ 3482.714557] ? oom_killer_disable+0x340/0x340 [ 3482.719056] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3482.724159] ? lock_acquire+0x1db/0x570 [ 3482.728130] mem_cgroup_out_of_memory+0x160/0x210 [ 3482.732960] ? do_raw_spin_unlock+0xa0/0x330 [ 3482.737371] ? memcg_memory_event+0x40/0x40 [ 3482.741725] ? do_raw_spin_trylock+0x270/0x270 [ 3482.746314] ? _raw_spin_unlock+0x2d/0x50 [ 3482.750463] try_charge+0x12a9/0x19b0 [ 3482.754259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.759801] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3482.764641] ? rcu_read_unlock_special+0x380/0x380 [ 3482.769563] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3482.774395] ? get_mem_cgroup_from_page+0x190/0x190 [ 3482.779428] ? rcu_read_lock_sched_held+0x110/0x130 [ 3482.784953] mem_cgroup_try_charge+0x43a/0xdb0 [ 3482.789527] ? mem_cgroup_protected+0xa10/0xa10 [ 3482.794190] ? mark_held_locks+0x100/0x100 [ 3482.798422] ? pmd_val+0x85/0x100 [ 3482.801898] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3482.807432] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3482.812959] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3482.817890] __handle_mm_fault+0x2594/0x55a0 [ 3482.822318] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3482.827170] ? check_preemption_disabled+0x48/0x290 [ 3482.832190] ? handle_mm_fault+0x3cc/0xc80 [ 3482.836426] ? lock_downgrade+0x910/0x910 [ 3482.840570] ? kasan_check_read+0x11/0x20 [ 3482.844721] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3482.849987] ? rcu_read_unlock_special+0x380/0x380 [ 3482.854938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3482.860506] ? check_preemption_disabled+0x48/0x290 [ 3482.865525] handle_mm_fault+0x4ec/0xc80 [ 3482.869577] ? __handle_mm_fault+0x55a0/0x55a0 [ 3482.874148] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3482.879166] __get_user_pages+0x8f7/0x1e10 [ 3482.883422] ? follow_page_mask+0x1f40/0x1f40 [ 3482.887919] ? lock_acquire+0x1db/0x570 [ 3482.891884] ? ___might_sleep+0x1e7/0x310 [ 3482.896028] ? lock_release+0xc40/0xc40 [ 3482.900014] ? find_held_lock+0x35/0x120 [ 3482.904077] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3482.908131] populate_vma_page_range+0x2bc/0x3b0 [ 3482.912898] ? memset+0x32/0x40 [ 3482.916167] ? follow_page+0x430/0x430 [ 3482.920057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.925593] ? vmacache_update+0x114/0x140 [ 3482.929820] __mm_populate+0x27e/0x4c0 [ 3482.933699] ? populate_vma_page_range+0x3b0/0x3b0 [ 3482.938628] ? down_read_killable+0x150/0x150 [ 3482.943134] ? security_mmap_file+0x1a7/0x1e0 [ 3482.947635] vm_mmap_pgoff+0x277/0x2b0 [ 3482.951527] ? vma_is_stack_for_current+0xd0/0xd0 [ 3482.956373] ? kasan_check_read+0x11/0x20 [ 3482.960517] ? _copy_to_user+0xc9/0x120 [ 3482.964492] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3482.970031] ksys_mmap_pgoff+0x102/0x650 [ 3482.974088] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3482.978855] ? trace_hardirqs_on+0xbd/0x310 [ 3482.983180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3482.988716] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3482.994066] ? trace_hardirqs_off_caller+0x300/0x300 [ 3482.999171] __x64_sys_mmap+0xe9/0x1b0 [ 3483.003080] do_syscall_64+0x1a3/0x800 [ 3483.006965] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3483.011892] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3483.016897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3483.021752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3483.026939] RIP: 0033:0x457ec9 [ 3483.030117] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3483.049019] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3483.056713] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3483.063980] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3483.071252] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3483.078522] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3483.085789] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3483.099310] memory: usage 307200kB, limit 307200kB, failcnt 59979 [ 3483.105554] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3483.112386] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3483.118750] Memory cgroup stats for /syz1: cache:28KB rss:273784KB rss_huge:210944KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218800KB active_anon:4120KB inactive_file:0KB active_file:0KB unevictable:50896KB [ 3483.140332] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14538,uid=0 [ 3483.154889] Memory cgroup out of memory: Kill process 14538 (syz-executor1) score 1145 or sacrifice child [ 3483.164693] Killed process 14538 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:46 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80}, 0x0) 05:27:46 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd61}, 0x28) 05:27:46 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x19) 05:27:46 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x6000, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:46 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600], [], [], [0x2]}, 0x45c) 05:27:46 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3483.186529] oom_reaper: reaped process 14538 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:46 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700], [], [], [0x2]}, 0x45c) 05:27:46 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd62}, 0x28) [ 3483.308135] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3483.344403] gfs2: fsid=_h: Now mounting FS... [ 3483.380082] attempt to access beyond end of device [ 3483.418843] loop3: rw=4096, want=136, limit=48 [ 3483.442233] gfs2: error 10 reading superblock [ 3483.446922] gfs2: fsid=_h: can't read superblock [ 3483.481148] gfs2: fsid=_h: can't read superblock: -5 05:27:46 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd63}, 0x28) 05:27:46 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:46 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00], [], [], [0x2]}, 0x45c) 05:27:47 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd64}, 0x28) [ 3483.701875] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3483.732352] gfs2: fsid=_h: Now mounting FS... [ 3483.750930] attempt to access beyond end of device [ 3483.766325] loop3: rw=4096, want=136, limit=48 [ 3483.782497] gfs2: error 10 reading superblock [ 3483.794114] gfs2: fsid=_h: can't read superblock [ 3483.803768] gfs2: fsid=_h: can't read superblock: -5 [ 3484.030869] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3484.046654] CPU: 0 PID: 15004 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3484.053867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3484.063221] Call Trace: [ 3484.065827] dump_stack+0x1db/0x2d0 [ 3484.069459] ? dump_stack_print_info.cold+0x20/0x20 [ 3484.074493] dump_header+0x1e6/0x116c [ 3484.078294] ? add_lock_to_list.isra.0+0x450/0x450 [ 3484.083247] ? print_usage_bug+0xd0/0xd0 [ 3484.087311] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3484.092239] ? ___ratelimit+0x37c/0x686 [ 3484.096203] ? mark_held_locks+0xb1/0x100 [ 3484.100350] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3484.105496] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3484.110586] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3484.115150] ? trace_hardirqs_on+0xbd/0x310 [ 3484.119465] ? kasan_check_read+0x11/0x20 [ 3484.123606] ? ___ratelimit+0x37c/0x686 [ 3484.127574] ? trace_hardirqs_off_caller+0x300/0x300 [ 3484.132682] ? do_raw_spin_trylock+0x270/0x270 [ 3484.137259] ? trace_hardirqs_on_caller+0x310/0x310 [ 3484.142292] ? lock_acquire+0x1db/0x570 [ 3484.146299] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3484.151410] ? ___ratelimit+0xac/0x686 [ 3484.155282] ? idr_get_free+0xee0/0xee0 [ 3484.159251] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3484.163832] oom_kill_process.cold+0x10/0x9d4 [ 3484.168326] ? cgroup_procs_next+0x70/0x70 [ 3484.172567] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3484.177068] ? oom_badness+0xa50/0xa50 [ 3484.180942] ? oom_evaluate_task+0x540/0x540 [ 3484.185354] ? mem_cgroup_iter_break+0x30/0x30 [ 3484.189945] ? mutex_trylock+0x2d0/0x2d0 [ 3484.194029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3484.199576] ? rcu_read_unlock_special+0x380/0x380 [ 3484.204499] out_of_memory+0x885/0x1420 [ 3484.208471] ? mem_cgroup_iter+0x508/0xf30 [ 3484.212704] ? oom_killer_disable+0x340/0x340 [ 3484.217185] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3484.222307] ? lock_acquire+0x1db/0x570 [ 3484.226311] mem_cgroup_out_of_memory+0x160/0x210 [ 3484.231135] ? do_raw_spin_unlock+0xa0/0x330 [ 3484.235543] ? memcg_memory_event+0x40/0x40 [ 3484.239878] ? do_raw_spin_trylock+0x270/0x270 [ 3484.244460] ? _raw_spin_unlock+0x2d/0x50 [ 3484.248622] try_charge+0x12a9/0x19b0 [ 3484.252431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3484.257973] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3484.262825] ? rcu_read_unlock_special+0x380/0x380 [ 3484.267760] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3484.272594] ? get_mem_cgroup_from_page+0x190/0x190 [ 3484.277628] ? rcu_read_lock_sched_held+0x110/0x130 [ 3484.282657] mem_cgroup_try_charge+0x43a/0xdb0 [ 3484.287242] ? mem_cgroup_protected+0xa10/0xa10 [ 3484.291917] ? mark_held_locks+0x100/0x100 [ 3484.296138] ? pmd_val+0x85/0x100 [ 3484.299585] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3484.305114] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3484.310644] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3484.315561] __handle_mm_fault+0x2594/0x55a0 [ 3484.319974] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3484.324814] ? check_preemption_disabled+0x48/0x290 [ 3484.329826] ? handle_mm_fault+0x3cc/0xc80 [ 3484.334064] ? lock_downgrade+0x910/0x910 [ 3484.338206] ? kasan_check_read+0x11/0x20 [ 3484.342361] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3484.347638] ? rcu_read_unlock_special+0x380/0x380 [ 3484.352563] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3484.358094] ? check_preemption_disabled+0x48/0x290 [ 3484.363110] handle_mm_fault+0x4ec/0xc80 [ 3484.367155] ? __handle_mm_fault+0x55a0/0x55a0 [ 3484.371721] ? __get_user_pages+0x991/0x1e10 [ 3484.376112] ? __get_user_pages+0x99f/0x1e10 [ 3484.380539] __get_user_pages+0x8f7/0x1e10 [ 3484.384775] ? follow_page_mask+0x1f40/0x1f40 [ 3484.389263] ? trace_hardirqs_on+0xbd/0x310 [ 3484.393581] ? lock_acquire+0x1db/0x570 [ 3484.397592] ? ___might_sleep+0x1e7/0x310 [ 3484.401735] ? lock_release+0xc40/0xc40 [ 3484.405693] ? rwsem_wake+0x2fd/0x4a0 [ 3484.409492] populate_vma_page_range+0x2bc/0x3b0 [ 3484.414241] ? memset+0x32/0x40 [ 3484.417536] ? follow_page+0x430/0x430 [ 3484.421416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3484.426936] ? vmacache_update+0x114/0x140 [ 3484.431160] __mm_populate+0x27e/0x4c0 [ 3484.435037] ? populate_vma_page_range+0x3b0/0x3b0 [ 3484.439960] ? down_read_killable+0x150/0x150 [ 3484.444480] ? security_mmap_file+0x1a7/0x1e0 [ 3484.449095] vm_mmap_pgoff+0x277/0x2b0 [ 3484.453031] ? vma_is_stack_for_current+0xd0/0xd0 [ 3484.457868] ? kasan_check_read+0x11/0x20 [ 3484.462014] ? _copy_to_user+0xc9/0x120 [ 3484.465971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3484.471499] ksys_mmap_pgoff+0x102/0x650 [ 3484.475550] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3484.480290] ? trace_hardirqs_on+0xbd/0x310 [ 3484.484591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3484.490137] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3484.495494] ? trace_hardirqs_off_caller+0x300/0x300 [ 3484.500588] __x64_sys_mmap+0xe9/0x1b0 [ 3484.504461] do_syscall_64+0x1a3/0x800 [ 3484.508371] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3484.513294] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 3484.518308] ? __switch_to_asm+0x34/0x70 [ 3484.522396] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3484.527244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3484.532432] RIP: 0033:0x457ec9 [ 3484.535610] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3484.554496] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3484.562192] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3484.569454] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3484.576716] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3484.583971] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3484.591233] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3484.606376] memory: usage 307200kB, limit 307200kB, failcnt 59988 05:27:48 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0}, 0x0) 05:27:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00], [], [], [0x2]}, 0x45c) [ 3484.636051] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3484.650593] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3484.693807] Memory cgroup stats for /syz1: cache:28KB rss:273636KB rss_huge:204800KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218676KB active_anon:4144KB inactive_file:0KB active_file:0KB unevictable:50844KB [ 3484.733138] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14614,uid=0 [ 3484.754689] Memory cgroup out of memory: Kill process 14614 (syz-executor1) score 1145 or sacrifice child [ 3484.764829] Killed process 14614 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3484.787190] oom_reaper: reaped process 14614 (syz-executor1), now anon-rss:0kB, file-rss:32640kB, shmem-rss:0kB 05:27:48 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x1a) 05:27:48 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd65}, 0x28) 05:27:48 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x6200, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800], [], [], [0x2]}, 0x45c) 05:27:48 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd66}, 0x28) 05:27:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00], [], [], [0x2]}, 0x45c) [ 3484.952972] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3485.008570] gfs2: fsid=_h: Now mounting FS... [ 3485.036238] attempt to access beyond end of device 05:27:48 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd67}, 0x28) [ 3485.079714] loop3: rw=4096, want=136, limit=49 [ 3485.104353] gfs2: error 10 reading superblock [ 3485.110773] gfs2: fsid=_h: can't read superblock [ 3485.115806] gfs2: fsid=_h: can't read superblock: -5 05:27:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800], [], [], [0x2]}, 0x45c) 05:27:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3485.382873] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3485.414203] gfs2: fsid=_h: Now mounting FS... [ 3485.442646] attempt to access beyond end of device [ 3485.471107] loop3: rw=4096, want=136, limit=49 [ 3485.486025] gfs2: error 10 reading superblock [ 3485.502641] gfs2: fsid=_h: can't read superblock [ 3485.523756] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3485.526957] gfs2: fsid=_h: can't read superblock: -5 [ 3485.533758] CPU: 1 PID: 15051 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3485.545796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3485.555153] Call Trace: [ 3485.557753] dump_stack+0x1db/0x2d0 [ 3485.561401] ? dump_stack_print_info.cold+0x20/0x20 [ 3485.566443] dump_header+0x1e6/0x116c [ 3485.570254] ? add_lock_to_list.isra.0+0x450/0x450 [ 3485.575196] ? print_usage_bug+0xd0/0xd0 [ 3485.579263] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3485.584201] ? ___ratelimit+0x37c/0x686 [ 3485.588183] ? mark_held_locks+0xb1/0x100 [ 3485.588202] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3485.588218] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3485.597445] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3485.597461] ? trace_hardirqs_on+0xbd/0x310 [ 3485.597475] ? kasan_check_read+0x11/0x20 [ 3485.597489] ? ___ratelimit+0x37c/0x686 [ 3485.597512] ? trace_hardirqs_off_caller+0x300/0x300 [ 3485.607171] ? do_raw_spin_trylock+0x270/0x270 [ 3485.615632] ? trace_hardirqs_on_caller+0x310/0x310 [ 3485.615644] ? lock_acquire+0x1db/0x570 [ 3485.615664] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3485.624715] ? ___ratelimit+0xac/0x686 [ 3485.624733] ? idr_get_free+0xee0/0xee0 [ 3485.624748] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3485.634338] oom_kill_process.cold+0x10/0x9d4 [ 3485.634356] ? cgroup_procs_next+0x70/0x70 [ 3485.634372] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3485.643437] ? oom_badness+0xa50/0xa50 [ 3485.643457] ? oom_evaluate_task+0x540/0x540 [ 3485.643473] ? mem_cgroup_iter_break+0x30/0x30 [ 3485.681938] ? mutex_trylock+0x2d0/0x2d0 [ 3485.686004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3485.691552] ? rcu_read_unlock_special+0x380/0x380 [ 3485.696537] out_of_memory+0x885/0x1420 [ 3485.700524] ? mem_cgroup_iter+0x508/0xf30 [ 3485.704764] ? oom_killer_disable+0x340/0x340 [ 3485.709264] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3485.714369] ? lock_acquire+0x1db/0x570 [ 3485.718353] mem_cgroup_out_of_memory+0x160/0x210 [ 3485.723196] ? do_raw_spin_unlock+0xa0/0x330 [ 3485.727615] ? memcg_memory_event+0x40/0x40 [ 3485.731955] ? do_raw_spin_trylock+0x270/0x270 [ 3485.736549] ? _raw_spin_unlock+0x2d/0x50 [ 3485.740698] try_charge+0x12a9/0x19b0 [ 3485.744517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3485.750070] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3485.754927] ? rcu_read_unlock_special+0x380/0x380 [ 3485.759880] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3485.764729] ? get_mem_cgroup_from_page+0x190/0x190 [ 3485.769768] ? rcu_read_lock_sched_held+0x110/0x130 [ 3485.774804] mem_cgroup_try_charge+0x43a/0xdb0 [ 3485.779393] ? mem_cgroup_protected+0xa10/0xa10 [ 3485.784072] ? mark_held_locks+0x100/0x100 [ 3485.788309] ? pmd_val+0x85/0x100 [ 3485.791762] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3485.797295] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3485.802839] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3485.807774] __handle_mm_fault+0x2594/0x55a0 [ 3485.812228] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3485.817083] ? check_preemption_disabled+0x48/0x290 [ 3485.822117] ? handle_mm_fault+0x3cc/0xc80 [ 3485.826366] ? lock_downgrade+0x910/0x910 [ 3485.830519] ? kasan_check_read+0x11/0x20 [ 3485.834664] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3485.839944] ? rcu_read_unlock_special+0x380/0x380 [ 3485.844871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3485.850408] ? check_preemption_disabled+0x48/0x290 [ 3485.855448] handle_mm_fault+0x4ec/0xc80 [ 3485.859522] ? __handle_mm_fault+0x55a0/0x55a0 [ 3485.864136] __get_user_pages+0x8f7/0x1e10 [ 3485.868385] ? follow_page_mask+0x1f40/0x1f40 [ 3485.872877] ? trace_hardirqs_on+0xbd/0x310 [ 3485.877205] ? lock_acquire+0x1db/0x570 [ 3485.881214] ? ___might_sleep+0x1e7/0x310 [ 3485.885380] ? lock_release+0xc40/0xc40 [ 3485.889351] ? rwsem_wake+0x2fd/0x4a0 [ 3485.893152] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3485.897237] populate_vma_page_range+0x2bc/0x3b0 [ 3485.902191] ? memset+0x32/0x40 [ 3485.905473] ? follow_page+0x430/0x430 [ 3485.909365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3485.914899] ? vmacache_update+0x114/0x140 [ 3485.919145] __mm_populate+0x27e/0x4c0 [ 3485.923047] ? populate_vma_page_range+0x3b0/0x3b0 [ 3485.927976] ? down_read_killable+0x150/0x150 [ 3485.932499] ? security_mmap_file+0x1a7/0x1e0 [ 3485.937034] vm_mmap_pgoff+0x277/0x2b0 [ 3485.940956] ? vma_is_stack_for_current+0xd0/0xd0 [ 3485.945803] ? check_preemption_disabled+0x48/0x290 [ 3485.950829] ksys_mmap_pgoff+0x102/0x650 [ 3485.954901] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3485.959658] ? trace_hardirqs_on+0xbd/0x310 [ 3485.963981] ? __do_page_fault+0x3f1/0xd60 [ 3485.968223] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3485.973586] ? trace_hardirqs_off_caller+0x300/0x300 [ 3485.978738] __x64_sys_mmap+0xe9/0x1b0 [ 3485.982641] do_syscall_64+0x1a3/0x800 [ 3485.986530] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3485.991477] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3485.996533] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3486.001391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3486.006590] RIP: 0033:0x457ec9 [ 3486.009800] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3486.028716] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3486.036448] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3486.043734] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3486.051009] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3486.058287] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3486.065553] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff 05:27:49 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}, 0x0) 05:27:49 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd68}, 0x28) [ 3486.073205] net_ratelimit: 18 callbacks suppressed [ 3486.073231] protocol 88fb is buggy, dev hsr_slave_0 [ 3486.083308] protocol 88fb is buggy, dev hsr_slave_1 [ 3486.088471] protocol 88fb is buggy, dev hsr_slave_0 [ 3486.093565] protocol 88fb is buggy, dev hsr_slave_1 [ 3486.098739] protocol 88fb is buggy, dev hsr_slave_0 [ 3486.103814] protocol 88fb is buggy, dev hsr_slave_1 [ 3486.125656] memory: usage 305016kB, limit 307200kB, failcnt 60059 [ 3486.133591] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3486.142566] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3486.151417] Memory cgroup stats for /syz1: cache:28KB rss:273436KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218680KB active_anon:4180KB inactive_file:0KB active_file:0KB unevictable:50668KB [ 3486.176752] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14676,uid=0 [ 3486.200318] Memory cgroup out of memory: Kill process 14676 (syz-executor1) score 1145 or sacrifice child [ 3486.211717] Killed process 14676 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3486.234794] oom_reaper: reaped process 14676 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00], [], [], [0x2]}, 0x45c) 05:27:49 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x1b) 05:27:49 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd69}, 0x28) 05:27:49 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x6800, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) [ 3486.426312] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:49 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd6a}, 0x28) 05:27:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400], [], [], [0x2]}, 0x45c) [ 3486.467773] gfs2: fsid=_h: Now mounting FS... [ 3486.511583] attempt to access beyond end of device 05:27:49 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3486.544188] loop3: rw=4096, want=136, limit=52 [ 3486.563941] gfs2: error 10 reading superblock [ 3486.582485] gfs2: fsid=_h: can't read superblock [ 3486.602346] gfs2: fsid=_h: can't read superblock: -5 [ 3486.617319] protocol 88fb is buggy, dev hsr_slave_0 [ 3486.622573] protocol 88fb is buggy, dev hsr_slave_1 05:27:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00], [], [], [0x2]}, 0x45c) 05:27:50 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd6b}, 0x28) [ 3486.648054] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3486.701585] CPU: 1 PID: 15094 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3486.708800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3486.718156] Call Trace: [ 3486.720820] dump_stack+0x1db/0x2d0 [ 3486.724468] ? dump_stack_print_info.cold+0x20/0x20 [ 3486.729529] dump_header+0x1e6/0x116c [ 3486.733347] ? add_lock_to_list.isra.0+0x450/0x450 [ 3486.738300] ? print_usage_bug+0xd0/0xd0 [ 3486.742390] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3486.747332] ? ___ratelimit+0x37c/0x686 [ 3486.751333] ? mark_held_locks+0xb1/0x100 [ 3486.755546] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3486.760657] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3486.760672] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3486.760688] ? trace_hardirqs_on+0xbd/0x310 [ 3486.760703] ? kasan_check_read+0x11/0x20 [ 3486.760717] ? ___ratelimit+0x37c/0x686 [ 3486.760732] ? trace_hardirqs_off_caller+0x300/0x300 [ 3486.760746] ? do_raw_spin_trylock+0x270/0x270 [ 3486.760761] ? trace_hardirqs_on_caller+0x310/0x310 [ 3486.760782] ? lock_acquire+0x1db/0x570 [ 3486.770479] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3486.770495] ? ___ratelimit+0xac/0x686 [ 3486.770519] ? idr_get_free+0xee0/0xee0 [ 3486.778959] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3486.778982] oom_kill_process.cold+0x10/0x9d4 [ 3486.779009] ? cgroup_procs_next+0x70/0x70 [ 3486.779040] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3486.779070] ? oom_badness+0xa50/0xa50 [ 3486.779089] ? oom_evaluate_task+0x540/0x540 [ 3486.779104] ? mem_cgroup_iter_break+0x30/0x30 [ 3486.779118] ? mutex_trylock+0x2d0/0x2d0 [ 3486.788204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3486.788233] ? rcu_read_unlock_special+0x380/0x380 [ 3486.788257] out_of_memory+0x885/0x1420 [ 3486.788274] ? mem_cgroup_iter+0x508/0xf30 [ 3486.788294] ? oom_killer_disable+0x340/0x340 [ 3486.788312] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3486.797895] ? lock_acquire+0x1db/0x570 [ 3486.797921] mem_cgroup_out_of_memory+0x160/0x210 [ 3486.797936] ? do_raw_spin_unlock+0xa0/0x330 [ 3486.797952] ? memcg_memory_event+0x40/0x40 [ 3486.797965] ? do_raw_spin_trylock+0x270/0x270 [ 3486.797989] ? _raw_spin_unlock+0x2d/0x50 [ 3486.798017] try_charge+0x12a9/0x19b0 [ 3486.807151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3486.807172] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3486.807188] ? rcu_read_unlock_special+0x380/0x380 [ 3486.807211] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3486.807227] ? get_mem_cgroup_from_page+0x190/0x190 [ 3486.807249] ? rcu_read_lock_sched_held+0x110/0x130 [ 3486.815107] mem_cgroup_try_charge+0x43a/0xdb0 [ 3486.815128] ? mem_cgroup_protected+0xa10/0xa10 [ 3486.815152] ? swap_duplicate+0x80/0x80 [ 3486.815170] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3486.815185] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3486.824258] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3486.824277] do_huge_pmd_wp_page_fallback+0x267/0x1a90 [ 3486.824293] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 3486.824307] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3486.824329] ? remap_page+0x200/0x200 [ 3486.824353] ? do_raw_spin_unlock+0xa0/0x330 [ 3486.868622] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3486.868636] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3486.868655] ? alloc_pages_vma+0x142/0x540 [ 3486.868676] do_huge_pmd_wp_page+0x960/0x2430 [ 3486.868703] ? __split_huge_pmd+0xc10/0xc10 [ 3486.868727] ? __lock_acquire+0x572/0x4a30 [ 3486.878308] ? lock_downgrade+0x910/0x910 [ 3486.878322] ? kasan_check_read+0x11/0x20 [ 3486.878343] ? mark_held_locks+0x100/0x100 [ 3486.878357] ? mark_held_locks+0x100/0x100 [ 3486.878371] ? kasan_poison_shadow+0x2f/0x40 [ 3486.878386] ? pmd_val+0x85/0x100 [ 3486.957376] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3486.957416] __handle_mm_fault+0x1afc/0x55a0 [ 3486.957456] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3486.957473] ? check_preemption_disabled+0x48/0x290 [ 3486.957490] ? handle_mm_fault+0x3cc/0xc80 [ 3486.957524] ? lock_downgrade+0x910/0x910 [ 3486.967959] ? kasan_check_read+0x11/0x20 [ 3486.967976] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3486.968004] ? rcu_read_unlock_special+0x380/0x380 [ 3486.968020] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3486.968036] ? check_preemption_disabled+0x48/0x290 [ 3486.968057] handle_mm_fault+0x4ec/0xc80 05:27:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [], [], [0x2]}, 0x45c) 05:27:50 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd6c}, 0x28) 05:27:50 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a000}, 0x0) [ 3486.968095] ? __handle_mm_fault+0x55a0/0x55a0 [ 3486.978186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3486.978198] ? vmacache_update+0x114/0x140 [ 3486.978223] __do_page_fault+0x5da/0xd60 [ 3486.978247] do_page_fault+0xe6/0x7d8 [ 3486.978259] ? trace_hardirqs_on_caller+0xc0/0x310 [ 3486.978274] ? vmalloc_sync_all+0x30/0x30 [ 3486.987622] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 3486.987638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3486.987653] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3486.987668] ? page_fault+0x8/0x30 [ 3486.987684] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3486.987701] ? page_fault+0x8/0x30 [ 3486.987717] page_fault+0x1e/0x30 [ 3486.997700] RIP: 0033:0x400610 [ 3486.997714] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 65 4a 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 4b 4a 00 00 8a [ 3486.997722] RSP: 002b:00007ffc528edba0 EFLAGS: 00010202 [ 3486.997733] RAX: 0000000020000000 RBX: 000000000073c900 RCX: 00000000200000c0 [ 3486.997740] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000000 [ 3486.997748] RBP: 000000000073c900 R08: 0000000000000000 R09: 0000000000000000 [ 3486.997755] R10: 00007ffc528edca0 R11: 0000000000000246 R12: 00000000000003e8 [ 3486.997766] R13: fffffffffffffffe R14: 0000000000353385 R15: 000000000073bfac [ 3487.070884] memory: usage 307200kB, limit 307200kB, failcnt 60100 [ 3487.078300] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3487.197285] protocol 88fb is buggy, dev hsr_slave_0 05:27:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3487.243705] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3487.248723] protocol 88fb is buggy, dev hsr_slave_1 [ 3487.261024] Memory cgroup stats for /syz1: cache:28KB rss:274712KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218684KB active_anon:4240KB inactive_file:0KB active_file:0KB unevictable:51836KB [ 3487.284062] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15094,uid=0 [ 3487.300776] Memory cgroup out of memory: Kill process 15094 (syz-executor1) score 1148 or sacrifice child [ 3487.311284] Killed process 15104 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3487.373412] oom_reaper: reaped process 15104 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3487.392471] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3487.407813] CPU: 0 PID: 15094 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3487.415065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3487.424422] Call Trace: [ 3487.427050] dump_stack+0x1db/0x2d0 [ 3487.430688] ? dump_stack_print_info.cold+0x20/0x20 [ 3487.435725] dump_header+0x1e6/0x116c [ 3487.439537] ? add_lock_to_list.isra.0+0x450/0x450 [ 3487.444476] ? print_usage_bug+0xd0/0xd0 [ 3487.448551] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3487.453495] ? ___ratelimit+0x37c/0x686 [ 3487.457485] ? mark_held_locks+0xb1/0x100 [ 3487.461643] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3487.466812] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3487.471963] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3487.476567] ? trace_hardirqs_on+0xbd/0x310 [ 3487.480898] ? kasan_check_read+0x11/0x20 [ 3487.480915] ? ___ratelimit+0x37c/0x686 [ 3487.480930] ? trace_hardirqs_off_caller+0x300/0x300 [ 3487.480945] ? do_raw_spin_trylock+0x270/0x270 [ 3487.480960] ? trace_hardirqs_on_caller+0x310/0x310 [ 3487.480975] ? lock_acquire+0x1db/0x570 [ 3487.489099] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3487.489116] ? ___ratelimit+0xac/0x686 [ 3487.489135] ? idr_get_free+0xee0/0xee0 [ 3487.489150] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3487.489175] oom_kill_process.cold+0x10/0x9d4 [ 3487.489194] ? cgroup_procs_next+0x70/0x70 [ 3487.489213] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3487.489229] ? oom_badness+0xa50/0xa50 [ 3487.489249] ? oom_evaluate_task+0x540/0x540 [ 3487.489266] ? mem_cgroup_iter_break+0x30/0x30 [ 3487.551478] ? mutex_trylock+0x2d0/0x2d0 [ 3487.555546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3487.561106] ? rcu_read_unlock_special+0x380/0x380 [ 3487.566050] out_of_memory+0x885/0x1420 [ 3487.570033] ? mem_cgroup_iter+0x508/0xf30 [ 3487.574260] ? oom_killer_disable+0x340/0x340 [ 3487.578765] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3487.583891] ? lock_acquire+0x1db/0x570 [ 3487.587882] mem_cgroup_out_of_memory+0x160/0x210 [ 3487.592717] ? do_raw_spin_unlock+0xa0/0x330 [ 3487.597113] ? memcg_memory_event+0x40/0x40 [ 3487.601421] ? do_raw_spin_trylock+0x270/0x270 [ 3487.606035] ? _raw_spin_unlock+0x2d/0x50 [ 3487.610174] try_charge+0x12a9/0x19b0 [ 3487.613970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3487.619513] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3487.624367] ? rcu_read_unlock_special+0x380/0x380 [ 3487.629286] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3487.634123] ? get_mem_cgroup_from_page+0x190/0x190 [ 3487.639182] ? rcu_read_lock_sched_held+0x110/0x130 [ 3487.644217] mem_cgroup_try_charge+0x43a/0xdb0 [ 3487.648790] ? mem_cgroup_protected+0xa10/0xa10 [ 3487.653461] ? swap_duplicate+0x80/0x80 [ 3487.657452] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3487.663015] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3487.668560] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3487.673514] do_huge_pmd_wp_page_fallback+0x267/0x1a90 [ 3487.678787] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 3487.683651] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3487.689180] ? remap_page+0x200/0x200 [ 3487.692982] ? do_raw_spin_unlock+0xa0/0x330 [ 3487.697408] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3487.702936] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3487.708457] ? alloc_pages_vma+0x142/0x540 [ 3487.712678] do_huge_pmd_wp_page+0x960/0x2430 [ 3487.717221] ? __split_huge_pmd+0xc10/0xc10 [ 3487.721540] ? __lock_acquire+0x572/0x4a30 [ 3487.725772] ? lock_downgrade+0x910/0x910 [ 3487.729923] ? kasan_check_read+0x11/0x20 [ 3487.734072] ? mark_held_locks+0x100/0x100 [ 3487.738321] ? mark_held_locks+0x100/0x100 [ 3487.742548] ? kasan_poison_shadow+0x2f/0x40 [ 3487.746947] ? pmd_val+0x85/0x100 [ 3487.750416] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3487.755435] __handle_mm_fault+0x1afc/0x55a0 [ 3487.759850] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3487.764704] ? check_preemption_disabled+0x48/0x290 [ 3487.769721] ? handle_mm_fault+0x3cc/0xc80 [ 3487.773948] ? lock_downgrade+0x910/0x910 [ 3487.778092] ? kasan_check_read+0x11/0x20 [ 3487.782243] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3487.787532] ? rcu_read_unlock_special+0x380/0x380 [ 3487.792569] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3487.798099] ? check_preemption_disabled+0x48/0x290 [ 3487.803136] handle_mm_fault+0x4ec/0xc80 [ 3487.807213] ? __handle_mm_fault+0x55a0/0x55a0 [ 3487.811802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3487.817333] ? vmacache_update+0x114/0x140 [ 3487.821582] __do_page_fault+0x5da/0xd60 [ 3487.825657] do_page_fault+0xe6/0x7d8 [ 3487.829485] ? trace_hardirqs_on_caller+0xc0/0x310 [ 3487.834411] ? vmalloc_sync_all+0x30/0x30 [ 3487.838561] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 3487.844048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3487.849639] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3487.854643] ? page_fault+0x8/0x30 [ 3487.858179] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3487.863031] ? page_fault+0x8/0x30 [ 3487.866563] page_fault+0x1e/0x30 [ 3487.870018] RIP: 0033:0x400610 [ 3487.873216] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 65 4a 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 4b 4a 00 00 8a [ 3487.892118] RSP: 002b:00007ffc528edba0 EFLAGS: 00010202 [ 3487.897483] RAX: 0000000020000000 RBX: 000000000073c900 RCX: 00000000200000c0 [ 3487.904911] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000000 [ 3487.912181] RBP: 000000000073c900 R08: 0000000000000000 R09: 0000000000000000 [ 3487.919441] R10: 00007ffc528edca0 R11: 0000000000000246 R12: 00000000000003e8 [ 3487.926720] R13: fffffffffffffffe R14: 0000000000353385 R15: 000000000073bfac [ 3487.939735] memory: usage 307028kB, limit 307200kB, failcnt 60127 [ 3487.945980] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3487.953108] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3487.961579] Memory cgroup stats for /syz1: cache:28KB rss:274712KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218680KB active_anon:4180KB inactive_file:0KB active_file:0KB unevictable:51836KB [ 3488.001779] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15094,uid=0 [ 3488.016438] Memory cgroup out of memory: Kill process 15094 (syz-executor1) score 1148 or sacrifice child [ 3488.032684] Killed process 15094 (syz-executor1) total-vm:70532kB, anon-rss:14996kB, file-rss:33672kB, shmem-rss:0kB [ 3488.044592] oom_reaper: reaped process 15094 (syz-executor1), now anon-rss:14920kB, file-rss:32776kB, shmem-rss:0kB 05:27:51 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x1c) 05:27:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd6d}, 0x28) 05:27:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [], [], [0x2]}, 0x45c) 05:27:51 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x6803, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:51 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0) 05:27:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000], [], [], [0x2]}, 0x45c) [ 3488.217989] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3488.247755] gfs2: fsid=_h: Now mounting FS... [ 3488.256708] attempt to access beyond end of device 05:27:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd6e}, 0x28) [ 3488.305745] loop3: rw=4096, want=136, limit=52 05:27:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000], [], [], [0x2]}, 0x45c) 05:27:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3488.338594] gfs2: error 10 reading superblock [ 3488.343292] gfs2: fsid=_h: can't read superblock [ 3488.362984] gfs2: fsid=_h: can't read superblock: -5 05:27:51 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd6f}, 0x28) 05:27:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000], [], [], [0x2]}, 0x45c) [ 3488.581943] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3488.606862] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3488.614261] gfs2: fsid=_h: Now mounting FS... [ 3488.635521] CPU: 0 PID: 15150 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3488.642731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3488.652082] Call Trace: [ 3488.654677] dump_stack+0x1db/0x2d0 [ 3488.658310] ? dump_stack_print_info.cold+0x20/0x20 [ 3488.663342] dump_header+0x1e6/0x116c [ 3488.667148] ? add_lock_to_list.isra.0+0x450/0x450 [ 3488.672100] ? print_usage_bug+0xd0/0xd0 [ 3488.676176] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3488.681144] ? ___ratelimit+0x37c/0x686 [ 3488.685127] ? mark_held_locks+0xb1/0x100 [ 3488.689285] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3488.694406] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3488.699512] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3488.704096] ? trace_hardirqs_on+0xbd/0x310 [ 3488.708435] ? kasan_check_read+0x11/0x20 [ 3488.712586] ? ___ratelimit+0x37c/0x686 [ 3488.716575] ? trace_hardirqs_off_caller+0x300/0x300 [ 3488.721694] ? do_raw_spin_trylock+0x270/0x270 [ 3488.726284] ? trace_hardirqs_on_caller+0x310/0x310 [ 3488.731300] ? lock_acquire+0x1db/0x570 [ 3488.735285] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3488.740397] ? ___ratelimit+0xac/0x686 [ 3488.744304] ? idr_get_free+0xee0/0xee0 [ 3488.748286] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3488.752884] oom_kill_process.cold+0x10/0x9d4 [ 3488.757418] ? cgroup_procs_next+0x70/0x70 [ 3488.761675] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3488.766175] ? oom_badness+0xa50/0xa50 [ 3488.770526] ? oom_evaluate_task+0x540/0x540 [ 3488.774938] ? mem_cgroup_iter_break+0x30/0x30 [ 3488.779520] ? mutex_trylock+0x2d0/0x2d0 [ 3488.783603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3488.789172] ? rcu_read_unlock_special+0x380/0x380 [ 3488.794112] out_of_memory+0x885/0x1420 [ 3488.798095] ? mem_cgroup_iter+0x508/0xf30 [ 3488.802354] ? oom_killer_disable+0x340/0x340 [ 3488.806900] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3488.812023] ? lock_acquire+0x1db/0x570 [ 3488.816029] mem_cgroup_out_of_memory+0x160/0x210 [ 3488.820878] ? do_raw_spin_unlock+0xa0/0x330 [ 3488.825290] ? memcg_memory_event+0x40/0x40 [ 3488.829700] ? do_raw_spin_trylock+0x270/0x270 [ 3488.834309] ? _raw_spin_unlock+0x2d/0x50 [ 3488.838466] try_charge+0x12a9/0x19b0 [ 3488.842274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3488.847821] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3488.852681] ? rcu_read_unlock_special+0x380/0x380 [ 3488.857667] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3488.862527] ? get_mem_cgroup_from_page+0x190/0x190 [ 3488.867565] ? rcu_read_lock_sched_held+0x110/0x130 [ 3488.872601] mem_cgroup_try_charge+0x43a/0xdb0 [ 3488.877191] ? mem_cgroup_protected+0xa10/0xa10 [ 3488.881879] ? swap_duplicate+0x80/0x80 [ 3488.885879] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3488.891418] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3488.896979] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3488.901931] do_huge_pmd_wp_page_fallback+0x267/0x1a90 [ 3488.907214] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 3488.912063] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3488.917624] ? remap_page+0x200/0x200 [ 3488.921439] ? do_raw_spin_unlock+0xa0/0x330 [ 3488.925851] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3488.931394] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3488.936935] ? alloc_pages_vma+0x142/0x540 [ 3488.941178] do_huge_pmd_wp_page+0x960/0x2430 [ 3488.945693] ? __split_huge_pmd+0xc10/0xc10 [ 3488.950036] ? __lock_acquire+0x572/0x4a30 [ 3488.954279] ? lock_downgrade+0x910/0x910 [ 3488.958429] ? kasan_check_read+0x11/0x20 [ 3488.962595] ? mark_held_locks+0x100/0x100 [ 3488.966847] ? mark_held_locks+0x100/0x100 [ 3488.971088] ? kasan_poison_shadow+0x2f/0x40 [ 3488.975503] ? pmd_val+0x85/0x100 [ 3488.978959] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3488.983985] __handle_mm_fault+0x1afc/0x55a0 [ 3488.988464] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3488.993306] ? check_preemption_disabled+0x48/0x290 [ 3488.998329] ? handle_mm_fault+0x3cc/0xc80 [ 3489.002616] ? lock_downgrade+0x910/0x910 [ 3489.006765] ? kasan_check_read+0x11/0x20 [ 3489.010917] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3489.016202] ? rcu_read_unlock_special+0x380/0x380 [ 3489.021139] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3489.026684] ? check_preemption_disabled+0x48/0x290 [ 3489.031714] handle_mm_fault+0x4ec/0xc80 [ 3489.035782] ? __handle_mm_fault+0x55a0/0x55a0 [ 3489.040366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3489.045907] ? vmacache_update+0x114/0x140 [ 3489.050158] __do_page_fault+0x5da/0xd60 [ 3489.054235] do_page_fault+0xe6/0x7d8 [ 3489.058061] ? trace_hardirqs_on_caller+0xc0/0x310 [ 3489.063054] ? vmalloc_sync_all+0x30/0x30 [ 3489.067206] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 3489.072699] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3489.078245] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3489.083279] ? page_fault+0x8/0x30 [ 3489.086823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3489.091669] ? page_fault+0x8/0x30 [ 3489.095210] page_fault+0x1e/0x30 [ 3489.098667] RIP: 0033:0x400610 [ 3489.101862] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 65 4a 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 4b 4a 00 00 8a [ 3489.120766] RSP: 002b:00007ffc528edba0 EFLAGS: 00010202 [ 3489.126129] RAX: 0000000020000000 RBX: 000000000073c900 RCX: 00000000200000c0 [ 3489.133428] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000000 [ 3489.140695] RBP: 000000000073c900 R08: 0000000000000000 R09: 0000000000000000 [ 3489.147962] R10: 00007ffc528edca0 R11: 0000000000000246 R12: 00000000000003e8 [ 3489.155240] R13: fffffffffffffffe R14: 0000000000353afb R15: 000000000073bfac [ 3489.177498] attempt to access beyond end of device [ 3489.198371] loop3: rw=4096, want=136, limit=52 [ 3489.221552] gfs2: error 10 reading superblock [ 3489.241729] gfs2: fsid=_h: can't read superblock [ 3489.246661] gfs2: fsid=_h: can't read superblock: -5 [ 3489.274843] memory: usage 307200kB, limit 307200kB, failcnt 60598 [ 3489.283955] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3489.291425] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3489.317552] Memory cgroup stats for /syz1: cache:28KB rss:274596KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218684KB active_anon:4240KB inactive_file:0KB active_file:0KB unevictable:51836KB [ 3489.346958] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15150,uid=0 [ 3489.365436] Memory cgroup out of memory: Kill process 15150 (syz-executor1) score 1148 or sacrifice child [ 3489.375316] Killed process 15172 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3489.418478] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3489.428528] CPU: 1 PID: 15150 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3489.435708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3489.445058] Call Trace: [ 3489.447644] dump_stack+0x1db/0x2d0 [ 3489.451288] ? dump_stack_print_info.cold+0x20/0x20 [ 3489.456300] dump_header+0x1e6/0x116c [ 3489.460093] ? add_lock_to_list.isra.0+0x450/0x450 [ 3489.465048] ? print_usage_bug+0xd0/0xd0 [ 3489.469104] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3489.474033] ? ___ratelimit+0x37c/0x686 [ 3489.478051] ? mark_held_locks+0xb1/0x100 [ 3489.482213] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3489.487305] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3489.492409] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3489.496979] ? trace_hardirqs_on+0xbd/0x310 [ 3489.501311] ? kasan_check_read+0x11/0x20 [ 3489.505448] ? ___ratelimit+0x37c/0x686 [ 3489.509410] ? trace_hardirqs_off_caller+0x300/0x300 [ 3489.514535] ? do_raw_spin_trylock+0x270/0x270 [ 3489.519101] ? trace_hardirqs_on_caller+0x310/0x310 [ 3489.524104] ? lock_acquire+0x1db/0x570 [ 3489.528070] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3489.533177] ? ___ratelimit+0xac/0x686 [ 3489.537070] ? idr_get_free+0xee0/0xee0 [ 3489.541032] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3489.545608] oom_kill_process.cold+0x10/0x9d4 [ 3489.550100] ? cgroup_procs_next+0x70/0x70 [ 3489.554333] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3489.558818] ? oom_badness+0xa50/0xa50 [ 3489.562699] ? oom_evaluate_task+0x540/0x540 [ 3489.567101] ? mem_cgroup_iter_break+0x30/0x30 [ 3489.571673] ? mutex_trylock+0x2d0/0x2d0 [ 3489.575740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3489.581284] ? rcu_read_unlock_special+0x380/0x380 [ 3489.586212] out_of_memory+0x885/0x1420 [ 3489.590204] ? mem_cgroup_iter+0x508/0xf30 [ 3489.594445] ? oom_killer_disable+0x340/0x340 [ 3489.598946] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3489.604041] ? lock_acquire+0x1db/0x570 [ 3489.608017] mem_cgroup_out_of_memory+0x160/0x210 [ 3489.612848] ? do_raw_spin_unlock+0xa0/0x330 [ 3489.617249] ? memcg_memory_event+0x40/0x40 [ 3489.621562] ? do_raw_spin_trylock+0x270/0x270 [ 3489.626139] ? _raw_spin_unlock+0x2d/0x50 [ 3489.630274] try_charge+0x12a9/0x19b0 [ 3489.634063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3489.639590] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3489.644424] ? rcu_read_unlock_special+0x380/0x380 [ 3489.649366] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3489.654214] ? get_mem_cgroup_from_page+0x190/0x190 [ 3489.659224] ? rcu_read_lock_sched_held+0x110/0x130 [ 3489.664236] mem_cgroup_try_charge+0x43a/0xdb0 [ 3489.668808] ? mem_cgroup_protected+0xa10/0xa10 [ 3489.673486] ? swap_duplicate+0x80/0x80 [ 3489.677453] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3489.683010] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3489.688556] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3489.693496] do_huge_pmd_wp_page_fallback+0x267/0x1a90 [ 3489.698778] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 3489.703609] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3489.709139] ? remap_page+0x200/0x200 [ 3489.712937] ? do_raw_spin_unlock+0xa0/0x330 [ 3489.717334] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3489.722885] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3489.728438] ? alloc_pages_vma+0x142/0x540 [ 3489.732675] do_huge_pmd_wp_page+0x960/0x2430 [ 3489.737195] ? __split_huge_pmd+0xc10/0xc10 [ 3489.741522] ? __lock_acquire+0x572/0x4a30 [ 3489.745762] ? lock_downgrade+0x910/0x910 [ 3489.749895] ? kasan_check_read+0x11/0x20 [ 3489.754045] ? mark_held_locks+0x100/0x100 [ 3489.758281] ? mark_held_locks+0x100/0x100 [ 3489.762530] ? kasan_poison_shadow+0x2f/0x40 [ 3489.766927] ? pmd_val+0x85/0x100 [ 3489.770369] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3489.775389] __handle_mm_fault+0x1afc/0x55a0 [ 3489.779805] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3489.784638] ? check_preemption_disabled+0x48/0x290 [ 3489.789644] ? handle_mm_fault+0x3cc/0xc80 [ 3489.793872] ? lock_downgrade+0x910/0x910 [ 3489.798017] ? kasan_check_read+0x11/0x20 [ 3489.802157] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3489.807430] ? rcu_read_unlock_special+0x380/0x380 [ 3489.812349] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3489.817876] ? check_preemption_disabled+0x48/0x290 [ 3489.822881] handle_mm_fault+0x4ec/0xc80 [ 3489.826935] ? __handle_mm_fault+0x55a0/0x55a0 [ 3489.831503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3489.837029] ? vmacache_update+0x114/0x140 [ 3489.841259] __do_page_fault+0x5da/0xd60 [ 3489.845316] do_page_fault+0xe6/0x7d8 [ 3489.849120] ? trace_hardirqs_on_caller+0xc0/0x310 [ 3489.854058] ? vmalloc_sync_all+0x30/0x30 [ 3489.858206] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 3489.863675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3489.869200] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3489.874211] ? page_fault+0x8/0x30 [ 3489.877756] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3489.882614] ? page_fault+0x8/0x30 [ 3489.886150] page_fault+0x1e/0x30 [ 3489.889607] RIP: 0033:0x400610 [ 3489.892804] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 65 4a 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 4b 4a 00 00 8a [ 3489.911789] RSP: 002b:00007ffc528edba0 EFLAGS: 00010202 [ 3489.917148] RAX: 0000000020000000 RBX: 000000000073c900 RCX: 00000000200000c0 [ 3489.924408] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000000 [ 3489.931665] RBP: 000000000073c900 R08: 0000000000000000 R09: 0000000000000000 [ 3489.938922] R10: 00007ffc528edca0 R11: 0000000000000246 R12: 00000000000003e8 [ 3489.946200] R13: fffffffffffffffe R14: 0000000000353afb R15: 000000000073bfac [ 3489.958283] memory: usage 307200kB, limit 307200kB, failcnt 60634 [ 3489.965053] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3489.971895] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3489.983686] Memory cgroup stats for /syz1: cache:28KB rss:274596KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218680KB active_anon:4180KB inactive_file:0KB active_file:0KB unevictable:51836KB [ 3490.005356] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15150,uid=0 05:27:53 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x1d) 05:27:53 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd70}, 0x28) 05:27:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:53 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0) 05:27:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000], [], [], [0x2]}, 0x45c) 05:27:53 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x6c00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) [ 3490.020282] Memory cgroup out of memory: Kill process 15150 (syz-executor1) score 1148 or sacrifice child [ 3490.030208] Killed process 15150 (syz-executor1) total-vm:70532kB, anon-rss:14996kB, file-rss:33672kB, shmem-rss:0kB [ 3490.041884] oom_reaper: reaped process 15150 (syz-executor1), now anon-rss:14920kB, file-rss:32776kB, shmem-rss:0kB 05:27:53 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd71}, 0x28) [ 3490.226447] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000], [], [], [0x2]}, 0x45c) [ 3490.277423] gfs2: fsid=_h: Now mounting FS... [ 3490.290554] attempt to access beyond end of device [ 3490.310655] loop3: rw=4096, want=136, limit=54 [ 3490.323542] gfs2: error 10 reading superblock [ 3490.339908] gfs2: fsid=_h: can't read superblock [ 3490.363153] gfs2: fsid=_h: can't read superblock: -5 05:27:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000], [], [], [0x2]}, 0x45c) 05:27:53 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd72}, 0x28) 05:27:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3490.506433] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3490.545992] CPU: 1 PID: 15198 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3490.553237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3490.562595] Call Trace: [ 3490.565197] dump_stack+0x1db/0x2d0 [ 3490.568832] ? dump_stack_print_info.cold+0x20/0x20 [ 3490.573883] dump_header+0x1e6/0x116c [ 3490.577694] ? add_lock_to_list.isra.0+0x450/0x450 [ 3490.582634] ? print_usage_bug+0xd0/0xd0 [ 3490.586706] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3490.591651] ? ___ratelimit+0x37c/0x686 [ 3490.595636] ? mark_held_locks+0xb1/0x100 [ 3490.599791] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3490.604897] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3490.610016] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3490.614607] ? trace_hardirqs_on+0xbd/0x310 [ 3490.618934] ? kasan_check_read+0x11/0x20 [ 3490.623090] ? ___ratelimit+0x37c/0x686 [ 3490.627071] ? trace_hardirqs_off_caller+0x300/0x300 [ 3490.632175] ? do_raw_spin_trylock+0x270/0x270 [ 3490.636766] ? trace_hardirqs_on_caller+0x310/0x310 [ 3490.641785] ? lock_acquire+0x1db/0x570 [ 3490.645771] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3490.650881] ? ___ratelimit+0xac/0x686 [ 3490.654776] ? idr_get_free+0xee0/0xee0 [ 3490.658756] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3490.663372] oom_kill_process.cold+0x10/0x9d4 [ 3490.667879] ? cgroup_procs_next+0x70/0x70 [ 3490.672123] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3490.676625] ? oom_badness+0xa50/0xa50 [ 3490.680527] ? oom_evaluate_task+0x540/0x540 [ 3490.684941] ? mem_cgroup_iter_break+0x30/0x30 [ 3490.689529] ? mutex_trylock+0x2d0/0x2d0 [ 3490.693595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3490.699152] ? rcu_read_unlock_special+0x380/0x380 [ 3490.704093] out_of_memory+0x885/0x1420 [ 3490.708079] ? mem_cgroup_iter+0x508/0xf30 [ 3490.712322] ? oom_killer_disable+0x340/0x340 [ 3490.716821] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3490.721932] ? lock_acquire+0x1db/0x570 [ 3490.725921] mem_cgroup_out_of_memory+0x160/0x210 [ 3490.730768] ? do_raw_spin_unlock+0xa0/0x330 [ 3490.735179] ? memcg_memory_event+0x40/0x40 [ 3490.739526] ? do_raw_spin_trylock+0x270/0x270 [ 3490.744125] ? _raw_spin_unlock+0x2d/0x50 [ 3490.748280] try_charge+0x12a9/0x19b0 [ 3490.752087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3490.757632] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3490.762481] ? rcu_read_unlock_special+0x380/0x380 [ 3490.767428] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3490.772397] ? get_mem_cgroup_from_page+0x190/0x190 [ 3490.777424] ? rcu_read_lock_sched_held+0x110/0x130 [ 3490.782447] mem_cgroup_try_charge+0x43a/0xdb0 [ 3490.787046] ? mem_cgroup_protected+0xa10/0xa10 [ 3490.791729] ? swap_duplicate+0x80/0x80 [ 3490.795711] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3490.801253] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3490.806802] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3490.811755] do_huge_pmd_wp_page_fallback+0x267/0x1a90 [ 3490.817037] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 3490.821890] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3490.827442] ? remap_page+0x200/0x200 [ 3490.831260] ? do_raw_spin_unlock+0xa0/0x330 [ 3490.835671] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3490.841219] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3490.846860] ? alloc_pages_vma+0x142/0x540 [ 3490.851107] do_huge_pmd_wp_page+0x960/0x2430 [ 3490.855621] ? __split_huge_pmd+0xc10/0xc10 [ 3490.859954] ? __lock_acquire+0x572/0x4a30 [ 3490.864192] ? lock_downgrade+0x910/0x910 [ 3490.868341] ? kasan_check_read+0x11/0x20 [ 3490.872497] ? mark_held_locks+0x100/0x100 [ 3490.876759] ? mark_held_locks+0x100/0x100 [ 3490.881006] ? kasan_poison_shadow+0x2f/0x40 [ 3490.885420] ? pmd_val+0x85/0x100 [ 3490.888878] ? add_mm_counter_fast.part.0+0x40/0x40 [ 3490.893912] __handle_mm_fault+0x1afc/0x55a0 [ 3490.898338] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3490.903186] ? check_preemption_disabled+0x48/0x290 [ 3490.908206] ? handle_mm_fault+0x3cc/0xc80 [ 3490.912459] ? lock_downgrade+0x910/0x910 [ 3490.916607] ? kasan_check_read+0x11/0x20 [ 3490.920757] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3490.926042] ? rcu_read_unlock_special+0x380/0x380 [ 3490.930974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3490.936527] ? check_preemption_disabled+0x48/0x290 [ 3490.941557] handle_mm_fault+0x4ec/0xc80 [ 3490.945628] ? __handle_mm_fault+0x55a0/0x55a0 [ 3490.950214] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3490.955755] ? vmacache_update+0x114/0x140 [ 3490.960015] __do_page_fault+0x5da/0xd60 [ 3490.964098] do_page_fault+0xe6/0x7d8 [ 3490.967921] ? trace_hardirqs_on_caller+0xc0/0x310 [ 3490.972855] ? vmalloc_sync_all+0x30/0x30 [ 3490.977015] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 3490.982473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3490.988025] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3490.993047] ? page_fault+0x8/0x30 [ 3490.996595] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3491.001449] ? page_fault+0x8/0x30 [ 3491.005032] page_fault+0x1e/0x30 [ 3491.008485] RIP: 0033:0x400610 [ 3491.011693] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 65 4a 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 4b 4a 00 00 8a [ 3491.030599] RSP: 002b:00007ffc528edba0 EFLAGS: 00010202 [ 3491.035964] RAX: 0000000020000000 RBX: 000000000073c900 RCX: 00000000200000c0 [ 3491.043242] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000000 [ 3491.050517] RBP: 000000000073c900 R08: 0000000000000000 R09: 0000000000000000 [ 3491.057806] R10: 00007ffc528edca0 R11: 0000000000000246 R12: 00000000000003e8 [ 3491.065074] R13: fffffffffffffffe R14: 0000000000354285 R15: 000000000073bfac [ 3491.119910] memory: usage 307200kB, limit 307200kB, failcnt 61099 [ 3491.126374] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3491.133450] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3491.163406] Memory cgroup stats for /syz1: cache:28KB rss:274524KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218684KB active_anon:4240KB inactive_file:0KB active_file:0KB unevictable:51836KB [ 3491.186989] net_ratelimit: 20 callbacks suppressed [ 3491.187022] protocol 88fb is buggy, dev hsr_slave_0 [ 3491.187100] protocol 88fb is buggy, dev hsr_slave_1 [ 3491.198821] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15198,uid=0 [ 3491.235240] Memory cgroup out of memory: Kill process 15198 (syz-executor1) score 1148 or sacrifice child [ 3491.245604] Killed process 15214 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:27:54 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x1e) 05:27:54 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ffdb8}, 0x0) 05:27:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [], [], [0x2]}, 0x45c) 05:27:54 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd73}, 0x28) 05:27:54 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x7002, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) [ 3491.417361] protocol 88fb is buggy, dev hsr_slave_0 [ 3491.422500] protocol 88fb is buggy, dev hsr_slave_1 [ 3491.427712] protocol 88fb is buggy, dev hsr_slave_0 [ 3491.432802] protocol 88fb is buggy, dev hsr_slave_1 05:27:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000], [], [], [0x2]}, 0x45c) 05:27:55 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd74}, 0x28) [ 3491.599772] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3491.606411] gfs2: fsid=_h: Now mounting FS... [ 3491.637576] attempt to access beyond end of device [ 3491.642562] loop3: rw=4096, want=136, limit=56 [ 3491.682519] gfs2: error 10 reading superblock [ 3491.687088] gfs2: fsid=_h: can't read superblock 05:27:55 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000], [], [], [0x2]}, 0x45c) [ 3491.747572] gfs2: fsid=_h: can't read superblock: -5 [ 3491.809400] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3491.850139] CPU: 1 PID: 15252 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3491.857401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3491.866759] Call Trace: [ 3491.869361] dump_stack+0x1db/0x2d0 [ 3491.873030] ? dump_stack_print_info.cold+0x20/0x20 [ 3491.878077] dump_header+0x1e6/0x116c [ 3491.881891] ? add_lock_to_list.isra.0+0x450/0x450 [ 3491.886845] ? print_usage_bug+0xd0/0xd0 [ 3491.890943] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3491.895880] ? ___ratelimit+0x37c/0x686 [ 3491.900364] ? mark_held_locks+0xb1/0x100 [ 3491.900382] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3491.900397] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3491.900412] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3491.900428] ? trace_hardirqs_on+0xbd/0x310 [ 3491.923693] ? kasan_check_read+0x11/0x20 [ 3491.927846] ? ___ratelimit+0x37c/0x686 [ 3491.927861] ? trace_hardirqs_off_caller+0x300/0x300 [ 3491.927875] ? do_raw_spin_trylock+0x270/0x270 [ 3491.927902] ? trace_hardirqs_on_caller+0x310/0x310 [ 3491.927915] ? lock_acquire+0x1db/0x570 [ 3491.936986] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3491.946572] ? ___ratelimit+0xac/0x686 [ 3491.955627] ? idr_get_free+0xee0/0xee0 [ 3491.963471] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3491.968079] oom_kill_process.cold+0x10/0x9d4 [ 3491.972589] ? cgroup_procs_next+0x70/0x70 [ 3491.976841] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3491.981368] ? oom_badness+0xa50/0xa50 [ 3491.985283] ? oom_evaluate_task+0x540/0x540 [ 3491.985301] ? mem_cgroup_iter_break+0x30/0x30 [ 3491.985318] ? mutex_trylock+0x2d0/0x2d0 [ 3491.994311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3491.994344] ? rcu_read_unlock_special+0x380/0x380 [ 3492.003945] out_of_memory+0x885/0x1420 [ 3492.003965] ? mem_cgroup_iter+0x508/0xf30 [ 3492.003985] ? oom_killer_disable+0x340/0x340 [ 3492.012886] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3492.012902] ? lock_acquire+0x1db/0x570 [ 3492.012936] mem_cgroup_out_of_memory+0x160/0x210 [ 3492.021710] ? do_raw_spin_unlock+0xa0/0x330 [ 3492.021728] ? memcg_memory_event+0x40/0x40 [ 3492.021745] ? do_raw_spin_trylock+0x270/0x270 05:27:55 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000], [], [], [0x2]}, 0x45c) 05:27:55 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd75}, 0x28) [ 3492.030828] ? _raw_spin_unlock+0x2d/0x50 [ 3492.030848] try_charge+0x12a9/0x19b0 [ 3492.030865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3492.030887] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3492.040163] ? rcu_read_unlock_special+0x380/0x380 [ 3492.040190] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3492.049125] ? get_mem_cgroup_from_page+0x190/0x190 [ 3492.049148] ? rcu_read_lock_sched_held+0x110/0x130 [ 3492.049168] mem_cgroup_try_charge+0x43a/0xdb0 [ 3492.049188] ? mem_cgroup_protected+0xa10/0xa10 [ 3492.096607] ? mark_held_locks+0x100/0x100 [ 3492.100856] ? pmd_val+0x85/0x100 [ 3492.104334] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3492.109897] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3492.115460] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3492.120418] __handle_mm_fault+0x2594/0x55a0 [ 3492.124870] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3492.129718] ? check_preemption_disabled+0x48/0x290 [ 3492.134744] ? handle_mm_fault+0x3cc/0xc80 [ 3492.139006] ? lock_downgrade+0x910/0x910 [ 3492.143162] ? kasan_check_read+0x11/0x20 [ 3492.147319] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3492.152646] ? rcu_read_unlock_special+0x380/0x380 [ 3492.157589] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3492.163142] ? check_preemption_disabled+0x48/0x290 [ 3492.168179] handle_mm_fault+0x4ec/0xc80 [ 3492.172248] ? __handle_mm_fault+0x55a0/0x55a0 [ 3492.176838] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3492.181861] __get_user_pages+0x8f7/0x1e10 [ 3492.186128] ? follow_page_mask+0x1f40/0x1f40 [ 3492.190638] ? lock_acquire+0x1db/0x570 [ 3492.194623] ? ___might_sleep+0x1e7/0x310 [ 3492.198776] ? lock_release+0xc40/0xc40 [ 3492.202750] ? find_held_lock+0x35/0x120 [ 3492.206865] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3492.210957] populate_vma_page_range+0x2bc/0x3b0 [ 3492.215731] ? memset+0x32/0x40 [ 3492.219037] ? follow_page+0x430/0x430 [ 3492.222928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3492.228467] ? vmacache_update+0x114/0x140 [ 3492.232715] __mm_populate+0x27e/0x4c0 [ 3492.236611] ? populate_vma_page_range+0x3b0/0x3b0 [ 3492.241544] ? down_read_killable+0x150/0x150 [ 3492.246051] ? security_mmap_file+0x1a7/0x1e0 [ 3492.250561] vm_mmap_pgoff+0x277/0x2b0 [ 3492.254458] ? vma_is_stack_for_current+0xd0/0xd0 [ 3492.259303] ? kasan_check_read+0x11/0x20 [ 3492.263453] ? _copy_to_user+0xc9/0x120 [ 3492.267438] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3492.272989] ksys_mmap_pgoff+0x102/0x650 [ 3492.277073] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3492.281837] ? trace_hardirqs_on+0xbd/0x310 [ 3492.286159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3492.291729] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3492.297130] ? trace_hardirqs_off_caller+0x300/0x300 [ 3492.302294] __x64_sys_mmap+0xe9/0x1b0 [ 3492.306201] do_syscall_64+0x1a3/0x800 [ 3492.310109] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3492.315039] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3492.320076] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3492.324922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3492.330109] RIP: 0033:0x457ec9 [ 3492.333298] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3492.352198] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3492.359935] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3492.367202] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3492.374474] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3492.381748] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3492.389063] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3492.397523] protocol 88fb is buggy, dev hsr_slave_0 05:27:55 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3492.402615] protocol 88fb is buggy, dev hsr_slave_1 [ 3492.407819] protocol 88fb is buggy, dev hsr_slave_0 [ 3492.412907] protocol 88fb is buggy, dev hsr_slave_1 [ 3492.419479] memory: usage 307200kB, limit 307200kB, failcnt 61136 [ 3492.438978] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3492.445755] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3492.455742] Memory cgroup stats for /syz1: cache:28KB rss:279272KB rss_huge:210944KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:231604KB active_anon:4284KB inactive_file:0KB active_file:0KB unevictable:43448KB [ 3492.494099] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14700,uid=0 [ 3492.597306] Memory cgroup out of memory: Kill process 14700 (syz-executor1) score 1145 or sacrifice child [ 3492.607121] Killed process 14700 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3492.708962] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3492.722088] CPU: 1 PID: 15279 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3492.729317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3492.738681] Call Trace: [ 3492.741278] dump_stack+0x1db/0x2d0 [ 3492.744944] ? dump_stack_print_info.cold+0x20/0x20 [ 3492.749987] dump_header+0x1e6/0x116c [ 3492.753790] ? add_lock_to_list.isra.0+0x450/0x450 [ 3492.758709] ? print_usage_bug+0xd0/0xd0 [ 3492.762763] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3492.767873] ? ___ratelimit+0x37c/0x686 [ 3492.771854] ? mark_held_locks+0xb1/0x100 [ 3492.776006] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3492.781101] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3492.786193] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3492.790806] ? trace_hardirqs_on+0xbd/0x310 [ 3492.795114] ? kasan_check_read+0x11/0x20 [ 3492.799261] ? ___ratelimit+0x37c/0x686 [ 3492.803228] ? trace_hardirqs_off_caller+0x300/0x300 [ 3492.808314] ? do_raw_spin_trylock+0x270/0x270 [ 3492.812881] ? trace_hardirqs_on_caller+0x310/0x310 [ 3492.817878] ? lock_acquire+0x1db/0x570 [ 3492.821858] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3492.827037] ? ___ratelimit+0xac/0x686 [ 3492.830912] ? idr_get_free+0xee0/0xee0 [ 3492.834872] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3492.839478] oom_kill_process.cold+0x10/0x9d4 [ 3492.843962] ? cgroup_procs_next+0x70/0x70 [ 3492.848186] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3492.852682] ? oom_badness+0xa50/0xa50 [ 3492.856558] ? oom_evaluate_task+0x540/0x540 [ 3492.860955] ? mem_cgroup_iter_break+0x30/0x30 [ 3492.865528] ? mutex_trylock+0x2d0/0x2d0 [ 3492.869591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3492.875124] ? rcu_read_unlock_special+0x380/0x380 [ 3492.880045] out_of_memory+0x885/0x1420 [ 3492.884017] ? mem_cgroup_iter+0x508/0xf30 [ 3492.888255] ? oom_killer_disable+0x340/0x340 [ 3492.892772] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3492.897874] ? lock_acquire+0x1db/0x570 [ 3492.901844] mem_cgroup_out_of_memory+0x160/0x210 [ 3492.906674] ? do_raw_spin_unlock+0xa0/0x330 [ 3492.911078] ? memcg_memory_event+0x40/0x40 [ 3492.915401] ? do_raw_spin_trylock+0x270/0x270 [ 3492.919990] ? _raw_spin_unlock+0x2d/0x50 [ 3492.924136] try_charge+0x12a9/0x19b0 [ 3492.927927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3492.933457] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3492.938301] ? rcu_read_unlock_special+0x380/0x380 [ 3492.943218] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3492.948061] ? get_mem_cgroup_from_page+0x190/0x190 [ 3492.953075] ? rcu_read_lock_sched_held+0x110/0x130 [ 3492.958081] mem_cgroup_try_charge+0x43a/0xdb0 [ 3492.962664] ? mem_cgroup_protected+0xa10/0xa10 [ 3492.967336] ? mark_held_locks+0x100/0x100 [ 3492.971553] ? pmd_val+0x85/0x100 [ 3492.975022] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3492.980557] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3492.986113] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3492.991047] __handle_mm_fault+0x2594/0x55a0 [ 3492.995463] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3493.000299] ? check_preemption_disabled+0x48/0x290 [ 3493.005302] ? handle_mm_fault+0x3cc/0xc80 [ 3493.009544] ? lock_downgrade+0x910/0x910 [ 3493.013692] ? kasan_check_read+0x11/0x20 [ 3493.017851] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3493.023137] ? rcu_read_unlock_special+0x380/0x380 [ 3493.028069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3493.033594] ? check_preemption_disabled+0x48/0x290 [ 3493.038597] handle_mm_fault+0x4ec/0xc80 [ 3493.042662] ? __handle_mm_fault+0x55a0/0x55a0 [ 3493.047236] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3493.052254] __get_user_pages+0x8f7/0x1e10 [ 3493.056482] ? follow_page_mask+0x1f40/0x1f40 [ 3493.060964] ? trace_hardirqs_on+0xbd/0x310 [ 3493.065275] ? lock_acquire+0x1db/0x570 [ 3493.069246] ? ___might_sleep+0x1e7/0x310 [ 3493.073394] ? lock_release+0xc40/0xc40 [ 3493.077353] ? rwsem_wake+0x2fd/0x4a0 [ 3493.081158] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3493.085216] populate_vma_page_range+0x2bc/0x3b0 [ 3493.089958] ? memset+0x32/0x40 [ 3493.093224] ? follow_page+0x430/0x430 [ 3493.097099] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3493.102621] ? vmacache_update+0x114/0x140 [ 3493.106847] __mm_populate+0x27e/0x4c0 [ 3493.110732] ? populate_vma_page_range+0x3b0/0x3b0 [ 3493.115671] ? down_read_killable+0x150/0x150 [ 3493.120156] ? security_mmap_file+0x1a7/0x1e0 [ 3493.124641] vm_mmap_pgoff+0x277/0x2b0 [ 3493.128523] ? vma_is_stack_for_current+0xd0/0xd0 [ 3493.133361] ? check_preemption_disabled+0x48/0x290 [ 3493.138382] ksys_mmap_pgoff+0x102/0x650 [ 3493.142458] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3493.147219] ? trace_hardirqs_on+0xbd/0x310 [ 3493.151537] ? __do_page_fault+0x3f1/0xd60 [ 3493.155773] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3493.161133] ? trace_hardirqs_off_caller+0x300/0x300 [ 3493.166220] __x64_sys_mmap+0xe9/0x1b0 [ 3493.170098] do_syscall_64+0x1a3/0x800 [ 3493.173974] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3493.178899] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3493.183903] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3493.188736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3493.193914] RIP: 0033:0x457ec9 [ 3493.197107] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3493.215993] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3493.223723] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3493.230991] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3493.238260] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3493.245520] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3493.252774] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3493.265717] memory: usage 307200kB, limit 307200kB, failcnt 61171 [ 3493.272106] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3493.285532] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3493.292205] Memory cgroup stats for /syz1: cache:28KB rss:279248KB rss_huge:208896KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:233652KB active_anon:4288KB inactive_file:0KB active_file:0KB unevictable:41368KB [ 3493.314811] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14726,uid=0 [ 3493.331023] Memory cgroup out of memory: Kill process 14726 (syz-executor1) score 1145 or sacrifice child [ 3493.341557] Killed process 14726 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3493.356060] oom_reaper: reaped process 14726 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:56 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x21) 05:27:56 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00100}, 0x0) 05:27:56 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x7400, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd76}, 0x28) 05:27:56 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000], [], [], [0x2]}, 0x45c) 05:27:56 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:56 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd77}, 0x28) 05:27:57 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000], [], [], [0x2]}, 0x45c) [ 3493.617649] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:27:57 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd78}, 0x28) [ 3493.666212] gfs2: fsid=_h: Now mounting FS... [ 3493.682284] attempt to access beyond end of device [ 3493.688224] loop3: rw=4096, want=136, limit=58 [ 3493.693161] gfs2: error 10 reading superblock [ 3493.698361] gfs2: fsid=_h: can't read superblock [ 3493.703280] gfs2: fsid=_h: can't read superblock: -5 [ 3493.788590] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3493.815902] CPU: 0 PID: 15295 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3493.823115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3493.832478] Call Trace: [ 3493.835089] dump_stack+0x1db/0x2d0 [ 3493.838728] ? dump_stack_print_info.cold+0x20/0x20 [ 3493.843768] dump_header+0x1e6/0x116c [ 3493.847577] ? add_lock_to_list.isra.0+0x450/0x450 [ 3493.847596] ? print_usage_bug+0xd0/0xd0 [ 3493.847615] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3493.847631] ? ___ratelimit+0x37c/0x686 [ 3493.847651] ? mark_held_locks+0xb1/0x100 [ 3493.847669] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3493.847685] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3493.847699] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3493.847716] ? trace_hardirqs_on+0xbd/0x310 [ 3493.847730] ? kasan_check_read+0x11/0x20 [ 3493.847744] ? ___ratelimit+0x37c/0x686 [ 3493.847761] ? trace_hardirqs_off_caller+0x300/0x300 [ 3493.865668] ? do_raw_spin_trylock+0x270/0x270 [ 3493.879994] ? trace_hardirqs_on_caller+0x310/0x310 [ 3493.880033] ? lock_acquire+0x1db/0x570 [ 3493.880055] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3493.880071] ? ___ratelimit+0xac/0x686 [ 3493.889021] ? idr_get_free+0xee0/0xee0 [ 3493.889038] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3493.889063] oom_kill_process.cold+0x10/0x9d4 [ 3493.889087] ? cgroup_procs_next+0x70/0x70 [ 3493.897218] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3493.897234] ? oom_badness+0xa50/0xa50 [ 3493.897255] ? oom_evaluate_task+0x540/0x540 [ 3493.897272] ? mem_cgroup_iter_break+0x30/0x30 [ 3493.897287] ? mutex_trylock+0x2d0/0x2d0 [ 3493.907451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3493.907480] ? rcu_read_unlock_special+0x380/0x380 [ 3493.907503] out_of_memory+0x885/0x1420 [ 3493.907519] ? mem_cgroup_iter+0x508/0xf30 [ 3493.907540] ? oom_killer_disable+0x340/0x340 [ 3493.907556] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3493.916543] ? lock_acquire+0x1db/0x570 [ 3493.916571] mem_cgroup_out_of_memory+0x160/0x210 [ 3493.916585] ? do_raw_spin_unlock+0xa0/0x330 [ 3493.916602] ? memcg_memory_event+0x40/0x40 [ 3493.925594] ? do_raw_spin_trylock+0x270/0x270 [ 3493.925638] ? _raw_spin_unlock+0x2d/0x50 [ 3493.925655] try_charge+0x12a9/0x19b0 [ 3493.934192] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3493.934216] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3493.934232] ? rcu_read_unlock_special+0x380/0x380 [ 3493.934255] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3493.942954] ? get_mem_cgroup_from_page+0x190/0x190 [ 3493.942977] ? rcu_read_lock_sched_held+0x110/0x130 [ 3493.942995] mem_cgroup_try_charge+0x43a/0xdb0 [ 3493.951361] ? mem_cgroup_protected+0xa10/0xa10 [ 3493.964426] ? mark_held_locks+0x100/0x100 [ 3493.964444] ? pmd_val+0x85/0x100 [ 3493.964459] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3493.964475] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3493.974962] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3493.975026] __handle_mm_fault+0x2594/0x55a0 [ 3493.975051] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3493.983270] ? check_preemption_disabled+0x48/0x290 [ 3493.983288] ? handle_mm_fault+0x3cc/0xc80 [ 3493.983319] ? lock_downgrade+0x910/0x910 [ 3493.992908] ? kasan_check_read+0x11/0x20 [ 3493.992925] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3493.992943] ? rcu_read_unlock_special+0x380/0x380 [ 3493.992962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3494.128416] ? check_preemption_disabled+0x48/0x290 [ 3494.133442] handle_mm_fault+0x4ec/0xc80 [ 3494.137511] ? __handle_mm_fault+0x55a0/0x55a0 [ 3494.142106] ? __get_user_pages+0x816/0x1e10 [ 3494.146534] __get_user_pages+0x8f7/0x1e10 [ 3494.150804] ? follow_page_mask+0x1f40/0x1f40 [ 3494.155312] ? lock_acquire+0x1db/0x570 [ 3494.159291] ? ___might_sleep+0x1e7/0x310 [ 3494.163471] ? lock_release+0xc40/0xc40 [ 3494.167463] ? find_held_lock+0x35/0x120 [ 3494.171533] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3494.175601] populate_vma_page_range+0x2bc/0x3b0 [ 3494.180359] ? memset+0x32/0x40 [ 3494.183640] ? follow_page+0x430/0x430 [ 3494.187542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3494.193077] ? vmacache_update+0x114/0x140 [ 3494.197356] __mm_populate+0x27e/0x4c0 [ 3494.201276] ? populate_vma_page_range+0x3b0/0x3b0 [ 3494.206220] ? down_read_killable+0x150/0x150 [ 3494.210723] ? security_mmap_file+0x1a7/0x1e0 [ 3494.215230] vm_mmap_pgoff+0x277/0x2b0 [ 3494.219156] ? vma_is_stack_for_current+0xd0/0xd0 [ 3494.224017] ? kasan_check_read+0x11/0x20 [ 3494.228173] ? _copy_to_user+0xc9/0x120 [ 3494.232152] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3494.237703] ksys_mmap_pgoff+0x102/0x650 [ 3494.241777] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3494.246616] ? trace_hardirqs_on+0xbd/0x310 [ 3494.250983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3494.256535] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3494.261914] ? trace_hardirqs_off_caller+0x300/0x300 [ 3494.267036] __x64_sys_mmap+0xe9/0x1b0 [ 3494.270938] do_syscall_64+0x1a3/0x800 [ 3494.274829] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3494.279775] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3494.284798] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3494.289656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3494.294855] RIP: 0033:0x457ec9 [ 3494.298065] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3494.316964] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3494.324695] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3494.331986] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 05:27:57 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000], [], [], [0x2]}, 0x45c) 05:27:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:57 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000], [], [], [0x2]}, 0x45c) [ 3494.339265] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3494.346540] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3494.353817] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3494.377108] memory: usage 307200kB, limit 307200kB, failcnt 61263 [ 3494.397045] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3494.472685] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3494.504499] Memory cgroup stats for /syz1: cache:28KB rss:279076KB rss_huge:210944KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:233652KB active_anon:4284KB inactive_file:0KB active_file:0KB unevictable:41356KB [ 3494.574317] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14773,uid=0 [ 3494.596601] Memory cgroup out of memory: Kill process 14773 (syz-executor1) score 1145 or sacrifice child [ 3494.607020] Killed process 14773 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3494.781594] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3494.791895] CPU: 0 PID: 15333 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3494.799106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3494.808482] Call Trace: [ 3494.811069] dump_stack+0x1db/0x2d0 [ 3494.814688] ? dump_stack_print_info.cold+0x20/0x20 [ 3494.819716] dump_header+0x1e6/0x116c [ 3494.823529] ? add_lock_to_list.isra.0+0x450/0x450 [ 3494.828507] ? print_usage_bug+0xd0/0xd0 [ 3494.832566] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3494.837510] ? ___ratelimit+0x37c/0x686 [ 3494.841496] ? mark_held_locks+0xb1/0x100 [ 3494.845655] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3494.850756] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3494.855863] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3494.860443] ? trace_hardirqs_on+0xbd/0x310 [ 3494.864764] ? kasan_check_read+0x11/0x20 [ 3494.868899] ? ___ratelimit+0x37c/0x686 [ 3494.872908] ? trace_hardirqs_off_caller+0x300/0x300 [ 3494.878036] ? do_raw_spin_trylock+0x270/0x270 [ 3494.882627] ? trace_hardirqs_on_caller+0x310/0x310 [ 3494.887654] ? lock_acquire+0x1db/0x570 [ 3494.891635] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3494.896740] ? ___ratelimit+0xac/0x686 [ 3494.900626] ? idr_get_free+0xee0/0xee0 [ 3494.904626] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3494.909232] oom_kill_process.cold+0x10/0x9d4 [ 3494.913719] ? cgroup_procs_next+0x70/0x70 [ 3494.917953] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3494.922454] ? oom_badness+0xa50/0xa50 [ 3494.926343] ? oom_evaluate_task+0x540/0x540 [ 3494.930741] ? mem_cgroup_iter_break+0x30/0x30 [ 3494.935310] ? mutex_trylock+0x2d0/0x2d0 [ 3494.939372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3494.944925] ? rcu_read_unlock_special+0x380/0x380 [ 3494.949846] out_of_memory+0x885/0x1420 [ 3494.953808] ? mem_cgroup_iter+0x508/0xf30 [ 3494.958065] ? oom_killer_disable+0x340/0x340 [ 3494.962585] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3494.967730] ? lock_acquire+0x1db/0x570 [ 3494.971700] mem_cgroup_out_of_memory+0x160/0x210 [ 3494.976542] ? do_raw_spin_unlock+0xa0/0x330 [ 3494.980957] ? memcg_memory_event+0x40/0x40 [ 3494.985275] ? do_raw_spin_trylock+0x270/0x270 [ 3494.989867] ? _raw_spin_unlock+0x2d/0x50 [ 3494.994016] try_charge+0x12a9/0x19b0 [ 3494.997818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3495.003368] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3495.008211] ? rcu_read_unlock_special+0x380/0x380 [ 3495.013133] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3495.017975] ? get_mem_cgroup_from_page+0x190/0x190 [ 3495.023087] ? rcu_read_lock_sched_held+0x110/0x130 [ 3495.028111] mem_cgroup_try_charge+0x43a/0xdb0 [ 3495.032681] ? mem_cgroup_protected+0xa10/0xa10 [ 3495.037358] ? mark_held_locks+0x100/0x100 [ 3495.041605] ? pmd_val+0x85/0x100 [ 3495.045057] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3495.050582] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3495.056110] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3495.061050] __handle_mm_fault+0x2594/0x55a0 [ 3495.065471] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3495.070317] ? check_preemption_disabled+0x48/0x290 [ 3495.075322] ? handle_mm_fault+0x3cc/0xc80 [ 3495.079569] ? lock_downgrade+0x910/0x910 [ 3495.083714] ? kasan_check_read+0x11/0x20 [ 3495.087851] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3495.093121] ? rcu_read_unlock_special+0x380/0x380 [ 3495.098062] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3495.103615] ? check_preemption_disabled+0x48/0x290 [ 3495.108633] handle_mm_fault+0x4ec/0xc80 [ 3495.112685] ? __handle_mm_fault+0x55a0/0x55a0 [ 3495.117283] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3495.122315] __get_user_pages+0x8f7/0x1e10 [ 3495.126570] ? follow_page_mask+0x1f40/0x1f40 [ 3495.131067] ? trace_hardirqs_on+0xbd/0x310 [ 3495.135389] ? lock_acquire+0x1db/0x570 [ 3495.139380] ? ___might_sleep+0x1e7/0x310 [ 3495.143552] ? lock_release+0xc40/0xc40 [ 3495.147526] ? rwsem_wake+0x2fd/0x4a0 [ 3495.151332] populate_vma_page_range+0x2bc/0x3b0 [ 3495.156111] ? memset+0x32/0x40 [ 3495.159396] ? follow_page+0x430/0x430 [ 3495.163293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3495.168827] ? vmacache_update+0x114/0x140 [ 3495.173066] __mm_populate+0x27e/0x4c0 [ 3495.176944] ? populate_vma_page_range+0x3b0/0x3b0 [ 3495.181873] ? down_read_killable+0x150/0x150 [ 3495.186382] ? security_mmap_file+0x1a7/0x1e0 [ 3495.190869] vm_mmap_pgoff+0x277/0x2b0 [ 3495.194748] ? vma_is_stack_for_current+0xd0/0xd0 [ 3495.199601] ? check_preemption_disabled+0x48/0x290 [ 3495.204619] ksys_mmap_pgoff+0x102/0x650 [ 3495.208688] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3495.213447] ? trace_hardirqs_on+0xbd/0x310 [ 3495.217797] ? __do_page_fault+0x3f1/0xd60 [ 3495.222048] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3495.227412] ? trace_hardirqs_off_caller+0x300/0x300 [ 3495.232505] __x64_sys_mmap+0xe9/0x1b0 [ 3495.236387] do_syscall_64+0x1a3/0x800 [ 3495.240279] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3495.245205] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3495.250210] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3495.255049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3495.260230] RIP: 0033:0x457ec9 [ 3495.263432] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3495.282340] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3495.290056] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3495.297318] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3495.304585] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3495.311840] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3495.319104] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3495.328426] memory: usage 307180kB, limit 307200kB, failcnt 61291 [ 3495.334682] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3495.341842] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3495.348077] Memory cgroup stats for /syz1: cache:28KB rss:279072KB rss_huge:210944KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235576KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:39380KB [ 3495.369734] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14807,uid=0 [ 3495.384292] Memory cgroup out of memory: Kill process 14807 (syz-executor1) score 1145 or sacrifice child [ 3495.394107] Killed process 14807 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3495.411261] oom_reaper: reaped process 14807 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:27:58 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x22) 05:27:58 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000}, 0x0) 05:27:58 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x7a00, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:27:58 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], [], [], [0x2]}, 0x45c) 05:27:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:27:58 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd79}, 0x28) [ 3495.540947] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3495.598476] gfs2: fsid=_h: Now mounting FS... 05:27:59 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000], [], [], [0x2]}, 0x45c) [ 3495.628058] attempt to access beyond end of device [ 3495.647479] loop3: rw=4096, want=136, limit=61 [ 3495.652611] gfs2: error 10 reading superblock 05:27:59 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd7a}, 0x28) [ 3495.677410] gfs2: fsid=_h: can't read superblock [ 3495.697469] gfs2: fsid=_h: can't read superblock: -5 05:27:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3495.801544] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3495.832679] CPU: 1 PID: 15353 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3495.839904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3495.849254] Call Trace: [ 3495.851849] dump_stack+0x1db/0x2d0 [ 3495.855482] ? dump_stack_print_info.cold+0x20/0x20 [ 3495.860530] dump_header+0x1e6/0x116c [ 3495.864340] ? add_lock_to_list.isra.0+0x450/0x450 [ 3495.869279] ? print_usage_bug+0xd0/0xd0 [ 3495.873376] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3495.878310] ? ___ratelimit+0x37c/0x686 [ 3495.882324] ? mark_held_locks+0xb1/0x100 [ 3495.886477] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3495.891599] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3495.896713] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3495.901757] ? trace_hardirqs_on+0xbd/0x310 [ 3495.906111] ? kasan_check_read+0x11/0x20 [ 3495.910266] ? ___ratelimit+0x37c/0x686 [ 3495.914244] ? trace_hardirqs_off_caller+0x300/0x300 [ 3495.919351] ? do_raw_spin_trylock+0x270/0x270 [ 3495.923943] ? trace_hardirqs_on_caller+0x310/0x310 [ 3495.928960] ? lock_acquire+0x1db/0x570 [ 3495.932945] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3495.938050] ? ___ratelimit+0xac/0x686 [ 3495.941942] ? idr_get_free+0xee0/0xee0 [ 3495.945920] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3495.950523] oom_kill_process.cold+0x10/0x9d4 [ 3495.955030] ? cgroup_procs_next+0x70/0x70 [ 3495.959274] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3495.963772] ? oom_badness+0xa50/0xa50 [ 3495.967666] ? oom_evaluate_task+0x540/0x540 [ 3495.972077] ? mem_cgroup_iter_break+0x30/0x30 [ 3495.976659] ? mutex_trylock+0x2d0/0x2d0 [ 3495.980723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3495.986278] ? rcu_read_unlock_special+0x380/0x380 [ 3495.991219] out_of_memory+0x885/0x1420 [ 3495.995200] ? mem_cgroup_iter+0x508/0xf30 [ 3495.999457] ? oom_killer_disable+0x340/0x340 [ 3496.003957] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3496.009080] ? lock_acquire+0x1db/0x570 [ 3496.013078] mem_cgroup_out_of_memory+0x160/0x210 [ 3496.017924] ? do_raw_spin_unlock+0xa0/0x330 [ 3496.022335] ? memcg_memory_event+0x40/0x40 [ 3496.026657] ? do_raw_spin_trylock+0x270/0x270 [ 3496.031255] ? _raw_spin_unlock+0x2d/0x50 [ 3496.035406] try_charge+0x12a9/0x19b0 [ 3496.039213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3496.044758] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3496.049608] ? rcu_read_unlock_special+0x380/0x380 [ 3496.054552] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3496.059417] ? get_mem_cgroup_from_page+0x190/0x190 [ 3496.064441] ? rcu_read_lock_sched_held+0x110/0x130 [ 3496.069480] mem_cgroup_try_charge+0x43a/0xdb0 [ 3496.074076] ? mem_cgroup_protected+0xa10/0xa10 [ 3496.078759] ? mark_held_locks+0x100/0x100 [ 3496.083008] ? pmd_val+0x85/0x100 [ 3496.086479] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3496.092027] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3496.097586] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3496.102524] __handle_mm_fault+0x2594/0x55a0 [ 3496.106964] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3496.111819] ? check_preemption_disabled+0x48/0x290 [ 3496.116838] ? handle_mm_fault+0x3cc/0xc80 [ 3496.121092] ? lock_downgrade+0x910/0x910 [ 3496.125242] ? kasan_check_read+0x11/0x20 [ 3496.129422] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3496.134745] ? rcu_read_unlock_special+0x380/0x380 [ 3496.139731] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3496.145287] ? check_preemption_disabled+0x48/0x290 [ 3496.150314] handle_mm_fault+0x4ec/0xc80 [ 3496.154380] ? __handle_mm_fault+0x55a0/0x55a0 [ 3496.158969] ? __get_user_pages+0x1750/0x1e10 [ 3496.163479] __get_user_pages+0x8f7/0x1e10 [ 3496.167734] ? follow_page_mask+0x1f40/0x1f40 [ 3496.172240] ? lock_acquire+0x1db/0x570 [ 3496.176220] ? ___might_sleep+0x1e7/0x310 [ 3496.180372] ? lock_release+0xc40/0xc40 [ 3496.184355] ? find_held_lock+0x35/0x120 [ 3496.188422] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3496.192502] populate_vma_page_range+0x2bc/0x3b0 [ 3496.197262] ? memset+0x32/0x40 [ 3496.200548] ? follow_page+0x430/0x430 [ 3496.204446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3496.209985] ? vmacache_update+0x114/0x140 [ 3496.214239] __mm_populate+0x27e/0x4c0 [ 3496.218135] ? populate_vma_page_range+0x3b0/0x3b0 [ 3496.223065] ? down_read_killable+0x150/0x150 [ 3496.227569] ? security_mmap_file+0x1a7/0x1e0 [ 3496.232078] vm_mmap_pgoff+0x277/0x2b0 [ 3496.235977] ? vma_is_stack_for_current+0xd0/0xd0 [ 3496.240831] ? kasan_check_read+0x11/0x20 [ 3496.244978] ? _copy_to_user+0xc9/0x120 [ 3496.248968] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3496.254540] ksys_mmap_pgoff+0x102/0x650 [ 3496.258656] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3496.263445] ? trace_hardirqs_on+0xbd/0x310 [ 3496.267798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3496.273353] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3496.278753] ? trace_hardirqs_off_caller+0x300/0x300 [ 3496.283860] __x64_sys_mmap+0xe9/0x1b0 [ 3496.287760] do_syscall_64+0x1a3/0x800 [ 3496.291652] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3496.296585] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3496.301625] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3496.306478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3496.311675] RIP: 0033:0x457ec9 [ 3496.314874] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3496.333776] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3496.341517] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 05:27:59 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000], [], [], [0x2]}, 0x45c) [ 3496.348799] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3496.356109] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3496.363374] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3496.370654] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3496.386041] memory: usage 306112kB, limit 307200kB, failcnt 61362 05:27:59 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0) 05:27:59 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd7b}, 0x28) [ 3496.464175] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3496.503686] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3496.537678] net_ratelimit: 20 callbacks suppressed [ 3496.537686] protocol 88fb is buggy, dev hsr_slave_0 [ 3496.547812] protocol 88fb is buggy, dev hsr_slave_1 [ 3496.552931] protocol 88fb is buggy, dev hsr_slave_0 [ 3496.558055] protocol 88fb is buggy, dev hsr_slave_1 [ 3496.559647] Memory cgroup stats for /syz1: cache:28KB rss:279180KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235580KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:39460KB [ 3496.563160] protocol 88fb is buggy, dev hsr_slave_0 [ 3496.589718] protocol 88fb is buggy, dev hsr_slave_1 [ 3496.724862] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14838,uid=0 [ 3496.761235] Memory cgroup out of memory: Kill process 14838 (syz-executor1) score 1145 or sacrifice child [ 3496.780139] Killed process 14838 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3496.899643] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3496.909423] CPU: 0 PID: 15384 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3496.916615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3496.925955] Call Trace: [ 3496.928579] dump_stack+0x1db/0x2d0 [ 3496.932214] ? dump_stack_print_info.cold+0x20/0x20 [ 3496.937251] dump_header+0x1e6/0x116c [ 3496.941054] ? add_lock_to_list.isra.0+0x450/0x450 [ 3496.945995] ? print_usage_bug+0xd0/0xd0 [ 3496.950074] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3496.955015] ? ___ratelimit+0x37c/0x686 [ 3496.958982] ? mark_held_locks+0xb1/0x100 [ 3496.963131] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3496.968232] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3496.973340] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3496.977920] ? trace_hardirqs_on+0xbd/0x310 [ 3496.982229] ? kasan_check_read+0x11/0x20 [ 3496.986375] ? ___ratelimit+0x37c/0x686 [ 3496.990354] ? trace_hardirqs_off_caller+0x300/0x300 [ 3496.995460] ? do_raw_spin_trylock+0x270/0x270 [ 3497.000041] ? trace_hardirqs_on_caller+0x310/0x310 [ 3497.005042] ? lock_acquire+0x1db/0x570 [ 3497.009041] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3497.014144] ? ___ratelimit+0xac/0x686 [ 3497.018068] ? idr_get_free+0xee0/0xee0 [ 3497.022060] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3497.026651] oom_kill_process.cold+0x10/0x9d4 [ 3497.031148] ? cgroup_procs_next+0x70/0x70 [ 3497.035383] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3497.039868] ? oom_badness+0xa50/0xa50 [ 3497.043826] ? oom_evaluate_task+0x540/0x540 [ 3497.048262] ? mem_cgroup_iter_break+0x30/0x30 [ 3497.052893] ? mutex_trylock+0x2d0/0x2d0 [ 3497.056951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3497.062484] ? rcu_read_unlock_special+0x380/0x380 [ 3497.067421] out_of_memory+0x885/0x1420 [ 3497.071406] ? mem_cgroup_iter+0x508/0xf30 [ 3497.075642] ? oom_killer_disable+0x340/0x340 [ 3497.080129] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3497.085222] ? lock_acquire+0x1db/0x570 [ 3497.089205] mem_cgroup_out_of_memory+0x160/0x210 [ 3497.094071] ? do_raw_spin_unlock+0xa0/0x330 [ 3497.098467] ? memcg_memory_event+0x40/0x40 [ 3497.102774] ? do_raw_spin_trylock+0x270/0x270 [ 3497.107363] ? _raw_spin_unlock+0x2d/0x50 [ 3497.111524] try_charge+0x12a9/0x19b0 [ 3497.115327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3497.120856] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3497.125689] ? rcu_read_unlock_special+0x380/0x380 [ 3497.130626] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3497.135468] ? get_mem_cgroup_from_page+0x190/0x190 [ 3497.140474] ? rcu_read_lock_sched_held+0x110/0x130 [ 3497.145493] mem_cgroup_try_charge+0x43a/0xdb0 [ 3497.150083] ? mem_cgroup_protected+0xa10/0xa10 [ 3497.154788] ? mark_held_locks+0x100/0x100 [ 3497.159082] ? pmd_val+0x85/0x100 [ 3497.162533] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3497.168063] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3497.173617] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3497.178547] __handle_mm_fault+0x2594/0x55a0 [ 3497.182951] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3497.187789] ? check_preemption_disabled+0x48/0x290 [ 3497.192813] ? handle_mm_fault+0x3cc/0xc80 [ 3497.197072] ? lock_downgrade+0x910/0x910 [ 3497.201209] ? kasan_check_read+0x11/0x20 [ 3497.205345] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3497.210625] ? rcu_read_unlock_special+0x380/0x380 [ 3497.215615] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3497.221138] ? check_preemption_disabled+0x48/0x290 [ 3497.226174] handle_mm_fault+0x4ec/0xc80 [ 3497.230241] ? __handle_mm_fault+0x55a0/0x55a0 [ 3497.234822] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3497.239830] __get_user_pages+0x8f7/0x1e10 [ 3497.244076] ? follow_page_mask+0x1f40/0x1f40 [ 3497.248599] ? lock_acquire+0x1db/0x570 [ 3497.252596] ? ___might_sleep+0x1e7/0x310 [ 3497.256741] ? lock_release+0xc40/0xc40 [ 3497.260700] ? find_held_lock+0x35/0x120 [ 3497.264754] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3497.268834] populate_vma_page_range+0x2bc/0x3b0 [ 3497.273597] ? memset+0x32/0x40 [ 3497.276872] ? follow_page+0x430/0x430 [ 3497.280764] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3497.286313] ? vmacache_update+0x114/0x140 [ 3497.290557] __mm_populate+0x27e/0x4c0 [ 3497.294442] ? populate_vma_page_range+0x3b0/0x3b0 [ 3497.299358] ? down_read_killable+0x150/0x150 [ 3497.303845] ? security_mmap_file+0x1a7/0x1e0 [ 3497.308360] vm_mmap_pgoff+0x277/0x2b0 [ 3497.312264] ? vma_is_stack_for_current+0xd0/0xd0 [ 3497.317110] ? check_preemption_disabled+0x48/0x290 [ 3497.322159] ksys_mmap_pgoff+0x102/0x650 [ 3497.326214] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3497.330968] ? trace_hardirqs_on+0xbd/0x310 [ 3497.335326] ? __do_page_fault+0x3f1/0xd60 [ 3497.339549] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3497.344902] ? trace_hardirqs_off_caller+0x300/0x300 [ 3497.350032] __x64_sys_mmap+0xe9/0x1b0 [ 3497.353920] do_syscall_64+0x1a3/0x800 [ 3497.357798] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3497.362714] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3497.367750] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3497.372605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3497.377801] RIP: 0033:0x457ec9 [ 3497.380987] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3497.399898] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3497.407597] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3497.414861] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3497.422126] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3497.429415] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3497.436728] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3497.444951] protocol 88fb is buggy, dev hsr_slave_0 [ 3497.450124] protocol 88fb is buggy, dev hsr_slave_1 [ 3497.456115] memory: usage 307200kB, limit 307200kB, failcnt 61417 [ 3497.462425] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3497.469378] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3497.475534] Memory cgroup stats for /syz1: cache:28KB rss:281964KB rss_huge:210944KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237500KB active_anon:4200KB inactive_file:0KB active_file:0KB unevictable:40312KB [ 3497.497074] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14915,uid=0 [ 3497.511802] Memory cgroup out of memory: Kill process 14915 (syz-executor1) score 1145 or sacrifice child [ 3497.521688] Killed process 14915 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3497.542034] oom_reaper: reaped process 14915 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3497.550286] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3497.573632] CPU: 1 PID: 15353 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3497.580842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3497.590196] Call Trace: [ 3497.592779] dump_stack+0x1db/0x2d0 [ 3497.596399] ? dump_stack_print_info.cold+0x20/0x20 [ 3497.601412] dump_header+0x1e6/0x116c [ 3497.605204] ? add_lock_to_list.isra.0+0x450/0x450 [ 3497.610122] ? print_usage_bug+0xd0/0xd0 [ 3497.614188] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3497.619109] ? ___ratelimit+0x37c/0x686 [ 3497.623074] ? mark_held_locks+0xb1/0x100 [ 3497.627226] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3497.632325] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3497.637414] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3497.641984] ? trace_hardirqs_on+0xbd/0x310 [ 3497.646304] ? kasan_check_read+0x11/0x20 [ 3497.650441] ? ___ratelimit+0x37c/0x686 [ 3497.654437] ? trace_hardirqs_off_caller+0x300/0x300 [ 3497.659542] ? do_raw_spin_trylock+0x270/0x270 [ 3497.664129] ? trace_hardirqs_on_caller+0x310/0x310 [ 3497.669138] ? lock_acquire+0x1db/0x570 [ 3497.673111] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3497.678204] ? ___ratelimit+0xac/0x686 [ 3497.682082] ? idr_get_free+0xee0/0xee0 [ 3497.686045] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3497.690621] oom_kill_process.cold+0x10/0x9d4 [ 3497.695110] ? cgroup_procs_next+0x70/0x70 [ 3497.699337] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3497.703819] ? oom_badness+0xa50/0xa50 [ 3497.707698] ? oom_evaluate_task+0x540/0x540 [ 3497.712096] ? mem_cgroup_iter_break+0x30/0x30 [ 3497.716664] ? mutex_trylock+0x2d0/0x2d0 [ 3497.720711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3497.726250] ? rcu_read_unlock_special+0x380/0x380 [ 3497.731170] out_of_memory+0x885/0x1420 [ 3497.735134] ? mem_cgroup_iter+0x508/0xf30 [ 3497.739359] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3497.744463] ? oom_killer_disable+0x340/0x340 [ 3497.748961] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3497.754056] ? lock_acquire+0x1db/0x570 [ 3497.758036] mem_cgroup_out_of_memory+0x160/0x210 [ 3497.762885] ? do_raw_spin_unlock+0xa0/0x330 [ 3497.767299] ? memcg_memory_event+0x40/0x40 [ 3497.771607] ? do_raw_spin_trylock+0x270/0x270 [ 3497.776182] ? _raw_spin_unlock+0x2d/0x50 [ 3497.780336] try_charge+0xd44/0x19b0 [ 3497.784038] ? lock_downgrade+0x910/0x910 [ 3497.788172] ? kasan_check_read+0x11/0x20 [ 3497.792314] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3497.797144] ? get_mem_cgroup_from_mm+0x1cd/0x420 [ 3497.801981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3497.807528] ? lock_downgrade+0x910/0x910 [ 3497.811664] ? kasan_check_read+0x11/0x20 [ 3497.815816] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3497.821092] ? rcu_read_unlock_special+0x380/0x380 [ 3497.826022] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3497.830856] memcg_kmem_charge_memcg+0x7c/0x130 [ 3497.835529] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3497.841544] ? lock_release+0xc40/0xc40 [ 3497.845544] memcg_kmem_charge+0x13b/0x340 [ 3497.849774] __alloc_pages_nodemask+0x7b8/0xdc0 [ 3497.854441] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3497.859445] ? rcu_pm_notify+0xd0/0xd0 [ 3497.863326] ? rcu_read_lock_sched_held+0x110/0x130 [ 3497.868333] ? kmem_cache_alloc_node+0x347/0x710 [ 3497.873108] ? pci_mmcfg_check_reserved+0x170/0x170 [ 3497.878164] copy_process+0x847/0x8710 [ 3497.882062] ? ___might_sleep+0x1e7/0x310 [ 3497.886210] ? arch_local_save_flags+0x50/0x50 [ 3497.890805] ? __schedule+0x1e60/0x1e60 [ 3497.894796] ? do_raw_spin_trylock+0x270/0x270 [ 3497.899372] ? __cleanup_sighand+0x70/0x70 [ 3497.903594] ? futex_wait_queue_me+0x539/0x810 [ 3497.908168] ? refill_pi_state_cache.part.0+0x310/0x310 [ 3497.913540] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3497.918577] ? handle_futex_death+0x230/0x230 [ 3497.923060] ? fixup_owner+0x250/0x250 [ 3497.926934] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3497.932114] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3497.937120] ? futex_wait+0x6e6/0xa40 [ 3497.940913] ? print_usage_bug+0xd0/0xd0 [ 3497.944968] ? futex_wait_setup+0x430/0x430 [ 3497.949282] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3497.954288] ? __lock_acquire+0x572/0x4a30 [ 3497.958549] ? mark_held_locks+0x100/0x100 [ 3497.962778] ? do_futex+0x1b0/0x2910 [ 3497.966483] ? save_stack+0xa9/0xd0 [ 3497.970097] ? save_stack+0x45/0xd0 [ 3497.973733] ? add_lock_to_list.isra.0+0x450/0x450 [ 3497.978659] ? add_lock_to_list.isra.0+0x450/0x450 [ 3497.983580] ? exit_robust_list+0x290/0x290 [ 3497.987907] ? add_lock_to_list.isra.0+0x450/0x450 [ 3497.992826] ? __might_fault+0x12b/0x1e0 [ 3497.996876] ? find_held_lock+0x35/0x120 [ 3498.000925] ? __might_fault+0x12b/0x1e0 [ 3498.004973] ? lock_acquire+0x1db/0x570 [ 3498.008964] ? lock_downgrade+0x910/0x910 [ 3498.013125] ? lock_release+0xc40/0xc40 [ 3498.017088] ? trace_hardirqs_off_caller+0x300/0x300 [ 3498.022186] _do_fork+0x1a9/0x1170 [ 3498.025718] ? fork_idle+0x1d0/0x1d0 [ 3498.029420] ? kasan_check_read+0x11/0x20 [ 3498.033556] ? _copy_to_user+0xc9/0x120 [ 3498.037526] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3498.043063] ? put_timespec64+0x115/0x1b0 [ 3498.047213] ? nsecs_to_jiffies+0x30/0x30 [ 3498.051362] ? do_syscall_64+0x8c/0x800 [ 3498.055326] ? do_syscall_64+0x8c/0x800 [ 3498.059288] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3498.063860] ? trace_hardirqs_on+0xbd/0x310 [ 3498.068171] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3498.073699] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3498.079074] ? trace_hardirqs_off_caller+0x300/0x300 [ 3498.084172] __x64_sys_clone+0xbf/0x150 [ 3498.088138] do_syscall_64+0x1a3/0x800 [ 3498.092040] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3498.096976] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3498.101992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3498.106845] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3498.112049] RIP: 0033:0x457ec9 [ 3498.115228] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3498.134116] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3498.141812] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9 [ 3498.149090] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3498.156368] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3498.163631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3498.170915] R13: 00000000004be2a0 R14: 00000000004ce760 R15: 00000000ffffffff [ 3498.180711] memory: usage 299764kB, limit 307200kB, failcnt 61438 [ 3498.186978] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3498.188066] protocol 88fb is buggy, dev hsr_slave_0 [ 3498.194284] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3498.199326] protocol 88fb is buggy, dev hsr_slave_1 [ 3498.205421] Memory cgroup stats for /syz1: cache:28KB rss:274448KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:224704KB active_anon:4144KB inactive_file:0KB active_file:0KB unevictable:45824KB [ 3498.232535] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15351,uid=0 05:28:01 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x23) 05:28:01 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x8003, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:28:01 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000], [], [], [0x2]}, 0x45c) 05:28:01 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0) 05:28:01 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd7c}, 0x28) 05:28:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3498.247116] Memory cgroup out of memory: Kill process 15351 (syz-executor1) score 1148 or sacrifice child [ 3498.256975] Killed process 15385 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3498.277757] oom_reaper: reaped process 15385 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:28:01 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000], [], [], [0x2]}, 0x45c) 05:28:01 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd7d}, 0x28) [ 3498.449184] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3498.507041] gfs2: fsid=_h: Now mounting FS... 05:28:01 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}, 0x0) [ 3498.536569] attempt to access beyond end of device [ 3498.576969] loop3: rw=4096, want=136, limit=64 [ 3498.598587] gfs2: error 10 reading superblock 05:28:02 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd7e}, 0x28) 05:28:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3498.627910] gfs2: fsid=_h: can't read superblock [ 3498.633134] gfs2: fsid=_h: can't read superblock: -5 05:28:02 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000], [], [], [0x2]}, 0x45c) [ 3498.885780] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3498.897529] gfs2: fsid=_h: Now mounting FS... [ 3498.904537] attempt to access beyond end of device [ 3498.930420] loop3: rw=4096, want=136, limit=64 [ 3498.945654] gfs2: error 10 reading superblock [ 3498.967154] gfs2: fsid=_h: can't read superblock [ 3498.993846] gfs2: fsid=_h: can't read superblock: -5 05:28:02 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x24) 05:28:02 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x8d02, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:28:02 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000], [], [], [0x2]}, 0x45c) 05:28:02 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd7f}, 0x28) 05:28:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:02 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000], [], [], [0x2]}, 0x45c) 05:28:02 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd80}, 0x28) 05:28:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x0, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3499.384721] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3499.454683] gfs2: fsid=_h: Now mounting FS... [ 3499.478187] attempt to access beyond end of device [ 3499.505166] loop3: rw=4096, want=136, limit=70 05:28:02 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6040000}, 0x0) 05:28:02 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000], [], [], [0x2]}, 0x45c) 05:28:02 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x25) [ 3499.540451] gfs2: error 10 reading superblock [ 3499.557342] gfs2: fsid=_h: can't read superblock [ 3499.577380] gfs2: fsid=_h: can't read superblock: -5 05:28:03 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd81}, 0x28) 05:28:03 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], [], [], [0x2]}, 0x45c) [ 3499.804324] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3499.847847] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3499.857610] CPU: 1 PID: 15474 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3499.864810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3499.874164] Call Trace: [ 3499.876763] dump_stack+0x1db/0x2d0 [ 3499.880410] ? dump_stack_print_info.cold+0x20/0x20 [ 3499.885449] dump_header+0x1e6/0x116c [ 3499.889291] ? add_lock_to_list.isra.0+0x450/0x450 [ 3499.894249] ? print_usage_bug+0xd0/0xd0 [ 3499.898318] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3499.898336] ? ___ratelimit+0x37c/0x686 [ 3499.898357] ? mark_held_locks+0xb1/0x100 [ 3499.898375] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3499.916525] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3499.921640] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3499.926239] ? trace_hardirqs_on+0xbd/0x310 [ 3499.930593] ? kasan_check_read+0x11/0x20 [ 3499.934753] ? ___ratelimit+0x37c/0x686 [ 3499.938737] ? trace_hardirqs_off_caller+0x300/0x300 [ 3499.943855] ? do_raw_spin_trylock+0x270/0x270 [ 3499.948453] ? trace_hardirqs_on_caller+0x310/0x310 [ 3499.953476] ? lock_acquire+0x1db/0x570 [ 3499.957479] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3499.962607] ? ___ratelimit+0xac/0x686 [ 3499.966523] ? idr_get_free+0xee0/0xee0 [ 3499.970556] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3499.975164] oom_kill_process.cold+0x10/0x9d4 [ 3499.979675] ? cgroup_procs_next+0x70/0x70 [ 3499.983969] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3499.988500] ? oom_badness+0xa50/0xa50 [ 3499.992433] ? oom_evaluate_task+0x540/0x540 [ 3499.996847] ? mem_cgroup_iter_break+0x30/0x30 [ 3500.001349] gfs2: fsid=_h: Now mounting FS... [ 3500.001434] ? mutex_trylock+0x2d0/0x2d0 [ 3500.009989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3500.011844] attempt to access beyond end of device [ 3500.015565] ? rcu_read_unlock_special+0x380/0x380 [ 3500.015591] out_of_memory+0x885/0x1420 [ 3500.015607] ? mem_cgroup_iter+0x508/0xf30 [ 3500.022687] loop3: rw=4096, want=136, limit=70 [ 3500.025472] ? oom_killer_disable+0x340/0x340 [ 3500.025491] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3500.025511] ? lock_acquire+0x1db/0x570 [ 3500.029875] gfs2: error 10 reading superblock [ 3500.033732] mem_cgroup_out_of_memory+0x160/0x210 [ 3500.033747] ? do_raw_spin_unlock+0xa0/0x330 [ 3500.033764] ? memcg_memory_event+0x40/0x40 [ 3500.038750] gfs2: fsid=_h: can't read superblock [ 3500.042820] ? do_raw_spin_trylock+0x270/0x270 [ 3500.042847] ? _raw_spin_unlock+0x2d/0x50 [ 3500.042865] try_charge+0x12a9/0x19b0 [ 3500.048445] gfs2: fsid=_h: can't read superblock: -5 [ 3500.051977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3500.052009] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3500.052029] ? rcu_read_unlock_special+0x380/0x380 [ 3500.052053] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3500.097964] ? get_mem_cgroup_from_page+0x190/0x190 [ 3500.097988] ? rcu_read_lock_sched_held+0x110/0x130 [ 3500.098017] mem_cgroup_try_charge+0x43a/0xdb0 [ 3500.098037] ? mem_cgroup_protected+0xa10/0xa10 [ 3500.107798] ? mark_held_locks+0x100/0x100 [ 3500.107815] ? pmd_val+0x85/0x100 [ 3500.107832] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3500.107845] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3500.107866] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3500.117718] __handle_mm_fault+0x2594/0x55a0 [ 3500.117758] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3500.117790] ? check_preemption_disabled+0x48/0x290 [ 3500.117807] ? handle_mm_fault+0x3cc/0xc80 [ 3500.117850] ? lock_downgrade+0x910/0x910 [ 3500.127420] ? kasan_check_read+0x11/0x20 [ 3500.127439] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3500.127456] ? rcu_read_unlock_special+0x380/0x380 [ 3500.127487] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3500.127503] ? check_preemption_disabled+0x48/0x290 [ 3500.127531] handle_mm_fault+0x4ec/0xc80 [ 3500.136467] ? __handle_mm_fault+0x55a0/0x55a0 [ 3500.136487] ? ___might_sleep+0x150/0x310 [ 3500.136505] __get_user_pages+0x8f7/0x1e10 [ 3500.145511] ? follow_page_mask+0x1f40/0x1f40 [ 3500.145540] ? lock_acquire+0x1db/0x570 [ 3500.155998] ? ___might_sleep+0x1e7/0x310 [ 3500.156027] ? lock_release+0xc40/0xc40 [ 3500.156039] ? find_held_lock+0x35/0x120 [ 3500.156056] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3500.245014] populate_vma_page_range+0x2bc/0x3b0 [ 3500.249757] ? memset+0x32/0x40 [ 3500.253036] ? follow_page+0x430/0x430 [ 3500.256911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3500.262454] ? vmacache_update+0x114/0x140 [ 3500.266725] __mm_populate+0x27e/0x4c0 [ 3500.270633] ? populate_vma_page_range+0x3b0/0x3b0 [ 3500.275546] ? down_read_killable+0x150/0x150 [ 3500.280041] ? security_mmap_file+0x1a7/0x1e0 [ 3500.284549] vm_mmap_pgoff+0x277/0x2b0 [ 3500.288428] ? vma_is_stack_for_current+0xd0/0xd0 [ 3500.293279] ? kasan_check_read+0x11/0x20 [ 3500.297429] ? _copy_to_user+0xc9/0x120 [ 3500.301388] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3500.306934] ksys_mmap_pgoff+0x102/0x650 [ 3500.311026] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3500.315777] ? trace_hardirqs_on+0xbd/0x310 [ 3500.320095] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3500.325640] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3500.330990] ? trace_hardirqs_off_caller+0x300/0x300 [ 3500.336120] __x64_sys_mmap+0xe9/0x1b0 [ 3500.339998] do_syscall_64+0x1a3/0x800 [ 3500.343906] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3500.348834] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3500.353868] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3500.358724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3500.363917] RIP: 0033:0x457ec9 [ 3500.367107] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3500.386018] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3500.393744] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3500.401019] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3500.408295] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3500.415546] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3500.422799] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3500.431744] memory: usage 307200kB, limit 307200kB, failcnt 61451 [ 3500.438306] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3500.445089] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3500.451337] Memory cgroup stats for /syz1: cache:28KB rss:281920KB rss_huge:210944KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235704KB active_anon:4272KB inactive_file:0KB active_file:0KB unevictable:41988KB [ 3500.473856] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=14924,uid=0 [ 3500.488568] Memory cgroup out of memory: Kill process 14924 (syz-executor1) score 1145 or sacrifice child 05:28:03 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x9001, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:28:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3500.498813] Killed process 14924 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:28:03 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd82}, 0x28) 05:28:03 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000], [], [], [0x2]}, 0x45c) 05:28:03 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000}, 0x0) 05:28:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd83}, 0x28) 05:28:04 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000], [], [], [0x2]}, 0x45c) [ 3500.722256] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3500.783716] gfs2: fsid=_h: Now mounting FS... [ 3500.800619] attempt to access beyond end of device [ 3500.815068] loop3: rw=4096, want=136, limit=72 [ 3500.828236] gfs2: error 10 reading superblock [ 3500.867820] gfs2: fsid=_h: can't read superblock [ 3500.890256] gfs2: fsid=_h: can't read superblock: -5 05:28:04 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd84}, 0x28) 05:28:04 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000], [], [], [0x2]}, 0x45c) [ 3501.090296] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3501.119380] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3501.125975] gfs2: fsid=_h: Now mounting FS... [ 3501.145436] CPU: 0 PID: 15491 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3501.152633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3501.161985] Call Trace: [ 3501.162020] dump_stack+0x1db/0x2d0 [ 3501.162038] ? dump_stack_print_info.cold+0x20/0x20 [ 3501.162064] dump_header+0x1e6/0x116c [ 3501.162095] ? add_lock_to_list.isra.0+0x450/0x450 [ 3501.162110] ? print_usage_bug+0xd0/0xd0 [ 3501.162127] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3501.162143] ? ___ratelimit+0x37c/0x686 [ 3501.162160] ? mark_held_locks+0xb1/0x100 [ 3501.165302] attempt to access beyond end of device [ 3501.168377] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3501.168393] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3501.168407] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3501.168423] ? trace_hardirqs_on+0xbd/0x310 [ 3501.168437] ? kasan_check_read+0x11/0x20 [ 3501.168452] ? ___ratelimit+0x37c/0x686 [ 3501.168470] ? trace_hardirqs_off_caller+0x300/0x300 [ 3501.173807] loop3: rw=4096, want=136, limit=72 [ 3501.177263] ? do_raw_spin_trylock+0x270/0x270 [ 3501.177278] ? trace_hardirqs_on_caller+0x310/0x310 [ 3501.177290] ? lock_acquire+0x1db/0x570 [ 3501.177310] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3501.177325] ? ___ratelimit+0xac/0x686 [ 3501.177342] ? idr_get_free+0xee0/0xee0 [ 3501.177355] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3501.191310] oom_kill_process.cold+0x10/0x9d4 [ 3501.191329] ? cgroup_procs_next+0x70/0x70 [ 3501.191353] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3501.201872] gfs2: error 10 reading superblock [ 3501.204376] ? oom_badness+0xa50/0xa50 [ 3501.204443] ? oom_evaluate_task+0x540/0x540 [ 3501.204459] ? mem_cgroup_iter_break+0x30/0x30 [ 3501.210076] gfs2: fsid=_h: can't read superblock [ 3501.214643] ? mutex_trylock+0x2d0/0x2d0 [ 3501.214659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3501.214686] ? rcu_read_unlock_special+0x380/0x380 [ 3501.214708] out_of_memory+0x885/0x1420 [ 3501.219944] gfs2: fsid=_h: can't read superblock: -5 [ 3501.223619] ? mem_cgroup_iter+0x508/0xf30 [ 3501.223642] ? oom_killer_disable+0x340/0x340 [ 3501.223661] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3501.223692] ? lock_acquire+0x1db/0x570 [ 3501.303122] mem_cgroup_out_of_memory+0x160/0x210 [ 3501.303138] ? do_raw_spin_unlock+0xa0/0x330 [ 3501.303157] ? memcg_memory_event+0x40/0x40 [ 3501.322412] ? do_raw_spin_trylock+0x270/0x270 [ 3501.322438] ? _raw_spin_unlock+0x2d/0x50 [ 3501.322457] try_charge+0x12a9/0x19b0 [ 3501.335737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3501.335777] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3501.335795] ? rcu_read_unlock_special+0x380/0x380 [ 3501.335818] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3501.345448] ? get_mem_cgroup_from_page+0x190/0x190 [ 3501.345470] ? rcu_read_lock_sched_held+0x110/0x130 [ 3501.345504] mem_cgroup_try_charge+0x43a/0xdb0 [ 3501.354359] ? mem_cgroup_protected+0xa10/0xa10 [ 3501.354384] ? mark_held_locks+0x100/0x100 [ 3501.354399] ? pmd_val+0x85/0x100 [ 3501.363117] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3501.363133] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3501.363155] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3501.363175] __handle_mm_fault+0x2594/0x55a0 [ 3501.371899] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3501.371916] ? check_preemption_disabled+0x48/0x290 [ 3501.371934] ? handle_mm_fault+0x3cc/0xc80 [ 3501.457101] ? lock_downgrade+0x910/0x910 [ 3501.461265] ? kasan_check_read+0x11/0x20 [ 3501.465413] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3501.470678] ? rcu_read_unlock_special+0x380/0x380 [ 3501.475593] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3501.481120] ? check_preemption_disabled+0x48/0x290 [ 3501.486125] handle_mm_fault+0x4ec/0xc80 [ 3501.490175] ? __handle_mm_fault+0x55a0/0x55a0 [ 3501.494746] __get_user_pages+0x8f7/0x1e10 [ 3501.498972] ? follow_page_mask+0x1f40/0x1f40 [ 3501.503481] ? trace_hardirqs_on+0xbd/0x310 [ 3501.507797] ? lock_acquire+0x1db/0x570 [ 3501.511768] ? ___might_sleep+0x1e7/0x310 [ 3501.515899] ? lock_release+0xc40/0xc40 [ 3501.519857] ? rwsem_wake+0x2fd/0x4a0 [ 3501.523675] populate_vma_page_range+0x2bc/0x3b0 [ 3501.528413] ? memset+0x32/0x40 [ 3501.531676] ? follow_page+0x430/0x430 [ 3501.535562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3501.541101] ? vmacache_update+0x114/0x140 [ 3501.545327] __mm_populate+0x27e/0x4c0 [ 3501.549222] ? populate_vma_page_range+0x3b0/0x3b0 [ 3501.554147] ? down_read_killable+0x150/0x150 [ 3501.558634] ? security_mmap_file+0x1a7/0x1e0 [ 3501.563121] vm_mmap_pgoff+0x277/0x2b0 [ 3501.567027] ? vma_is_stack_for_current+0xd0/0xd0 [ 3501.571864] ? check_preemption_disabled+0x48/0x290 [ 3501.576890] ksys_mmap_pgoff+0x102/0x650 [ 3501.580960] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3501.585723] ? trace_hardirqs_on+0xbd/0x310 [ 3501.590038] ? __do_page_fault+0x3f1/0xd60 [ 3501.594272] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3501.599634] ? trace_hardirqs_off_caller+0x300/0x300 [ 3501.604724] __x64_sys_mmap+0xe9/0x1b0 [ 3501.608617] do_syscall_64+0x1a3/0x800 [ 3501.612508] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3501.617427] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3501.622432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3501.627331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3501.632515] RIP: 0033:0x457ec9 [ 3501.635710] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3501.654593] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3501.662311] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3501.669582] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3501.676834] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3501.684085] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3501.691347] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3501.703707] net_ratelimit: 20 callbacks suppressed [ 3501.703715] protocol 88fb is buggy, dev hsr_slave_0 [ 3501.713769] protocol 88fb is buggy, dev hsr_slave_1 [ 3501.721097] memory: usage 304472kB, limit 307200kB, failcnt 61477 [ 3501.727842] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3501.734689] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3501.743664] Memory cgroup stats for /syz1: cache:28KB rss:281832KB rss_huge:204800KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237628KB active_anon:4252KB inactive_file:0KB active_file:0KB unevictable:40088KB [ 3501.765362] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15054,uid=0 [ 3501.780066] Memory cgroup out of memory: Kill process 15054 (syz-executor1) score 1145 or sacrifice child [ 3501.780149] Killed process 15054 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3501.823547] oom_reaper: reaped process 15054 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:28:05 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x26) 05:28:05 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:05 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd85}, 0x28) 05:28:05 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000], [], [], [0x2]}, 0x45c) 05:28:05 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ac50000}, 0x0) 05:28:05 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x9003, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:28:05 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd86}, 0x28) 05:28:05 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000], [], [], [0x2]}, 0x45c) [ 3502.051095] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3502.107747] gfs2: fsid=_h: Now mounting FS... [ 3502.118424] attempt to access beyond end of device [ 3502.142594] loop3: rw=4096, want=136, limit=72 [ 3502.164044] gfs2: error 10 reading superblock [ 3502.181574] gfs2: fsid=_h: can't read superblock [ 3502.193446] gfs2: fsid=_h: can't read superblock: -5 05:28:05 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd87}, 0x28) 05:28:05 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000], [], [], [0x2]}, 0x45c) 05:28:05 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:05 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [], [0x2]}, 0x45c) [ 3502.448703] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3502.457335] protocol 88fb is buggy, dev hsr_slave_0 [ 3502.462471] protocol 88fb is buggy, dev hsr_slave_1 [ 3502.467667] protocol 88fb is buggy, dev hsr_slave_0 [ 3502.472746] protocol 88fb is buggy, dev hsr_slave_1 [ 3502.495031] gfs2: fsid=_h: Now mounting FS... [ 3502.513962] attempt to access beyond end of device [ 3502.547580] loop3: rw=4096, want=136, limit=72 [ 3502.556905] gfs2: error 10 reading superblock [ 3502.581298] gfs2: fsid=_h: can't read superblock [ 3502.615363] gfs2: fsid=_h: can't read superblock: -5 05:28:06 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x27) 05:28:06 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd88}, 0x28) 05:28:06 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [], [0x2]}, 0x45c) [ 3502.777395] protocol 88fb is buggy, dev hsr_slave_0 [ 3502.782563] protocol 88fb is buggy, dev hsr_slave_1 [ 3502.787791] protocol 88fb is buggy, dev hsr_slave_0 [ 3502.792864] protocol 88fb is buggy, dev hsr_slave_1 05:28:06 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}, 0x0) 05:28:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, 0x0, 0x0) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:06 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0x9401, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:28:06 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd89}, 0x28) 05:28:06 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x2]}, 0x45c) [ 3502.995967] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3503.028901] CPU: 1 PID: 15586 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3503.036101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3503.045471] Call Trace: [ 3503.048079] dump_stack+0x1db/0x2d0 [ 3503.051733] ? dump_stack_print_info.cold+0x20/0x20 [ 3503.056804] dump_header+0x1e6/0x116c [ 3503.060618] ? add_lock_to_list.isra.0+0x450/0x450 [ 3503.065574] ? print_usage_bug+0xd0/0xd0 [ 3503.069654] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3503.074595] ? ___ratelimit+0x37c/0x686 [ 3503.078581] ? mark_held_locks+0xb1/0x100 [ 3503.082747] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3503.087861] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3503.092987] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3503.097588] ? trace_hardirqs_on+0xbd/0x310 [ 3503.101933] ? kasan_check_read+0x11/0x20 [ 3503.106107] ? ___ratelimit+0x37c/0x686 [ 3503.110089] ? trace_hardirqs_off_caller+0x300/0x300 [ 3503.115203] ? do_raw_spin_trylock+0x270/0x270 [ 3503.119812] ? trace_hardirqs_on_caller+0x310/0x310 [ 3503.124834] ? lock_acquire+0x1db/0x570 [ 3503.128822] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3503.133934] ? ___ratelimit+0xac/0x686 [ 3503.137846] ? idr_get_free+0xee0/0xee0 [ 3503.141840] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3503.146438] oom_kill_process.cold+0x10/0x9d4 [ 3503.150956] ? cgroup_procs_next+0x70/0x70 [ 3503.155242] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3503.159744] ? oom_badness+0xa50/0xa50 [ 3503.163642] ? oom_evaluate_task+0x540/0x540 [ 3503.168064] ? mem_cgroup_iter_break+0x30/0x30 [ 3503.172652] ? mutex_trylock+0x2d0/0x2d0 [ 3503.176717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3503.182266] ? rcu_read_unlock_special+0x380/0x380 [ 3503.182289] out_of_memory+0x885/0x1420 [ 3503.182322] ? mem_cgroup_iter+0x508/0xf30 [ 3503.195463] ? oom_killer_disable+0x340/0x340 [ 3503.199972] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3503.205114] ? lock_acquire+0x1db/0x570 [ 3503.209147] mem_cgroup_out_of_memory+0x160/0x210 [ 3503.214036] ? do_raw_spin_unlock+0xa0/0x330 [ 3503.218462] ? memcg_memory_event+0x40/0x40 [ 3503.222809] ? do_raw_spin_trylock+0x270/0x270 [ 3503.227428] ? _raw_spin_unlock+0x2d/0x50 [ 3503.231597] try_charge+0x12a9/0x19b0 [ 3503.235415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3503.240970] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3503.245829] ? rcu_read_unlock_special+0x380/0x380 [ 3503.250767] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3503.255614] ? get_mem_cgroup_from_page+0x190/0x190 [ 3503.260648] ? rcu_read_lock_sched_held+0x110/0x130 [ 3503.265669] mem_cgroup_try_charge+0x43a/0xdb0 [ 3503.270255] ? mem_cgroup_protected+0xa10/0xa10 [ 3503.274931] ? mark_held_locks+0x100/0x100 [ 3503.279183] ? pmd_val+0x85/0x100 [ 3503.282649] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3503.288186] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3503.293728] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3503.298662] __handle_mm_fault+0x2594/0x55a0 [ 3503.303080] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3503.307926] ? check_preemption_disabled+0x48/0x290 [ 3503.312944] ? handle_mm_fault+0x3cc/0xc80 [ 3503.317195] ? lock_downgrade+0x910/0x910 [ 3503.321350] ? kasan_check_read+0x11/0x20 [ 3503.325506] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3503.330786] ? rcu_read_unlock_special+0x380/0x380 [ 3503.335714] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3503.341251] ? check_preemption_disabled+0x48/0x290 [ 3503.346268] handle_mm_fault+0x4ec/0xc80 [ 3503.350363] ? __handle_mm_fault+0x55a0/0x55a0 [ 3503.354963] ? __get_user_pages+0x295/0x1e10 [ 3503.359374] __get_user_pages+0x8f7/0x1e10 [ 3503.363619] ? follow_page_mask+0x1f40/0x1f40 [ 3503.368138] ? lock_acquire+0x1db/0x570 [ 3503.372147] ? ___might_sleep+0x1e7/0x310 [ 3503.376324] ? lock_release+0xc40/0xc40 [ 3503.380302] ? find_held_lock+0x35/0x120 [ 3503.384370] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3503.388438] populate_vma_page_range+0x2bc/0x3b0 [ 3503.393202] ? memset+0x32/0x40 [ 3503.396486] ? follow_page+0x430/0x430 [ 3503.400401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3503.405940] ? vmacache_update+0x114/0x140 [ 3503.410201] __mm_populate+0x27e/0x4c0 [ 3503.414109] ? populate_vma_page_range+0x3b0/0x3b0 [ 3503.419067] ? down_read_killable+0x150/0x150 [ 3503.423564] ? security_mmap_file+0x1a7/0x1e0 [ 3503.428094] vm_mmap_pgoff+0x277/0x2b0 [ 3503.432037] ? vma_is_stack_for_current+0xd0/0xd0 [ 3503.436885] ? kasan_check_read+0x11/0x20 [ 3503.441039] ? _copy_to_user+0xc9/0x120 [ 3503.445041] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3503.450587] ksys_mmap_pgoff+0x102/0x650 [ 3503.454688] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3503.459439] ? trace_hardirqs_on+0xbd/0x310 [ 3503.463762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3503.469301] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3503.474668] ? trace_hardirqs_off_caller+0x300/0x300 [ 3503.479778] __x64_sys_mmap+0xe9/0x1b0 [ 3503.483674] do_syscall_64+0x1a3/0x800 [ 3503.487567] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3503.492526] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3503.497564] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3503.502415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3503.507617] RIP: 0033:0x457ec9 [ 3503.510811] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3503.529708] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3503.537407] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 05:28:06 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd8a}, 0x28) 05:28:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, 0x0, 0x0) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3503.544669] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3503.551934] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3503.559221] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3503.566505] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff 05:28:07 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [], [0x2]}, 0x45c) [ 3503.647396] memory: usage 307200kB, limit 307200kB, failcnt 61513 [ 3503.647894] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3503.661080] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3503.674347] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3503.689073] Memory cgroup stats for /syz1: cache:28KB rss:284652KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237876KB active_anon:4296KB inactive_file:0KB active_file:0KB unevictable:42540KB [ 3503.718528] gfs2: fsid=_h: Now mounting FS... [ 3503.730103] attempt to access beyond end of device [ 3503.746169] loop3: rw=4096, want=136, limit=74 [ 3503.752340] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15080,uid=0 [ 3503.776619] gfs2: error 10 reading superblock [ 3503.785706] gfs2: fsid=_h: can't read superblock 05:28:07 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0) [ 3503.791804] Memory cgroup out of memory: Kill process 15080 (syz-executor1) score 1145 or sacrifice child [ 3503.806547] gfs2: fsid=_h: can't read superblock: -5 [ 3503.816681] Killed process 15080 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3504.053932] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3504.072292] gfs2: fsid=_h: Now mounting FS... [ 3504.093110] attempt to access beyond end of device [ 3504.098206] loop3: rw=4096, want=136, limit=74 [ 3504.118894] gfs2: error 10 reading superblock [ 3504.123590] gfs2: fsid=_h: can't read superblock [ 3504.135072] gfs2: fsid=_h: can't read superblock: -5 [ 3504.216532] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3504.226224] CPU: 1 PID: 15627 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3504.233412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3504.242755] Call Trace: [ 3504.245369] dump_stack+0x1db/0x2d0 [ 3504.248988] ? dump_stack_print_info.cold+0x20/0x20 [ 3504.254038] dump_header+0x1e6/0x116c [ 3504.257854] ? add_lock_to_list.isra.0+0x450/0x450 [ 3504.262785] ? print_usage_bug+0xd0/0xd0 [ 3504.266831] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3504.271747] ? ___ratelimit+0x37c/0x686 [ 3504.275719] ? mark_held_locks+0xb1/0x100 [ 3504.279870] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3504.284974] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3504.290063] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3504.294644] ? trace_hardirqs_on+0xbd/0x310 [ 3504.298953] ? kasan_check_read+0x11/0x20 [ 3504.303089] ? ___ratelimit+0x37c/0x686 [ 3504.307069] ? trace_hardirqs_off_caller+0x300/0x300 [ 3504.312162] ? do_raw_spin_trylock+0x270/0x270 [ 3504.316728] ? trace_hardirqs_on_caller+0x310/0x310 [ 3504.321729] ? lock_acquire+0x1db/0x570 [ 3504.325695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3504.330783] ? ___ratelimit+0xac/0x686 [ 3504.334682] ? idr_get_free+0xee0/0xee0 [ 3504.338671] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3504.343282] oom_kill_process.cold+0x10/0x9d4 [ 3504.347766] ? cgroup_procs_next+0x70/0x70 [ 3504.351988] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3504.356491] ? oom_badness+0xa50/0xa50 [ 3504.360391] ? oom_evaluate_task+0x540/0x540 [ 3504.364802] ? mem_cgroup_iter_break+0x30/0x30 [ 3504.369412] ? mutex_trylock+0x2d0/0x2d0 [ 3504.373485] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3504.379045] ? rcu_read_unlock_special+0x380/0x380 [ 3504.383986] out_of_memory+0x885/0x1420 [ 3504.387955] ? mem_cgroup_iter+0x508/0xf30 [ 3504.392176] ? oom_killer_disable+0x340/0x340 [ 3504.396673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3504.401772] ? lock_acquire+0x1db/0x570 [ 3504.405766] mem_cgroup_out_of_memory+0x160/0x210 [ 3504.410595] ? do_raw_spin_unlock+0xa0/0x330 [ 3504.414993] ? memcg_memory_event+0x40/0x40 [ 3504.419328] ? do_raw_spin_trylock+0x270/0x270 [ 3504.423901] ? _raw_spin_unlock+0x2d/0x50 [ 3504.428077] try_charge+0x12a9/0x19b0 [ 3504.431894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3504.437420] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3504.442279] ? rcu_read_unlock_special+0x380/0x380 [ 3504.447239] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3504.452146] ? get_mem_cgroup_from_page+0x190/0x190 [ 3504.457218] ? rcu_read_lock_sched_held+0x110/0x130 [ 3504.462228] mem_cgroup_try_charge+0x43a/0xdb0 [ 3504.466798] ? mem_cgroup_protected+0xa10/0xa10 [ 3504.471457] ? mark_held_locks+0x100/0x100 [ 3504.475690] ? pmd_val+0x85/0x100 [ 3504.479148] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3504.484685] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3504.490237] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3504.495211] __handle_mm_fault+0x2594/0x55a0 [ 3504.499625] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3504.504459] ? check_preemption_disabled+0x48/0x290 [ 3504.509492] ? handle_mm_fault+0x3cc/0xc80 [ 3504.513727] ? lock_downgrade+0x910/0x910 [ 3504.517867] ? kasan_check_read+0x11/0x20 [ 3504.522028] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3504.527306] ? rcu_read_unlock_special+0x380/0x380 [ 3504.532221] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3504.537753] ? check_preemption_disabled+0x48/0x290 [ 3504.542774] handle_mm_fault+0x4ec/0xc80 [ 3504.546838] ? __handle_mm_fault+0x55a0/0x55a0 [ 3504.551408] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3504.556423] __get_user_pages+0x8f7/0x1e10 [ 3504.560655] ? follow_page_mask+0x1f40/0x1f40 [ 3504.565138] ? trace_hardirqs_on+0xbd/0x310 [ 3504.569452] ? lock_acquire+0x1db/0x570 [ 3504.573428] ? ___might_sleep+0x1e7/0x310 [ 3504.577581] ? lock_release+0xc40/0xc40 [ 3504.581543] ? rwsem_wake+0x2fd/0x4a0 [ 3504.585335] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3504.589409] populate_vma_page_range+0x2bc/0x3b0 [ 3504.594162] ? memset+0x32/0x40 [ 3504.597445] ? follow_page+0x430/0x430 [ 3504.601336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3504.606874] ? vmacache_update+0x114/0x140 [ 3504.611104] __mm_populate+0x27e/0x4c0 [ 3504.614987] ? populate_vma_page_range+0x3b0/0x3b0 [ 3504.619922] ? down_read_killable+0x150/0x150 [ 3504.624443] ? security_mmap_file+0x1a7/0x1e0 [ 3504.628951] vm_mmap_pgoff+0x277/0x2b0 [ 3504.632832] ? vma_is_stack_for_current+0xd0/0xd0 [ 3504.637667] ? check_preemption_disabled+0x48/0x290 [ 3504.642697] ksys_mmap_pgoff+0x102/0x650 [ 3504.646783] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3504.651531] ? trace_hardirqs_on+0xbd/0x310 [ 3504.655842] ? __do_page_fault+0x3f1/0xd60 [ 3504.660067] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3504.665436] ? trace_hardirqs_off_caller+0x300/0x300 [ 3504.670541] __x64_sys_mmap+0xe9/0x1b0 [ 3504.674420] do_syscall_64+0x1a3/0x800 [ 3504.678297] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3504.683234] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3504.688268] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3504.693119] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3504.698298] RIP: 0033:0x457ec9 [ 3504.701510] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3504.720405] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3504.728110] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3504.735379] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3504.742636] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3504.749890] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3504.757143] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3504.766241] memory: usage 307144kB, limit 307200kB, failcnt 61555 [ 3504.772785] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3504.779706] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3504.785872] Memory cgroup stats for /syz1: cache:28KB rss:284584KB rss_huge:208896KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237752KB active_anon:4260KB inactive_file:0KB active_file:0KB unevictable:42632KB [ 3504.807418] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15230,uid=0 [ 3504.825839] Memory cgroup out of memory: Kill process 15230 (syz-executor1) score 1145 or sacrifice child [ 3504.840343] Killed process 15230 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3504.854605] oom_reaper: reaped process 15230 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:28:08 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, 0x0, 0x0) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [], [], [0x2]}, 0x45c) 05:28:08 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x28) 05:28:08 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f000000}, 0x0) 05:28:08 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xa000, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:28:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd8b}, 0x28) 05:28:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd8c}, 0x28) 05:28:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], [], [0x2]}, 0x45c) [ 3505.072888] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3505.164464] gfs2: fsid=_h: Now mounting FS... [ 3505.210902] attempt to access beyond end of device [ 3505.251457] loop3: rw=4096, want=136, limit=80 05:28:08 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [], [], [0x2]}, 0x45c) [ 3505.275559] gfs2: error 10 reading superblock 05:28:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd8d}, 0x28) [ 3505.301233] gfs2: fsid=_h: can't read superblock 05:28:08 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x0, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3505.325975] gfs2: fsid=_h: can't read superblock: -5 [ 3505.350299] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3505.389695] CPU: 0 PID: 15653 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3505.396902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3505.406258] Call Trace: [ 3505.408860] dump_stack+0x1db/0x2d0 [ 3505.412533] ? dump_stack_print_info.cold+0x20/0x20 [ 3505.412563] dump_header+0x1e6/0x116c [ 3505.412580] ? add_lock_to_list.isra.0+0x450/0x450 [ 3505.426328] ? print_usage_bug+0xd0/0xd0 [ 3505.430404] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3505.435350] ? ___ratelimit+0x37c/0x686 [ 3505.439341] ? mark_held_locks+0xb1/0x100 [ 3505.443503] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3505.443519] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3505.443534] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3505.443551] ? trace_hardirqs_on+0xbd/0x310 [ 3505.443565] ? kasan_check_read+0x11/0x20 [ 3505.443581] ? ___ratelimit+0x37c/0x686 [ 3505.443597] ? trace_hardirqs_off_caller+0x300/0x300 [ 3505.475853] ? do_raw_spin_trylock+0x270/0x270 [ 3505.480461] ? trace_hardirqs_on_caller+0x310/0x310 [ 3505.485497] ? lock_acquire+0x1db/0x570 [ 3505.485519] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3505.485535] ? ___ratelimit+0xac/0x686 [ 3505.485553] ? idr_get_free+0xee0/0xee0 [ 3505.485567] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3505.485589] oom_kill_process.cold+0x10/0x9d4 [ 3505.511541] ? cgroup_procs_next+0x70/0x70 [ 3505.515785] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3505.520285] ? oom_badness+0xa50/0xa50 [ 3505.524186] ? oom_evaluate_task+0x540/0x540 [ 3505.528650] ? mem_cgroup_iter_break+0x30/0x30 [ 3505.533271] ? mutex_trylock+0x2d0/0x2d0 [ 3505.533287] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3505.533317] ? rcu_read_unlock_special+0x380/0x380 [ 3505.533342] out_of_memory+0x885/0x1420 [ 3505.533359] ? mem_cgroup_iter+0x508/0xf30 [ 3505.556118] ? oom_killer_disable+0x340/0x340 [ 3505.560625] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3505.565738] ? lock_acquire+0x1db/0x570 [ 3505.569758] mem_cgroup_out_of_memory+0x160/0x210 [ 3505.574618] ? do_raw_spin_unlock+0xa0/0x330 [ 3505.579062] ? memcg_memory_event+0x40/0x40 [ 3505.583389] ? do_raw_spin_trylock+0x270/0x270 [ 3505.587990] ? _raw_spin_unlock+0x2d/0x50 [ 3505.592222] try_charge+0x12a9/0x19b0 [ 3505.596064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3505.601614] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3505.606469] ? rcu_read_unlock_special+0x380/0x380 [ 3505.611423] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3505.616274] ? get_mem_cgroup_from_page+0x190/0x190 [ 3505.621306] ? rcu_read_lock_sched_held+0x110/0x130 [ 3505.626353] mem_cgroup_try_charge+0x43a/0xdb0 [ 3505.630953] ? mem_cgroup_protected+0xa10/0xa10 [ 3505.635641] ? mark_held_locks+0x100/0x100 [ 3505.639892] ? pmd_val+0x85/0x100 [ 3505.643354] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3505.648913] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3505.654476] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3505.659417] __handle_mm_fault+0x2594/0x55a0 [ 3505.663882] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3505.668734] ? check_preemption_disabled+0x48/0x290 [ 3505.673758] ? handle_mm_fault+0x3cc/0xc80 [ 3505.678025] ? lock_downgrade+0x910/0x910 [ 3505.678056] ? kasan_check_read+0x11/0x20 [ 3505.678072] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3505.678089] ? rcu_read_unlock_special+0x380/0x380 [ 3505.678104] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 05:28:09 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [], [], [0x2]}, 0x45c) [ 3505.678120] ? check_preemption_disabled+0x48/0x290 [ 3505.678139] handle_mm_fault+0x4ec/0xc80 [ 3505.686419] ? __handle_mm_fault+0x55a0/0x55a0 [ 3505.686438] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3505.686457] __get_user_pages+0x8f7/0x1e10 [ 3505.686483] ? follow_page_mask+0x1f40/0x1f40 [ 3505.729602] ? lock_acquire+0x1db/0x570 [ 3505.733604] ? ___might_sleep+0x1e7/0x310 [ 3505.737769] ? lock_release+0xc40/0xc40 [ 3505.741767] ? find_held_lock+0x35/0x120 [ 3505.745854] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3505.749948] populate_vma_page_range+0x2bc/0x3b0 [ 3505.754719] ? memset+0x32/0x40 [ 3505.758030] ? follow_page+0x430/0x430 [ 3505.761940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3505.767481] ? vmacache_update+0x114/0x140 [ 3505.771765] __mm_populate+0x27e/0x4c0 [ 3505.775669] ? populate_vma_page_range+0x3b0/0x3b0 [ 3505.780609] ? down_read_killable+0x150/0x150 [ 3505.785109] ? security_mmap_file+0x1a7/0x1e0 [ 3505.789613] vm_mmap_pgoff+0x277/0x2b0 [ 3505.793511] ? vma_is_stack_for_current+0xd0/0xd0 [ 3505.798355] ? kasan_check_read+0x11/0x20 [ 3505.802516] ? _copy_to_user+0xc9/0x120 [ 3505.806689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3505.812233] ksys_mmap_pgoff+0x102/0x650 [ 3505.816299] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3505.821139] ? trace_hardirqs_on+0xbd/0x310 [ 3505.825457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3505.831024] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3505.836387] ? trace_hardirqs_off_caller+0x300/0x300 [ 3505.841508] __x64_sys_mmap+0xe9/0x1b0 [ 3505.845409] do_syscall_64+0x1a3/0x800 [ 3505.849305] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3505.854264] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3505.859285] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3505.864163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3505.869361] RIP: 0033:0x457ec9 [ 3505.872555] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3505.891472] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3505.899179] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3505.906452] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3505.913722] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3505.920989] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3505.928270] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff 05:28:09 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x0, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:09 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb8fd3f00}, 0x0) [ 3505.955090] memory: usage 307200kB, limit 307200kB, failcnt 61568 [ 3505.973418] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3506.008585] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3506.041246] Memory cgroup stats for /syz1: cache:28KB rss:284780KB rss_huge:204800KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:239800KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:40756KB [ 3506.151170] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15280,uid=0 [ 3506.173510] Memory cgroup out of memory: Kill process 15280 (syz-executor1) score 1145 or sacrifice child [ 3506.183372] Killed process 15280 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3506.370065] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3506.379932] CPU: 1 PID: 15653 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3506.387123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3506.396458] Call Trace: [ 3506.399041] dump_stack+0x1db/0x2d0 [ 3506.402654] ? dump_stack_print_info.cold+0x20/0x20 [ 3506.407662] dump_header+0x1e6/0x116c [ 3506.411449] ? add_lock_to_list.isra.0+0x450/0x450 [ 3506.416364] ? print_usage_bug+0xd0/0xd0 [ 3506.420442] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3506.425374] ? ___ratelimit+0x37c/0x686 [ 3506.429335] ? mark_held_locks+0xb1/0x100 [ 3506.433467] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3506.438552] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3506.443643] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3506.448223] ? trace_hardirqs_on+0xbd/0x310 [ 3506.452531] ? kasan_check_read+0x11/0x20 [ 3506.456662] ? ___ratelimit+0x37c/0x686 [ 3506.460623] ? trace_hardirqs_off_caller+0x300/0x300 [ 3506.465711] ? do_raw_spin_trylock+0x270/0x270 [ 3506.470290] ? trace_hardirqs_on_caller+0x310/0x310 [ 3506.475331] ? lock_acquire+0x1db/0x570 [ 3506.479292] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3506.484393] ? ___ratelimit+0xac/0x686 [ 3506.488454] ? idr_get_free+0xee0/0xee0 [ 3506.492412] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3506.496978] oom_kill_process.cold+0x10/0x9d4 [ 3506.501473] ? cgroup_procs_next+0x70/0x70 [ 3506.505694] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3506.510199] ? oom_badness+0xa50/0xa50 [ 3506.514072] ? oom_evaluate_task+0x540/0x540 [ 3506.518461] ? mem_cgroup_iter_break+0x30/0x30 [ 3506.523037] ? mutex_trylock+0x2d0/0x2d0 [ 3506.527086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3506.532614] ? rcu_read_unlock_special+0x380/0x380 [ 3506.537550] out_of_memory+0x885/0x1420 [ 3506.541533] ? mem_cgroup_iter+0x508/0xf30 [ 3506.545780] ? oom_killer_disable+0x340/0x340 [ 3506.550270] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3506.555364] ? lock_acquire+0x1db/0x570 [ 3506.559329] mem_cgroup_out_of_memory+0x160/0x210 [ 3506.564158] ? do_raw_spin_unlock+0xa0/0x330 [ 3506.568553] ? memcg_memory_event+0x40/0x40 [ 3506.572860] ? do_raw_spin_trylock+0x270/0x270 [ 3506.577428] ? _raw_spin_unlock+0x2d/0x50 [ 3506.581613] try_charge+0x12a9/0x19b0 [ 3506.585399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3506.590922] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3506.595746] ? rcu_read_unlock_special+0x380/0x380 [ 3506.600659] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3506.605523] ? get_mem_cgroup_from_page+0x190/0x190 [ 3506.610620] ? rcu_read_lock_sched_held+0x110/0x130 [ 3506.615623] mem_cgroup_try_charge+0x43a/0xdb0 [ 3506.620191] ? mem_cgroup_protected+0xa10/0xa10 [ 3506.624846] ? mark_held_locks+0x100/0x100 [ 3506.629066] ? pmd_val+0x85/0x100 [ 3506.632528] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3506.638067] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3506.643608] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3506.648526] __handle_mm_fault+0x2594/0x55a0 [ 3506.652938] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3506.657764] ? check_preemption_disabled+0x48/0x290 [ 3506.662763] ? handle_mm_fault+0x3cc/0xc80 [ 3506.666989] ? lock_downgrade+0x910/0x910 [ 3506.671133] ? kasan_check_read+0x11/0x20 [ 3506.675281] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3506.680541] ? rcu_read_unlock_special+0x380/0x380 [ 3506.685453] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3506.690988] ? check_preemption_disabled+0x48/0x290 [ 3506.695996] handle_mm_fault+0x4ec/0xc80 [ 3506.700048] ? __handle_mm_fault+0x55a0/0x55a0 [ 3506.704630] ? __get_user_pages+0x295/0x1e10 [ 3506.709030] __get_user_pages+0x8f7/0x1e10 [ 3506.713270] ? follow_page_mask+0x1f40/0x1f40 [ 3506.717750] ? lock_acquire+0x1db/0x570 [ 3506.721708] ? ___might_sleep+0x1e7/0x310 [ 3506.725841] ? lock_release+0xc40/0xc40 [ 3506.729808] ? find_held_lock+0x35/0x120 [ 3506.733857] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3506.737906] populate_vma_page_range+0x2bc/0x3b0 [ 3506.742647] ? memset+0x32/0x40 [ 3506.745935] ? follow_page+0x430/0x430 [ 3506.749811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3506.755331] ? vmacache_update+0x114/0x140 [ 3506.759567] __mm_populate+0x27e/0x4c0 [ 3506.763442] ? populate_vma_page_range+0x3b0/0x3b0 [ 3506.768375] ? down_read_killable+0x150/0x150 [ 3506.772883] ? security_mmap_file+0x1a7/0x1e0 [ 3506.777412] vm_mmap_pgoff+0x277/0x2b0 [ 3506.777445] net_ratelimit: 16 callbacks suppressed [ 3506.777490] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.781321] ? vma_is_stack_for_current+0xd0/0xd0 [ 3506.786852] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.791796] ? kasan_check_read+0x11/0x20 [ 3506.796774] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.801658] ? _copy_to_user+0xc9/0x120 [ 3506.805835] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.810789] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3506.825287] ksys_mmap_pgoff+0x102/0x650 [ 3506.829340] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3506.834081] ? trace_hardirqs_on+0xbd/0x310 [ 3506.838382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3506.843904] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3506.849254] ? trace_hardirqs_off_caller+0x300/0x300 [ 3506.854344] __x64_sys_mmap+0xe9/0x1b0 [ 3506.858222] do_syscall_64+0x1a3/0x800 [ 3506.862097] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3506.867020] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3506.872044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3506.876875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3506.882048] RIP: 0033:0x457ec9 [ 3506.885228] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3506.904290] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3506.911994] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3506.919255] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3506.926527] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3506.933780] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3506.941031] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3506.950369] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.955462] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.960663] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.965752] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.970976] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.976072] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.982117] memory: usage 306024kB, limit 307200kB, failcnt 61594 [ 3506.988615] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3506.995502] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3507.008743] Memory cgroup stats for /syz1: cache:28KB rss:284604KB rss_huge:206848KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237748KB active_anon:4252KB inactive_file:0KB active_file:0KB unevictable:42692KB [ 3507.030783] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15284,uid=0 [ 3507.045423] Memory cgroup out of memory: Kill process 15284 (syz-executor1) score 1145 or sacrifice child [ 3507.055232] Killed process 15284 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3507.073829] oom_reaper: reaped process 15284 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:28:10 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x29) 05:28:10 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xc000, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) 05:28:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48], [], [], [0x2]}, 0x45c) 05:28:10 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd8e}, 0x28) 05:28:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x0, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:10 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff}, 0x0) [ 3507.209085] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" 05:28:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c], [], [], [0x2]}, 0x45c) [ 3507.262887] gfs2: fsid=_h: Now mounting FS... 05:28:10 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd8f}, 0x28) [ 3507.309968] attempt to access beyond end of device [ 3507.337112] loop3: rw=4096, want=136, limit=96 [ 3507.360177] gfs2: error 10 reading superblock [ 3507.377150] gfs2: fsid=_h: can't read superblock [ 3507.397957] gfs2: fsid=_h: can't read superblock: -5 05:28:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [], [], [0x2]}, 0x45c) 05:28:10 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd90}, 0x28) 05:28:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) wait4(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3507.535848] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3507.564239] CPU: 1 PID: 15714 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3507.571464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3507.580821] Call Trace: [ 3507.583425] dump_stack+0x1db/0x2d0 [ 3507.587091] ? dump_stack_print_info.cold+0x20/0x20 [ 3507.587122] dump_header+0x1e6/0x116c [ 3507.587139] ? add_lock_to_list.isra.0+0x450/0x450 [ 3507.587156] ? print_usage_bug+0xd0/0xd0 [ 3507.595964] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3507.595983] ? ___ratelimit+0x37c/0x686 [ 3507.596016] ? mark_held_locks+0xb1/0x100 [ 3507.596036] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3507.596053] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3507.605034] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3507.605049] ? trace_hardirqs_on+0xbd/0x310 [ 3507.605064] ? kasan_check_read+0x11/0x20 [ 3507.605079] ? ___ratelimit+0x37c/0x686 [ 3507.605094] ? trace_hardirqs_off_caller+0x300/0x300 [ 3507.605110] ? do_raw_spin_trylock+0x270/0x270 [ 3507.614044] ? trace_hardirqs_on_caller+0x310/0x310 [ 3507.614057] ? lock_acquire+0x1db/0x570 [ 3507.614078] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3507.614093] ? ___ratelimit+0xac/0x686 [ 3507.614107] ? idr_get_free+0xee0/0xee0 [ 3507.623330] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3507.623355] oom_kill_process.cold+0x10/0x9d4 [ 3507.623373] ? cgroup_procs_next+0x70/0x70 [ 3507.623394] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3507.633091] ? oom_badness+0xa50/0xa50 [ 3507.633113] ? oom_evaluate_task+0x540/0x540 [ 3507.633129] ? mem_cgroup_iter_break+0x30/0x30 [ 3507.633142] ? mutex_trylock+0x2d0/0x2d0 [ 3507.633157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3507.633183] ? rcu_read_unlock_special+0x380/0x380 [ 3507.641621] out_of_memory+0x885/0x1420 [ 3507.641638] ? mem_cgroup_iter+0x508/0xf30 [ 3507.641657] ? oom_killer_disable+0x340/0x340 [ 3507.641673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3507.650724] ? lock_acquire+0x1db/0x570 [ 3507.650749] mem_cgroup_out_of_memory+0x160/0x210 [ 3507.650763] ? do_raw_spin_unlock+0xa0/0x330 [ 3507.650779] ? memcg_memory_event+0x40/0x40 [ 3507.650792] ? do_raw_spin_trylock+0x270/0x270 [ 3507.650814] ? _raw_spin_unlock+0x2d/0x50 [ 3507.766345] try_charge+0x12a9/0x19b0 [ 3507.770147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3507.775714] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3507.780561] ? rcu_read_unlock_special+0x380/0x380 [ 3507.785501] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3507.790390] ? get_mem_cgroup_from_page+0x190/0x190 [ 3507.795416] ? rcu_read_lock_sched_held+0x110/0x130 [ 3507.800439] mem_cgroup_try_charge+0x43a/0xdb0 [ 3507.805048] ? mem_cgroup_protected+0xa10/0xa10 [ 3507.809767] ? mark_held_locks+0x100/0x100 [ 3507.814015] ? pmd_val+0x85/0x100 [ 3507.817468] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3507.823004] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3507.828570] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3507.833528] __handle_mm_fault+0x2594/0x55a0 [ 3507.837950] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3507.842793] ? check_preemption_disabled+0x48/0x290 [ 3507.847808] ? handle_mm_fault+0x3cc/0xc80 [ 3507.852124] ? lock_downgrade+0x910/0x910 [ 3507.856272] ? kasan_check_read+0x11/0x20 [ 3507.860423] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3507.865701] ? rcu_read_unlock_special+0x380/0x380 [ 3507.870631] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3507.876171] ? check_preemption_disabled+0x48/0x290 [ 3507.881196] handle_mm_fault+0x4ec/0xc80 [ 3507.885267] ? __handle_mm_fault+0x55a0/0x55a0 [ 3507.889852] ? __get_user_pages+0x87e/0x1e10 [ 3507.894267] __get_user_pages+0x8f7/0x1e10 [ 3507.898524] ? follow_page_mask+0x1f40/0x1f40 [ 3507.903052] ? lock_acquire+0x1db/0x570 [ 3507.907034] ? ___might_sleep+0x1e7/0x310 [ 3507.911218] ? lock_release+0xc40/0xc40 [ 3507.915210] ? find_held_lock+0x35/0x120 [ 3507.919277] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3507.923383] populate_vma_page_range+0x2bc/0x3b0 [ 3507.928144] ? memset+0x32/0x40 [ 3507.931430] ? follow_page+0x430/0x430 [ 3507.935314] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3507.940853] ? vmacache_update+0x114/0x140 [ 3507.945105] __mm_populate+0x27e/0x4c0 [ 3507.949025] ? populate_vma_page_range+0x3b0/0x3b0 [ 3507.953958] ? down_read_killable+0x150/0x150 [ 3507.958479] ? security_mmap_file+0x1a7/0x1e0 [ 3507.963025] vm_mmap_pgoff+0x277/0x2b0 [ 3507.966941] ? vma_is_stack_for_current+0xd0/0xd0 [ 3507.971784] ? kasan_check_read+0x11/0x20 [ 3507.975942] ? _copy_to_user+0xc9/0x120 [ 3507.979937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3507.985508] ksys_mmap_pgoff+0x102/0x650 [ 3507.989589] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3507.994377] ? trace_hardirqs_on+0xbd/0x310 [ 3507.998717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3508.004273] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3508.009666] ? trace_hardirqs_off_caller+0x300/0x300 [ 3508.014772] __x64_sys_mmap+0xe9/0x1b0 [ 3508.018672] do_syscall_64+0x1a3/0x800 [ 3508.022567] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3508.027500] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3508.032553] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3508.037406] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3508.042599] RIP: 0033:0x457ec9 [ 3508.045796] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3508.064693] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3508.072457] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3508.079739] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 05:28:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c], [], [], [0x2]}, 0x45c) [ 3508.087013] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3508.094311] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3508.101610] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3508.157188] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3508.186193] gfs2: fsid=_h: Now mounting FS... [ 3508.202633] attempt to access beyond end of device [ 3508.219157] loop3: rw=4096, want=136, limit=96 [ 3508.229815] gfs2: error 10 reading superblock [ 3508.241067] gfs2: fsid=_h: can't read superblock [ 3508.291589] gfs2: fsid=_h: can't read superblock: -5 [ 3508.296659] memory: usage 307200kB, limit 307200kB, failcnt 61624 [ 3508.303476] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3508.317284] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3508.335984] Memory cgroup stats for /syz1: cache:28KB rss:285756KB rss_huge:202752KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237884KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:43756KB [ 3508.377445] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15697,uid=0 [ 3508.419874] Memory cgroup out of memory: Kill process 15697 (syz-executor1) score 1146 or sacrifice child [ 3508.435759] Killed process 15697 (syz-executor1) total-vm:70664kB, anon-rss:15252kB, file-rss:32768kB, shmem-rss:0kB [ 3508.490816] oom_reaper: reaped process 15697 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:28:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x2a) 05:28:11 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc000000}, 0x0) 05:28:11 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd91}, 0x28) 05:28:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74], [], [], [0x2]}, 0x45c) 05:28:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) wait4(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) 05:28:11 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xde01, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) [ 3508.702666] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3508.716564] gfs2: fsid=_h: Now mounting FS... [ 3508.743819] attempt to access beyond end of device 05:28:12 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd92}, 0x28) 05:28:12 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], [], [], [0x2]}, 0x45c) [ 3508.766573] loop3: rw=4096, want=136, limit=111 [ 3508.806738] gfs2: error 10 reading superblock [ 3508.829996] gfs2: fsid=_h: can't read superblock [ 3508.846758] gfs2: fsid=_h: can't read superblock: -5 05:28:12 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd93}, 0x28) 05:28:12 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300], [], [], [0x2]}, 0x45c) [ 3508.961872] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 05:28:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) fcntl$getown(0xffffffffffffffff, 0x9) wait4(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'ip6_vti0\x00'}) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r2 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0) dup3(r4, r3, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r5, 0x0, 0x102001695) listen(r0, 0x0) [ 3509.015768] CPU: 1 PID: 15765 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3509.023015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3509.032394] Call Trace: [ 3509.032416] dump_stack+0x1db/0x2d0 [ 3509.032433] ? dump_stack_print_info.cold+0x20/0x20 [ 3509.032461] dump_header+0x1e6/0x116c [ 3509.047496] ? add_lock_to_list.isra.0+0x450/0x450 [ 3509.052450] ? print_usage_bug+0xd0/0xd0 [ 3509.056535] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3509.061491] ? ___ratelimit+0x37c/0x686 [ 3509.061512] ? mark_held_locks+0xb1/0x100 [ 3509.061537] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3509.061552] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3509.061567] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3509.079896] ? trace_hardirqs_on+0xbd/0x310 [ 3509.079911] ? kasan_check_read+0x11/0x20 [ 3509.079925] ? ___ratelimit+0x37c/0x686 [ 3509.079941] ? trace_hardirqs_off_caller+0x300/0x300 [ 3509.088849] ? do_raw_spin_trylock+0x270/0x270 [ 3509.106745] ? trace_hardirqs_on_caller+0x310/0x310 [ 3509.111787] ? lock_acquire+0x1db/0x570 [ 3509.115774] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3509.115791] ? ___ratelimit+0xac/0x686 [ 3509.115808] ? idr_get_free+0xee0/0xee0 [ 3509.128756] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3509.133370] oom_kill_process.cold+0x10/0x9d4 [ 3509.137883] ? cgroup_procs_next+0x70/0x70 [ 3509.137904] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3509.137920] ? oom_badness+0xa50/0xa50 [ 3509.137941] ? oom_evaluate_task+0x540/0x540 [ 3509.137957] ? mem_cgroup_iter_break+0x30/0x30 [ 3509.137973] ? mutex_trylock+0x2d0/0x2d0 [ 3509.150571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3509.150600] ? rcu_read_unlock_special+0x380/0x380 [ 3509.150625] out_of_memory+0x885/0x1420 [ 3509.159632] ? mem_cgroup_iter+0x508/0xf30 [ 3509.159654] ? oom_killer_disable+0x340/0x340 [ 3509.159687] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3509.159704] ? lock_acquire+0x1db/0x570 [ 3509.159730] mem_cgroup_out_of_memory+0x160/0x210 [ 3509.159747] ? do_raw_spin_unlock+0xa0/0x330 [ 3509.174301] ? memcg_memory_event+0x40/0x40 [ 3509.174317] ? do_raw_spin_trylock+0x270/0x270 [ 3509.174342] ? _raw_spin_unlock+0x2d/0x50 [ 3509.182577] try_charge+0x12a9/0x19b0 [ 3509.182595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3509.182619] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3509.182637] ? rcu_read_unlock_special+0x380/0x380 [ 3509.182661] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3509.192248] ? get_mem_cgroup_from_page+0x190/0x190 [ 3509.192270] ? rcu_read_lock_sched_held+0x110/0x130 [ 3509.192289] mem_cgroup_try_charge+0x43a/0xdb0 [ 3509.205554] ? mem_cgroup_protected+0xa10/0xa10 [ 3509.205580] ? mark_held_locks+0x100/0x100 [ 3509.205599] ? pmd_val+0x85/0x100 [ 3509.222563] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3509.232967] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3509.232992] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3509.233032] __handle_mm_fault+0x2594/0x55a0 [ 3509.233057] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3509.252824] ? check_preemption_disabled+0x48/0x290 [ 3509.262075] ? handle_mm_fault+0x3cc/0xc80 [ 3509.262108] ? lock_downgrade+0x910/0x910 [ 3509.262126] ? kasan_check_read+0x11/0x20 05:28:12 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500], [], [], [0x2]}, 0x45c) [ 3509.275316] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3509.275335] ? rcu_read_unlock_special+0x380/0x380 [ 3509.275352] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3509.275371] ? check_preemption_disabled+0x48/0x290 [ 3509.290269] handle_mm_fault+0x4ec/0xc80 [ 3509.290304] ? __handle_mm_fault+0x55a0/0x55a0 [ 3509.290321] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3509.347218] __get_user_pages+0x8f7/0x1e10 [ 3509.351482] ? follow_page_mask+0x1f40/0x1f40 [ 3509.356042] ? lock_acquire+0x1db/0x570 [ 3509.360064] ? ___might_sleep+0x1e7/0x310 [ 3509.364248] ? lock_release+0xc40/0xc40 [ 3509.368232] ? find_held_lock+0x35/0x120 [ 3509.372311] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3509.376392] populate_vma_page_range+0x2bc/0x3b0 [ 3509.381174] ? memset+0x32/0x40 [ 3509.384471] ? follow_page+0x430/0x430 [ 3509.388370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3509.393918] ? vmacache_update+0x114/0x140 [ 3509.398174] __mm_populate+0x27e/0x4c0 [ 3509.402080] ? populate_vma_page_range+0x3b0/0x3b0 [ 3509.407031] ? down_read_killable+0x150/0x150 [ 3509.411552] ? security_mmap_file+0x1a7/0x1e0 [ 3509.416072] vm_mmap_pgoff+0x277/0x2b0 [ 3509.419982] ? vma_is_stack_for_current+0xd0/0xd0 [ 3509.424851] ? kasan_check_read+0x11/0x20 [ 3509.429017] ? _copy_to_user+0xc9/0x120 [ 3509.433005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3509.438563] ksys_mmap_pgoff+0x102/0x650 [ 3509.442673] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3509.447473] ? trace_hardirqs_on+0xbd/0x310 [ 3509.451801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3509.457361] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3509.462739] ? trace_hardirqs_off_caller+0x300/0x300 [ 3509.467848] __x64_sys_mmap+0xe9/0x1b0 [ 3509.471745] do_syscall_64+0x1a3/0x800 [ 3509.475651] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3509.480586] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3509.485608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3509.490478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3509.495716] RIP: 0033:0x457ec9 [ 3509.498954] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3509.517858] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3509.525598] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3509.532866] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3509.540137] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3509.547406] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3509.554684] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3509.618818] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3509.652260] gfs2: fsid=_h: Now mounting FS... [ 3509.681643] attempt to access beyond end of device [ 3509.701826] memory: usage 307144kB, limit 307200kB, failcnt 61653 [ 3509.710498] loop3: rw=4096, want=136, limit=111 [ 3509.722723] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3509.732233] gfs2: error 10 reading superblock [ 3509.740158] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3509.743153] gfs2: fsid=_h: can't read superblock [ 3509.746407] Memory cgroup stats for /syz1: cache:28KB rss:285752KB rss_huge:200704KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237876KB active_anon:4272KB inactive_file:0KB active_file:0KB unevictable:43744KB [ 3509.772932] gfs2: fsid=_h: can't read superblock: -5 [ 3509.801832] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15334,uid=0 [ 3509.816916] Memory cgroup out of memory: Kill process 15334 (syz-executor1) score 1145 or sacrifice child [ 3509.828523] Killed process 15334 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3509.915998] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3509.932271] CPU: 1 PID: 15797 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3509.939472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3509.948820] Call Trace: [ 3509.951418] dump_stack+0x1db/0x2d0 [ 3509.955058] ? dump_stack_print_info.cold+0x20/0x20 [ 3509.960069] dump_header+0x1e6/0x116c [ 3509.963864] ? add_lock_to_list.isra.0+0x450/0x450 [ 3509.968782] ? print_usage_bug+0xd0/0xd0 [ 3509.972832] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3509.977748] ? ___ratelimit+0x37c/0x686 [ 3509.981722] ? mark_held_locks+0xb1/0x100 [ 3509.985889] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3509.990979] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3509.996069] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3510.000641] ? trace_hardirqs_on+0xbd/0x310 [ 3510.004950] ? kasan_check_read+0x11/0x20 [ 3510.009119] ? ___ratelimit+0x37c/0x686 [ 3510.013117] ? trace_hardirqs_off_caller+0x300/0x300 [ 3510.018206] ? do_raw_spin_trylock+0x270/0x270 [ 3510.022807] ? trace_hardirqs_on_caller+0x310/0x310 [ 3510.027810] ? lock_acquire+0x1db/0x570 [ 3510.031773] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3510.036866] ? ___ratelimit+0xac/0x686 [ 3510.040757] ? idr_get_free+0xee0/0xee0 [ 3510.044718] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3510.049295] oom_kill_process.cold+0x10/0x9d4 [ 3510.053783] ? cgroup_procs_next+0x70/0x70 [ 3510.058019] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3510.062507] ? oom_badness+0xa50/0xa50 [ 3510.066415] ? oom_evaluate_task+0x540/0x540 [ 3510.070808] ? mem_cgroup_iter_break+0x30/0x30 [ 3510.075392] ? mutex_trylock+0x2d0/0x2d0 [ 3510.079458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3510.085004] ? rcu_read_unlock_special+0x380/0x380 [ 3510.089960] out_of_memory+0x885/0x1420 [ 3510.093926] ? mem_cgroup_iter+0x508/0xf30 [ 3510.098155] ? oom_killer_disable+0x340/0x340 [ 3510.102636] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3510.107724] ? lock_acquire+0x1db/0x570 [ 3510.111718] mem_cgroup_out_of_memory+0x160/0x210 [ 3510.116547] ? do_raw_spin_unlock+0xa0/0x330 [ 3510.120955] ? memcg_memory_event+0x40/0x40 [ 3510.125276] ? do_raw_spin_trylock+0x270/0x270 [ 3510.129851] ? _raw_spin_unlock+0x2d/0x50 [ 3510.133999] try_charge+0x12a9/0x19b0 [ 3510.137809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3510.143335] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3510.148189] ? rcu_read_unlock_special+0x380/0x380 [ 3510.153110] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3510.157939] ? get_mem_cgroup_from_page+0x190/0x190 [ 3510.162963] ? rcu_read_lock_sched_held+0x110/0x130 [ 3510.168000] mem_cgroup_try_charge+0x43a/0xdb0 [ 3510.172590] ? mem_cgroup_protected+0xa10/0xa10 [ 3510.177256] ? mark_held_locks+0x100/0x100 [ 3510.181481] ? pmd_val+0x85/0x100 [ 3510.184928] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3510.190558] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3510.196104] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3510.201045] __handle_mm_fault+0x2594/0x55a0 [ 3510.205467] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3510.210315] ? check_preemption_disabled+0x48/0x290 [ 3510.215317] ? handle_mm_fault+0x3cc/0xc80 [ 3510.219566] ? lock_downgrade+0x910/0x910 [ 3510.223717] ? kasan_check_read+0x11/0x20 [ 3510.227865] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3510.233138] ? rcu_read_unlock_special+0x380/0x380 [ 3510.238056] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3510.243588] ? check_preemption_disabled+0x48/0x290 [ 3510.248591] handle_mm_fault+0x4ec/0xc80 [ 3510.252643] ? __handle_mm_fault+0x55a0/0x55a0 [ 3510.257227] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3510.262250] __get_user_pages+0x8f7/0x1e10 [ 3510.266482] ? follow_page_mask+0x1f40/0x1f40 [ 3510.270962] ? trace_hardirqs_on+0xbd/0x310 [ 3510.275273] ? lock_acquire+0x1db/0x570 [ 3510.279251] ? ___might_sleep+0x1e7/0x310 [ 3510.283400] ? lock_release+0xc40/0xc40 [ 3510.287364] ? rwsem_wake+0x2fd/0x4a0 [ 3510.291153] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3510.295204] populate_vma_page_range+0x2bc/0x3b0 [ 3510.299952] ? memset+0x32/0x40 [ 3510.303219] ? follow_page+0x430/0x430 [ 3510.307125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3510.312655] ? vmacache_update+0x114/0x140 [ 3510.316883] __mm_populate+0x27e/0x4c0 [ 3510.320797] ? populate_vma_page_range+0x3b0/0x3b0 [ 3510.325717] ? down_read_killable+0x150/0x150 [ 3510.330207] ? security_mmap_file+0x1a7/0x1e0 [ 3510.334707] vm_mmap_pgoff+0x277/0x2b0 [ 3510.338596] ? vma_is_stack_for_current+0xd0/0xd0 [ 3510.343437] ? check_preemption_disabled+0x48/0x290 [ 3510.348446] ksys_mmap_pgoff+0x102/0x650 [ 3510.352496] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3510.357255] ? trace_hardirqs_on+0xbd/0x310 [ 3510.361573] ? __do_page_fault+0x3f1/0xd60 [ 3510.365795] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3510.371163] ? trace_hardirqs_off_caller+0x300/0x300 [ 3510.376272] __x64_sys_mmap+0xe9/0x1b0 [ 3510.380151] do_syscall_64+0x1a3/0x800 [ 3510.384034] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3510.388953] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3510.393956] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3510.398790] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3510.403982] RIP: 0033:0x457ec9 [ 3510.407162] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3510.426057] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3510.433756] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3510.441030] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3510.448299] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3510.455592] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3510.462875] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3510.473724] memory: usage 307200kB, limit 307200kB, failcnt 61708 [ 3510.480993] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3510.494105] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3510.500610] Memory cgroup stats for /syz1: cache:28KB rss:285816KB rss_huge:204800KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235828KB active_anon:4276KB inactive_file:0KB active_file:0KB unevictable:45808KB [ 3510.522513] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15336,uid=0 [ 3510.537249] Memory cgroup out of memory: Kill process 15336 (syz-executor1) score 1145 or sacrifice child [ 3510.547006] Killed process 15336 (syz-executor1) total-vm:70664kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB 05:28:13 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000}, 0x0) 05:28:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) 05:28:13 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='smaps_rollup\x00') mlockall(0x8000000002) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x2b) 05:28:13 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd94}, 0x28) 05:28:13 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600], [], [], [0x2]}, 0x45c) 05:28:13 executing program 3: syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000380)='./file0\x00', 0xec02, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@lockproto_nolock='lockproto=lock_nolock'}, {@locktable={'locktable', 0x3d, '/h\x00'}}]}) [ 3510.574330] oom_reaper: reaped process 15336 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB 05:28:14 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd95}, 0x28) [ 3510.722018] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3510.760672] gfs2: fsid=_h: Now mounting FS... 05:28:14 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700], [], [], [0x2]}, 0x45c) [ 3510.780753] attempt to access beyond end of device [ 3510.802929] loop3: rw=4096, want=136, limit=118 [ 3510.814875] gfs2: error 10 reading superblock [ 3510.827415] gfs2: fsid=_h: can't read superblock [ 3510.848793] gfs2: fsid=_h: can't read superblock: -5 05:28:14 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd96}, 0x28) 05:28:14 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00], [], [], [0x2]}, 0x45c) 05:28:14 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/uinput\x00', 0x80000000002, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00], [], [], [0x2]}, 0x45c) [ 3511.096737] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3511.098464] gfs2: fsid=_h: Trying to join cluster "lock_nolock", "_h" [ 3511.108663] CPU: 0 PID: 15817 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3511.120215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3511.129564] Call Trace: [ 3511.129587] dump_stack+0x1db/0x2d0 [ 3511.129621] ? dump_stack_print_info.cold+0x20/0x20 [ 3511.129650] dump_header+0x1e6/0x116c [ 3511.129667] ? add_lock_to_list.isra.0+0x450/0x450 [ 3511.129685] ? print_usage_bug+0xd0/0xd0 [ 3511.129717] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3511.158670] ? ___ratelimit+0x37c/0x686 [ 3511.162665] ? mark_held_locks+0xb1/0x100 [ 3511.166848] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3511.171975] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3511.177094] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3511.181711] ? trace_hardirqs_on+0xbd/0x310 [ 3511.186058] ? kasan_check_read+0x11/0x20 [ 3511.187891] gfs2: fsid=_h: Now mounting FS... [ 3511.190232] ? ___ratelimit+0x37c/0x686 [ 3511.190249] ? trace_hardirqs_off_caller+0x300/0x300 [ 3511.190263] ? do_raw_spin_trylock+0x270/0x270 [ 3511.190282] ? trace_hardirqs_on_caller+0x310/0x310 [ 3511.213424] ? lock_acquire+0x1db/0x570 [ 3511.217438] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3511.222552] ? ___ratelimit+0xac/0x686 [ 3511.226443] ? idr_get_free+0xee0/0xee0 [ 3511.230420] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3511.235033] oom_kill_process.cold+0x10/0x9d4 [ 3511.239537] ? cgroup_procs_next+0x70/0x70 [ 3511.243782] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3511.248280] ? oom_badness+0xa50/0xa50 [ 3511.252177] ? oom_evaluate_task+0x540/0x540 [ 3511.256605] ? mem_cgroup_iter_break+0x30/0x30 [ 3511.261191] ? mutex_trylock+0x2d0/0x2d0 [ 3511.265252] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3511.270809] ? rcu_read_unlock_special+0x380/0x380 [ 3511.275744] out_of_memory+0x885/0x1420 [ 3511.279724] ? mem_cgroup_iter+0x508/0xf30 [ 3511.283974] ? oom_killer_disable+0x340/0x340 [ 3511.288488] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3511.293607] ? lock_acquire+0x1db/0x570 [ 3511.297592] mem_cgroup_out_of_memory+0x160/0x210 [ 3511.302434] ? do_raw_spin_unlock+0xa0/0x330 [ 3511.306861] ? memcg_memory_event+0x40/0x40 [ 3511.311181] ? do_raw_spin_trylock+0x270/0x270 [ 3511.315773] ? _raw_spin_unlock+0x2d/0x50 [ 3511.319930] try_charge+0x12a9/0x19b0 [ 3511.323733] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3511.329279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3511.334144] ? rcu_read_unlock_special+0x380/0x380 [ 3511.339107] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3511.343951] ? get_mem_cgroup_from_page+0x190/0x190 [ 3511.348978] ? rcu_read_lock_sched_held+0x110/0x130 [ 3511.354043] mem_cgroup_try_charge+0x43a/0xdb0 [ 3511.358635] ? mem_cgroup_protected+0xa10/0xa10 [ 3511.363320] ? mark_held_locks+0x100/0x100 [ 3511.367562] ? pmd_val+0x85/0x100 [ 3511.371051] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3511.376590] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3511.382134] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3511.387075] __handle_mm_fault+0x2594/0x55a0 [ 3511.391510] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3511.396365] ? check_preemption_disabled+0x48/0x290 [ 3511.401387] ? handle_mm_fault+0x3cc/0xc80 [ 3511.405642] ? lock_downgrade+0x910/0x910 [ 3511.409794] ? kasan_check_read+0x11/0x20 [ 3511.413959] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3511.419242] ? rcu_read_unlock_special+0x380/0x380 [ 3511.424173] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3511.429711] ? check_preemption_disabled+0x48/0x290 [ 3511.434733] handle_mm_fault+0x4ec/0xc80 [ 3511.438800] ? __handle_mm_fault+0x55a0/0x55a0 [ 3511.443387] ? __get_user_pages+0x93b/0x1e10 [ 3511.447803] __get_user_pages+0x8f7/0x1e10 [ 3511.452065] ? follow_page_mask+0x1f40/0x1f40 [ 3511.456596] ? lock_acquire+0x1db/0x570 [ 3511.460589] ? ___might_sleep+0x1e7/0x310 [ 3511.464746] ? lock_release+0xc40/0xc40 [ 3511.468745] ? find_held_lock+0x35/0x120 [ 3511.472832] ? vm_mmap_pgoff+0x21a/0x2b0 [ 3511.476898] populate_vma_page_range+0x2bc/0x3b0 [ 3511.481693] ? memset+0x32/0x40 [ 3511.484975] ? follow_page+0x430/0x430 [ 3511.488863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3511.494399] ? vmacache_update+0x114/0x140 [ 3511.498642] __mm_populate+0x27e/0x4c0 [ 3511.502536] ? populate_vma_page_range+0x3b0/0x3b0 [ 3511.507466] ? down_read_killable+0x150/0x150 [ 3511.511970] ? security_mmap_file+0x1a7/0x1e0 [ 3511.516488] vm_mmap_pgoff+0x277/0x2b0 [ 3511.520414] ? vma_is_stack_for_current+0xd0/0xd0 [ 3511.525262] ? kasan_check_read+0x11/0x20 [ 3511.529418] ? _copy_to_user+0xc9/0x120 [ 3511.533407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3511.538957] ksys_mmap_pgoff+0x102/0x650 [ 3511.543046] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3511.547806] ? trace_hardirqs_on+0xbd/0x310 [ 3511.552131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3511.557693] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3511.563081] ? trace_hardirqs_off_caller+0x300/0x300 [ 3511.568198] __x64_sys_mmap+0xe9/0x1b0 [ 3511.572110] do_syscall_64+0x1a3/0x800 [ 3511.576003] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3511.580956] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3511.585979] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3511.590845] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3511.596044] RIP: 0033:0x457ec9 [ 3511.599239] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3511.618145] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3511.625857] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3511.633144] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3511.640411] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 05:28:14 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x16, 0x0, &(0x7f00000001c0)="263abd030e98ff4dc870bd6688a843a588a89ca94283", 0x0, 0xd97}, 0x28) [ 3511.647679] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3511.654947] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3511.680515] attempt to access beyond end of device [ 3511.685491] loop3: rw=4096, want=136, limit=118 05:28:15 executing program 5: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x100}, 0x10) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec00000}, 0x0) 05:28:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e23, @dev}, 0x10) r2 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000240), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000540)={0x0, @in6={{0xa, 0x0, 0xf5, @ipv4={[], [], @local}}}, [0x81, 0x0, 0x0, 0x80, 0xfffffffffffffff9, 0x4, 0x7, 0x0, 0x0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x200]}, 0x0) r3 = dup(r1) semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f0000000e40)=""/56) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback, 0x6}}, 0x3, 0x5}, 0x98) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, r3, 0x0) dup3(r5, r4, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000780)) memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) sendfile(r1, r6, 0x0, 0x102001695) listen(r0, 0x0) [ 3511.733134] gfs2: error 10 reading superblock [ 3511.758615] gfs2: fsid=_h: can't read superblock [ 3511.778206] gfs2: fsid=_h: can't read superblock: -5 [ 3511.861921] memory: usage 306100kB, limit 307200kB, failcnt 61740 [ 3511.869604] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3511.876557] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3511.883059] Memory cgroup stats for /syz1: cache:28KB rss:285872KB rss_huge:198656KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235828KB active_anon:4264KB inactive_file:0KB active_file:0KB unevictable:45848KB [ 3511.931116] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15408,uid=0 [ 3511.960405] Memory cgroup out of memory: Kill process 15408 (syz-executor1) score 1145 or sacrifice child [ 3511.995772] Killed process 15408 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3512.031461] oom_reaper: reaped process 15408 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3512.159696] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3512.169877] CPU: 0 PID: 15851 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3512.177070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3512.186407] Call Trace: [ 3512.189007] dump_stack+0x1db/0x2d0 [ 3512.192663] ? dump_stack_print_info.cold+0x20/0x20 [ 3512.197688] dump_header+0x1e6/0x116c [ 3512.201508] ? add_lock_to_list.isra.0+0x450/0x450 [ 3512.206431] ? print_usage_bug+0xd0/0xd0 [ 3512.210498] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3512.215458] ? ___ratelimit+0x37c/0x686 [ 3512.219438] ? mark_held_locks+0xb1/0x100 [ 3512.223611] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3512.228718] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3512.233842] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3512.238423] ? trace_hardirqs_on+0xbd/0x310 [ 3512.242755] ? kasan_check_read+0x11/0x20 [ 3512.246891] ? ___ratelimit+0x37c/0x686 [ 3512.250870] ? trace_hardirqs_off_caller+0x300/0x300 [ 3512.255995] ? do_raw_spin_trylock+0x270/0x270 [ 3512.260591] ? trace_hardirqs_on_caller+0x310/0x310 [ 3512.265616] ? lock_acquire+0x1db/0x570 [ 3512.269596] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3512.274701] ? ___ratelimit+0xac/0x686 [ 3512.278592] ? idr_get_free+0xee0/0xee0 [ 3512.282563] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3512.287169] oom_kill_process.cold+0x10/0x9d4 [ 3512.291679] ? cgroup_procs_next+0x70/0x70 [ 3512.295924] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3512.300450] ? oom_badness+0xa50/0xa50 [ 3512.304351] ? oom_evaluate_task+0x540/0x540 [ 3512.308788] ? mem_cgroup_iter_break+0x30/0x30 [ 3512.313373] ? mutex_trylock+0x2d0/0x2d0 [ 3512.317431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3512.322965] ? rcu_read_unlock_special+0x380/0x380 [ 3512.327901] out_of_memory+0x885/0x1420 [ 3512.331888] ? mem_cgroup_iter+0x508/0xf30 [ 3512.336145] ? oom_killer_disable+0x340/0x340 [ 3512.340630] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3512.345729] ? lock_acquire+0x1db/0x570 [ 3512.349710] mem_cgroup_out_of_memory+0x160/0x210 [ 3512.354554] ? do_raw_spin_unlock+0xa0/0x330 [ 3512.358957] ? memcg_memory_event+0x40/0x40 [ 3512.363276] ? do_raw_spin_trylock+0x270/0x270 [ 3512.367877] ? _raw_spin_unlock+0x2d/0x50 [ 3512.372074] try_charge+0x12a9/0x19b0 [ 3512.375876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3512.381425] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3512.386274] ? rcu_read_unlock_special+0x380/0x380 [ 3512.391228] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3512.396103] ? get_mem_cgroup_from_page+0x190/0x190 [ 3512.401112] ? rcu_read_lock_sched_held+0x110/0x130 [ 3512.406118] mem_cgroup_try_charge+0x43a/0xdb0 [ 3512.410703] ? mem_cgroup_protected+0xa10/0xa10 [ 3512.415385] ? mark_held_locks+0x100/0x100 [ 3512.419625] ? pmd_val+0x85/0x100 [ 3512.423082] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3512.428613] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3512.434181] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3512.439111] __handle_mm_fault+0x2594/0x55a0 [ 3512.443527] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 3512.448385] ? check_preemption_disabled+0x48/0x290 [ 3512.453410] ? handle_mm_fault+0x3cc/0xc80 [ 3512.457654] ? lock_downgrade+0x910/0x910 [ 3512.461804] ? kasan_check_read+0x11/0x20 [ 3512.465941] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3512.471222] ? rcu_read_unlock_special+0x380/0x380 [ 3512.476149] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3512.481676] ? check_preemption_disabled+0x48/0x290 [ 3512.486698] handle_mm_fault+0x4ec/0xc80 [ 3512.490803] ? __handle_mm_fault+0x55a0/0x55a0 [ 3512.495383] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3512.500392] __get_user_pages+0x8f7/0x1e10 [ 3512.504660] ? follow_page_mask+0x1f40/0x1f40 [ 3512.509167] ? trace_hardirqs_on+0xbd/0x310 [ 3512.513526] ? lock_acquire+0x1db/0x570 [ 3512.517520] ? ___might_sleep+0x1e7/0x310 [ 3512.521671] ? lock_release+0xc40/0xc40 [ 3512.525652] ? rwsem_wake+0x2fd/0x4a0 [ 3512.529461] populate_vma_page_range+0x2bc/0x3b0 [ 3512.534239] ? memset+0x32/0x40 [ 3512.537528] ? follow_page+0x430/0x430 [ 3512.541402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3512.546923] ? vmacache_update+0x114/0x140 [ 3512.551166] __mm_populate+0x27e/0x4c0 [ 3512.555072] ? populate_vma_page_range+0x3b0/0x3b0 [ 3512.560032] ? down_read_killable+0x150/0x150 [ 3512.564538] ? security_mmap_file+0x1a7/0x1e0 [ 3512.569059] vm_mmap_pgoff+0x277/0x2b0 [ 3512.572967] ? vma_is_stack_for_current+0xd0/0xd0 [ 3512.577829] ? check_preemption_disabled+0x48/0x290 [ 3512.582844] ksys_mmap_pgoff+0x102/0x650 [ 3512.586895] ? find_mergeable_anon_vma+0xd0/0xd0 [ 3512.591650] ? trace_hardirqs_on+0xbd/0x310 [ 3512.595991] ? __do_page_fault+0x3f1/0xd60 [ 3512.600237] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3512.605600] ? trace_hardirqs_off_caller+0x300/0x300 [ 3512.610718] __x64_sys_mmap+0xe9/0x1b0 [ 3512.614622] do_syscall_64+0x1a3/0x800 [ 3512.618533] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3512.623503] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3512.628563] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3512.633433] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3512.633445] RIP: 0033:0x457ec9 [ 3512.633460] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3512.660710] RSP: 002b:00007f36f08fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3512.660726] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9 [ 3512.660735] RDX: ffffffffffffffff RSI: 0000000000e7e000 RDI: 0000000020000000 [ 3512.660744] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 3512.660754] R10: 0000000000000032 R11: 0000000000000246 R12: 00007f36f08fc6d4 [ 3512.660763] R13: 00000000004c3ba2 R14: 00000000004d6ae8 R15: 00000000ffffffff [ 3512.661694] net_ratelimit: 24 callbacks suppressed [ 3512.661702] protocol 88fb is buggy, dev hsr_slave_0 [ 3512.715141] protocol 88fb is buggy, dev hsr_slave_1 [ 3512.720644] memory: usage 307196kB, limit 307200kB, failcnt 61785 [ 3512.726917] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3512.734902] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3512.741482] Memory cgroup stats for /syz1: cache:28KB rss:287000KB rss_huge:196608KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235704KB active_anon:4236KB inactive_file:0KB active_file:0KB unevictable:47060KB [ 3512.763129] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15438,uid=0 [ 3512.778229] Memory cgroup out of memory: Kill process 15438 (syz-executor1) score 1145 or sacrifice child [ 3512.788315] Killed process 15438 (syz-executor1) total-vm:70532kB, anon-rss:15120kB, file-rss:32768kB, shmem-rss:0kB [ 3512.811216] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 3512.813233] oom_reaper: reaped process 15438 (syz-executor1), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB [ 3512.824664] CPU: 0 PID: 15817 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3512.840045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3512.849402] Call Trace: [ 3512.851998] dump_stack+0x1db/0x2d0 [ 3512.855644] ? dump_stack_print_info.cold+0x20/0x20 [ 3512.860666] dump_header+0x1e6/0x116c [ 3512.864470] ? add_lock_to_list.isra.0+0x450/0x450 [ 3512.869388] ? print_usage_bug+0xd0/0xd0 [ 3512.873440] ? pagefault_out_of_memory+0x1a1/0x1a1 [ 3512.878359] ? ___ratelimit+0x37c/0x686 [ 3512.882325] ? mark_held_locks+0xb1/0x100 [ 3512.886461] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3512.891566] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3512.896659] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3512.901366] ? trace_hardirqs_on+0xbd/0x310 [ 3512.905674] ? kasan_check_read+0x11/0x20 [ 3512.909835] ? ___ratelimit+0x37c/0x686 [ 3512.913833] ? trace_hardirqs_off_caller+0x300/0x300 [ 3512.918948] ? do_raw_spin_trylock+0x270/0x270 [ 3512.923517] ? trace_hardirqs_on_caller+0x310/0x310 [ 3512.928541] ? lock_acquire+0x1db/0x570 [ 3512.932541] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3512.937641] ? ___ratelimit+0xac/0x686 [ 3512.941533] ? idr_get_free+0xee0/0xee0 [ 3512.945509] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3512.950112] oom_kill_process.cold+0x10/0x9d4 [ 3512.954597] ? cgroup_procs_next+0x70/0x70 [ 3512.958818] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3512.963299] ? oom_badness+0xa50/0xa50 [ 3512.967187] ? oom_evaluate_task+0x540/0x540 [ 3512.971597] ? mem_cgroup_iter_break+0x30/0x30 [ 3512.976165] ? mutex_trylock+0x2d0/0x2d0 [ 3512.980215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3512.985745] ? rcu_read_unlock_special+0x380/0x380 [ 3512.990665] out_of_memory+0x885/0x1420 [ 3512.994641] ? mem_cgroup_iter+0x508/0xf30 [ 3512.998865] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3513.003958] ? oom_killer_disable+0x340/0x340 [ 3513.008440] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3513.013546] ? lock_acquire+0x1db/0x570 [ 3513.017514] mem_cgroup_out_of_memory+0x160/0x210 [ 3513.022345] ? do_raw_spin_unlock+0xa0/0x330 [ 3513.026749] ? memcg_memory_event+0x40/0x40 [ 3513.031071] ? do_raw_spin_trylock+0x270/0x270 [ 3513.035658] ? _raw_spin_unlock+0x2d/0x50 [ 3513.039797] try_charge+0xd44/0x19b0 [ 3513.043497] ? lock_downgrade+0x910/0x910 [ 3513.047631] ? kasan_check_read+0x11/0x20 [ 3513.051803] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3513.056665] ? get_mem_cgroup_from_mm+0x1cd/0x420 [ 3513.061496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3513.067032] ? lock_downgrade+0x910/0x910 [ 3513.071176] ? kasan_check_read+0x11/0x20 [ 3513.075330] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3513.080604] ? rcu_read_unlock_special+0x380/0x380 [ 3513.085544] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3513.090377] memcg_kmem_charge_memcg+0x7c/0x130 [ 3513.095046] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3513.099527] ? lock_release+0xc40/0xc40 [ 3513.103492] memcg_kmem_charge+0x13b/0x340 [ 3513.107718] __alloc_pages_nodemask+0x7b8/0xdc0 [ 3513.112379] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3513.117389] ? rcu_pm_notify+0xd0/0xd0 [ 3513.121283] ? rcu_read_lock_sched_held+0x110/0x130 [ 3513.126286] ? kmem_cache_alloc_node+0x347/0x710 [ 3513.131053] ? pci_mmcfg_check_reserved+0x170/0x170 [ 3513.136103] copy_process+0x847/0x8710 [ 3513.139986] ? ___might_sleep+0x1e7/0x310 [ 3513.144144] ? arch_local_save_flags+0x50/0x50 [ 3513.148714] ? __schedule+0x1e60/0x1e60 [ 3513.152690] ? do_raw_spin_trylock+0x270/0x270 [ 3513.157292] ? __cleanup_sighand+0x70/0x70 [ 3513.161524] ? futex_wait_queue_me+0x539/0x810 [ 3513.166137] ? refill_pi_state_cache.part.0+0x310/0x310 [ 3513.171487] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3513.176492] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.181435] ? handle_futex_death+0x230/0x230 [ 3513.185916] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.190832] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3513.196019] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3513.201069] ? futex_wait+0x6e6/0xa40 [ 3513.204864] ? print_usage_bug+0xd0/0xd0 [ 3513.208915] ? futex_wait_setup+0x430/0x430 [ 3513.213256] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3513.218270] ? __lock_acquire+0x572/0x4a30 [ 3513.222505] ? kasan_check_read+0x11/0x20 [ 3513.226647] ? mark_held_locks+0x100/0x100 [ 3513.230870] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3513.235995] ? try_to_wake_up+0xf9/0x1480 [ 3513.240163] ? do_futex+0x1b0/0x2910 [ 3513.243887] ? migrate_swap_stop+0x920/0x920 [ 3513.248284] ? rwsem_wake+0x2f5/0x4a0 [ 3513.252087] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.257028] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.261949] ? exit_robust_list+0x290/0x290 [ 3513.266269] ? rwsem_wake+0x2f5/0x4a0 [ 3513.270083] ? __might_fault+0x12b/0x1e0 [ 3513.274146] ? find_held_lock+0x35/0x120 [ 3513.278198] ? __might_fault+0x12b/0x1e0 [ 3513.282247] ? lock_acquire+0x1db/0x570 [ 3513.286210] ? lock_downgrade+0x910/0x910 [ 3513.290345] ? lock_release+0xc40/0xc40 [ 3513.294310] ? trace_hardirqs_off_caller+0x300/0x300 [ 3513.299404] _do_fork+0x1a9/0x1170 [ 3513.302951] ? fork_idle+0x1d0/0x1d0 [ 3513.306697] ? kasan_check_read+0x11/0x20 [ 3513.310840] ? _copy_to_user+0xc9/0x120 [ 3513.314809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3513.320390] ? put_timespec64+0x115/0x1b0 [ 3513.324526] ? nsecs_to_jiffies+0x30/0x30 [ 3513.328665] ? do_syscall_64+0x8c/0x800 [ 3513.332628] ? do_syscall_64+0x8c/0x800 [ 3513.336586] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3513.341153] ? trace_hardirqs_on+0xbd/0x310 [ 3513.345476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3513.351040] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3513.356414] ? trace_hardirqs_off_caller+0x300/0x300 [ 3513.361513] __x64_sys_clone+0xbf/0x150 [ 3513.365480] do_syscall_64+0x1a3/0x800 [ 3513.369356] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3513.374275] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3513.379294] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3513.384142] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3513.389329] RIP: 0033:0x457ec9 [ 3513.392516] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3513.411436] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3513.419136] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9 [ 3513.426434] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3513.433751] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3513.441043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3513.448298] R13: 00000000004be2a0 R14: 00000000004ce760 R15: 00000000ffffffff [ 3513.456488] protocol 88fb is buggy, dev hsr_slave_0 [ 3513.461622] protocol 88fb is buggy, dev hsr_slave_1 [ 3513.466734] protocol 88fb is buggy, dev hsr_slave_0 [ 3513.471864] protocol 88fb is buggy, dev hsr_slave_1 [ 3513.477026] memory: usage 294920kB, limit 307200kB, failcnt 61785 [ 3513.483545] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3513.490415] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3513.496560] Memory cgroup stats for /syz1: cache:28KB rss:274692KB rss_huge:190464KB shmem:64KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222780KB active_anon:4152KB inactive_file:0KB active_file:0KB unevictable:47872KB [ 3513.519328] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor1,pid=15858,uid=0 [ 3513.534195] Memory cgroup out of memory: Kill process 15858 (syz-executor1) score 1148 or sacrifice child [ 3513.544892] ================================================================== [ 3513.552644] BUG: KASAN: use-after-free in oom_kill_process.cold+0x484/0x9d4 [ 3513.559759] Read of size 8 at addr ffff8880595f6c40 by task syz-executor1/15817 [ 3513.567193] [ 3513.568822] CPU: 1 PID: 15817 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #29 [ 3513.576005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3513.585353] Call Trace: [ 3513.587934] dump_stack+0x1db/0x2d0 [ 3513.591563] ? dump_stack_print_info.cold+0x20/0x20 [ 3513.596572] ? __put_task_struct+0x293/0x630 [ 3513.601000] ? oom_kill_process.cold+0x484/0x9d4 [ 3513.605754] print_address_description.cold+0x7c/0x20d [ 3513.611029] ? oom_kill_process.cold+0x484/0x9d4 [ 3513.615782] ? oom_kill_process.cold+0x484/0x9d4 [ 3513.620529] kasan_report.cold+0x1b/0x40 [ 3513.624588] ? oom_kill_process.cold+0x484/0x9d4 [ 3513.629348] __asan_report_load8_noabort+0x14/0x20 [ 3513.634291] oom_kill_process.cold+0x484/0x9d4 [ 3513.638883] ? oom_evaluate_task+0x540/0x540 [ 3513.643295] ? mem_cgroup_iter_break+0x30/0x30 [ 3513.647880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3513.653428] ? rcu_read_unlock_special+0x380/0x380 [ 3513.658365] out_of_memory+0x885/0x1420 [ 3513.662326] ? mem_cgroup_iter+0x508/0xf30 [ 3513.666555] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3513.671647] ? oom_killer_disable+0x340/0x340 [ 3513.676132] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3513.681239] ? lock_acquire+0x1db/0x570 [ 3513.685231] mem_cgroup_out_of_memory+0x160/0x210 [ 3513.690081] ? do_raw_spin_unlock+0xa0/0x330 [ 3513.694497] ? memcg_memory_event+0x40/0x40 [ 3513.698829] ? do_raw_spin_trylock+0x270/0x270 [ 3513.703427] ? _raw_spin_unlock+0x2d/0x50 [ 3513.707619] try_charge+0xd44/0x19b0 [ 3513.711343] ? lock_downgrade+0x910/0x910 [ 3513.715493] ? kasan_check_read+0x11/0x20 [ 3513.719655] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3513.724493] ? get_mem_cgroup_from_mm+0x1cd/0x420 [ 3513.729355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3513.734895] ? lock_downgrade+0x910/0x910 [ 3513.739047] ? kasan_check_read+0x11/0x20 [ 3513.743201] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3513.748478] ? rcu_read_unlock_special+0x380/0x380 [ 3513.753445] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3513.758307] memcg_kmem_charge_memcg+0x7c/0x130 [ 3513.762975] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3513.767465] ? lock_release+0xc40/0xc40 [ 3513.771449] memcg_kmem_charge+0x13b/0x340 [ 3513.775701] __alloc_pages_nodemask+0x7b8/0xdc0 [ 3513.780404] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3513.785443] ? rcu_pm_notify+0xd0/0xd0 [ 3513.789352] ? rcu_read_lock_sched_held+0x110/0x130 [ 3513.794373] ? kmem_cache_alloc_node+0x347/0x710 [ 3513.799132] ? pci_mmcfg_check_reserved+0x170/0x170 [ 3513.804160] copy_process+0x847/0x8710 [ 3513.808059] ? ___might_sleep+0x1e7/0x310 [ 3513.812212] ? arch_local_save_flags+0x50/0x50 [ 3513.816823] ? __schedule+0x1e60/0x1e60 [ 3513.820801] ? do_raw_spin_trylock+0x270/0x270 [ 3513.825407] ? __cleanup_sighand+0x70/0x70 [ 3513.829644] ? futex_wait_queue_me+0x539/0x810 [ 3513.834246] ? refill_pi_state_cache.part.0+0x310/0x310 [ 3513.839624] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3513.844666] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.849622] ? handle_futex_death+0x230/0x230 [ 3513.854115] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.859044] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3513.864274] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3513.869305] ? futex_wait+0x6e6/0xa40 [ 3513.873109] ? print_usage_bug+0xd0/0xd0 [ 3513.877172] ? futex_wait_setup+0x430/0x430 [ 3513.881495] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3513.886527] ? __lock_acquire+0x572/0x4a30 [ 3513.890763] ? kasan_check_read+0x11/0x20 [ 3513.894919] ? mark_held_locks+0x100/0x100 [ 3513.899182] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3513.904287] ? try_to_wake_up+0xf9/0x1480 [ 3513.908439] ? do_futex+0x1b0/0x2910 [ 3513.912159] ? migrate_swap_stop+0x920/0x920 [ 3513.916568] ? rwsem_wake+0x2f5/0x4a0 [ 3513.920372] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.925298] ? add_lock_to_list.isra.0+0x450/0x450 [ 3513.930229] ? exit_robust_list+0x290/0x290 [ 3513.934554] ? rwsem_wake+0x2f5/0x4a0 [ 3513.938360] ? __might_fault+0x12b/0x1e0 [ 3513.942419] ? find_held_lock+0x35/0x120 [ 3513.946509] ? __might_fault+0x12b/0x1e0 [ 3513.950584] ? lock_acquire+0x1db/0x570 [ 3513.954563] ? lock_downgrade+0x910/0x910 [ 3513.958752] ? lock_release+0xc40/0xc40 [ 3513.962724] ? trace_hardirqs_off_caller+0x300/0x300 [ 3513.967831] _do_fork+0x1a9/0x1170 [ 3513.971379] ? fork_idle+0x1d0/0x1d0 [ 3513.975098] ? kasan_check_read+0x11/0x20 [ 3513.979263] ? _copy_to_user+0xc9/0x120 [ 3513.983238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3513.988779] ? put_timespec64+0x115/0x1b0 [ 3513.992926] ? nsecs_to_jiffies+0x30/0x30 [ 3513.997074] ? do_syscall_64+0x8c/0x800 [ 3514.001048] ? do_syscall_64+0x8c/0x800 [ 3514.005030] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3514.009611] ? trace_hardirqs_on+0xbd/0x310 [ 3514.013927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3514.019481] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3514.024850] ? trace_hardirqs_off_caller+0x300/0x300 [ 3514.029965] __x64_sys_clone+0xbf/0x150 [ 3514.033961] do_syscall_64+0x1a3/0x800 [ 3514.037866] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3514.042797] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3514.047817] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3514.052668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3514.057856] RIP: 0033:0x457ec9 [ 3514.061054] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3514.079971] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3514.087698] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9 [ 3514.094964] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3514.102229] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3514.109520] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3514.116802] R13: 00000000004be2a0 R14: 00000000004ce760 R15: 00000000ffffffff [ 3514.124089] [ 3514.125710] Allocated by task 15809: [ 3514.129427] save_stack+0x45/0xd0 [ 3514.132877] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3514.137806] kasan_slab_alloc+0xf/0x20 [ 3514.141706] kmem_cache_alloc_node+0x144/0x710 [ 3514.146285] copy_process+0x405b/0x8710 [ 3514.150259] _do_fork+0x1a9/0x1170 [ 3514.153799] __x64_sys_clone+0xbf/0x150 [ 3514.157790] do_syscall_64+0x1a3/0x800 [ 3514.161695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3514.166886] [ 3514.168503] Freed by task 15817: [ 3514.171869] save_stack+0x45/0xd0 [ 3514.175322] __kasan_slab_free+0x102/0x150 [ 3514.179571] kasan_slab_free+0xe/0x10 [ 3514.183383] kmem_cache_free+0x86/0x260 [ 3514.187382] free_task+0x170/0x1f0 [ 3514.190920] __put_task_struct+0x2e0/0x630 [ 3514.195152] put_task_struct+0x4b/0x60 [ 3514.199043] oom_kill_process.cold+0x93a/0x9d4 [ 3514.203620] out_of_memory+0x885/0x1420 [ 3514.207590] mem_cgroup_out_of_memory+0x160/0x210 [ 3514.212431] try_charge+0xd44/0x19b0 [ 3514.216145] memcg_kmem_charge_memcg+0x7c/0x130 [ 3514.220823] memcg_kmem_charge+0x13b/0x340 [ 3514.225069] __alloc_pages_nodemask+0x7b8/0xdc0 [ 3514.229741] copy_process+0x847/0x8710 [ 3514.233628] _do_fork+0x1a9/0x1170 [ 3514.237166] __x64_sys_clone+0xbf/0x150 [ 3514.241144] do_syscall_64+0x1a3/0x800 [ 3514.245036] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3514.250215] [ 3514.251852] The buggy address belongs to the object at ffff8880595f6540 [ 3514.251852] which belongs to the cache task_struct(33:syz1) of size 6080 [ 3514.265374] The buggy address is located 1792 bytes inside of [ 3514.265374] 6080-byte region [ffff8880595f6540, ffff8880595f7d00) [ 3514.277413] The buggy address belongs to the page: [ 3514.282342] page:ffffea0001657d80 count:1 mapcount:0 mapping:ffff888091f65840 index:0x0 compound_mapcount: 0 [ 3514.292306] flags: 0x1fffc0000010200(slab|head) [ 3514.296979] raw: 01fffc0000010200 ffffea00028b3288 ffffea0002612788 ffff888091f65840 [ 3514.304874] raw: 0000000000000000 ffff8880595f6540 0000000100000001 ffff888057fe2b00 [ 3514.312739] page dumped because: kasan: bad access detected [ 3514.318452] page->mem_cgroup:ffff888057fe2b00 [ 3514.322962] [ 3514.324582] Memory state around the buggy address: [ 3514.329526] ffff8880595f6b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3514.336897] ffff8880595f6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3514.344249] >ffff8880595f6c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3514.351597] ^ [ 3514.357054] ffff8880595f6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3514.364411] ffff8880595f6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3514.371763] ================================================================== [ 3514.379113] Disabling lock debugging due to kernel taint [ 3514.385330] protocol 88fb is buggy, dev hsr_slave_0 [ 3514.390416] protocol 88fb is buggy, dev hsr_slave_1 [ 3514.395503] protocol 88fb is buggy, dev hsr_slave_0 [ 3514.400586] protocol 88fb is buggy, dev hsr_slave_1 [ 3514.406347] Kernel panic - not syncing: panic_on_warn set ... [ 3514.412239] CPU: 1 PID: 15817 Comm: syz-executor1 Tainted: G B 5.0.0-rc2+ #29 [ 3514.420808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3514.430149] Call Trace: [ 3514.432736] dump_stack+0x1db/0x2d0 [ 3514.436376] ? dump_stack_print_info.cold+0x20/0x20 [ 3514.441409] panic+0x2cb/0x65c [ 3514.444598] ? add_taint.cold+0x16/0x16 [ 3514.448585] ? trace_hardirqs_on+0xb4/0x310 [ 3514.452899] ? trace_hardirqs_on+0xb4/0x310 [ 3514.457221] ? oom_kill_process.cold+0x484/0x9d4 [ 3514.461975] end_report+0x47/0x4f [ 3514.465424] ? oom_kill_process.cold+0x484/0x9d4 [ 3514.470178] kasan_report.cold+0xe/0x40 [ 3514.474155] ? oom_kill_process.cold+0x484/0x9d4 [ 3514.478910] __asan_report_load8_noabort+0x14/0x20 [ 3514.483840] oom_kill_process.cold+0x484/0x9d4 [ 3514.488429] ? oom_evaluate_task+0x540/0x540 [ 3514.492835] ? mem_cgroup_iter_break+0x30/0x30 [ 3514.497415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3514.502958] ? rcu_read_unlock_special+0x380/0x380 [ 3514.507891] out_of_memory+0x885/0x1420 [ 3514.511866] ? mem_cgroup_iter+0x508/0xf30 [ 3514.516102] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3514.521205] ? oom_killer_disable+0x340/0x340 [ 3514.525715] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3514.530816] ? lock_acquire+0x1db/0x570 [ 3514.534796] mem_cgroup_out_of_memory+0x160/0x210 [ 3514.539642] ? do_raw_spin_unlock+0xa0/0x330 [ 3514.544050] ? memcg_memory_event+0x40/0x40 [ 3514.548368] ? do_raw_spin_trylock+0x270/0x270 [ 3514.552957] ? _raw_spin_unlock+0x2d/0x50 [ 3514.557112] try_charge+0xd44/0x19b0 [ 3514.560829] ? lock_downgrade+0x910/0x910 [ 3514.564975] ? kasan_check_read+0x11/0x20 [ 3514.569125] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3514.573965] ? get_mem_cgroup_from_mm+0x1cd/0x420 [ 3514.578815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3514.584353] ? lock_downgrade+0x910/0x910 [ 3514.588530] ? kasan_check_read+0x11/0x20 [ 3514.592691] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 3514.597965] ? rcu_read_unlock_special+0x380/0x380 [ 3514.602894] ? get_mem_cgroup_from_mm+0x1ea/0x420 [ 3514.607747] memcg_kmem_charge_memcg+0x7c/0x130 [ 3514.612413] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3514.616902] ? lock_release+0xc40/0xc40 [ 3514.620966] memcg_kmem_charge+0x13b/0x340 [ 3514.625214] __alloc_pages_nodemask+0x7b8/0xdc0 [ 3514.629898] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 3514.634910] ? rcu_pm_notify+0xd0/0xd0 [ 3514.638801] ? rcu_read_lock_sched_held+0x110/0x130 [ 3514.643824] ? kmem_cache_alloc_node+0x347/0x710 [ 3514.648580] ? pci_mmcfg_check_reserved+0x170/0x170 [ 3514.653597] copy_process+0x847/0x8710 [ 3514.657509] ? ___might_sleep+0x1e7/0x310 [ 3514.661657] ? arch_local_save_flags+0x50/0x50 [ 3514.666237] ? __schedule+0x1e60/0x1e60 [ 3514.670210] ? do_raw_spin_trylock+0x270/0x270 [ 3514.674793] ? __cleanup_sighand+0x70/0x70 [ 3514.679050] ? futex_wait_queue_me+0x539/0x810 [ 3514.683643] ? refill_pi_state_cache.part.0+0x310/0x310 [ 3514.689001] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3514.694034] ? add_lock_to_list.isra.0+0x450/0x450 [ 3514.698965] ? handle_futex_death+0x230/0x230 [ 3514.703460] ? add_lock_to_list.isra.0+0x450/0x450 [ 3514.708383] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3514.713572] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3514.718603] ? futex_wait+0x6e6/0xa40 [ 3514.722401] ? print_usage_bug+0xd0/0xd0 [ 3514.726473] ? futex_wait_setup+0x430/0x430 [ 3514.730797] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 3514.735809] ? __lock_acquire+0x572/0x4a30 [ 3514.740048] ? kasan_check_read+0x11/0x20 [ 3514.744203] ? mark_held_locks+0x100/0x100 [ 3514.748457] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3514.753560] ? try_to_wake_up+0xf9/0x1480 [ 3514.757726] ? do_futex+0x1b0/0x2910 [ 3514.761455] ? migrate_swap_stop+0x920/0x920 [ 3514.765859] ? rwsem_wake+0x2f5/0x4a0 [ 3514.769819] ? add_lock_to_list.isra.0+0x450/0x450 [ 3514.774742] ? add_lock_to_list.isra.0+0x450/0x450 [ 3514.779668] ? exit_robust_list+0x290/0x290 [ 3514.783999] ? rwsem_wake+0x2f5/0x4a0 [ 3514.787804] ? __might_fault+0x12b/0x1e0 [ 3514.791862] ? find_held_lock+0x35/0x120 [ 3514.795921] ? __might_fault+0x12b/0x1e0 [ 3514.799978] ? lock_acquire+0x1db/0x570 [ 3514.803952] ? lock_downgrade+0x910/0x910 [ 3514.808099] ? lock_release+0xc40/0xc40 [ 3514.812072] ? trace_hardirqs_off_caller+0x300/0x300 [ 3514.817178] _do_fork+0x1a9/0x1170 [ 3514.820746] ? fork_idle+0x1d0/0x1d0 [ 3514.824452] ? kasan_check_read+0x11/0x20 [ 3514.828595] ? _copy_to_user+0xc9/0x120 [ 3514.832568] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3514.838103] ? put_timespec64+0x115/0x1b0 [ 3514.842247] ? nsecs_to_jiffies+0x30/0x30 [ 3514.846392] ? do_syscall_64+0x8c/0x800 [ 3514.850362] ? do_syscall_64+0x8c/0x800 [ 3514.854350] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3514.858933] ? trace_hardirqs_on+0xbd/0x310 [ 3514.863253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3514.868790] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3514.874151] ? trace_hardirqs_off_caller+0x300/0x300 [ 3514.879253] __x64_sys_clone+0xbf/0x150 [ 3514.883226] do_syscall_64+0x1a3/0x800 [ 3514.887111] ? syscall_return_slowpath+0x5f0/0x5f0 [ 3514.892048] ? prepare_exit_to_usermode+0x232/0x3b0 [ 3514.897095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3514.902458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3514.907642] RIP: 0033:0x457ec9 [ 3514.910832] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3514.929730] RSP: 002b:00007f36f091cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3514.937433] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9 [ 3514.944723] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 3514.951983] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 3514.959251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36f091d6d4 [ 3514.966536] R13: 00000000004be2a0 R14: 00000000004ce760 R15: 00000000ffffffff [ 3516.141734] Shutting down cpus with NMI [ 3516.146838] Kernel Offset: disabled [ 3516.150461] Rebooting in 86400 seconds..