0), r0, &(0x7f0000001980), 0x9, 0xf) ioctl$BINDER_WRITE_READ(r18, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done={0x40046302}], 0x0, 0x0, 0x0}) 09:00:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x103, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x4c, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 586.328672][T30797] __nla_parse: 9 callbacks suppressed [ 586.328735][T30797] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 586.355873][T30798] binder: BC_ACQUIRE_RESULT not supported [ 586.362124][T30798] binder: 30794:30798 ioctl c0306201 200003c0 returned -22 09:00:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x60, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x10f, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 586.385419][T30805] binder: BC_ACQUIRE_RESULT not supported [ 586.395627][T30805] binder: 30794:30805 ioctl c0306201 200003c0 returned -22 [ 586.429268][T30813] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:07 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x244041) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000080)={{0xaf, @dev={0xac, 0x14, 0x14, 0x15}, 0x4e24, 0x3, 'lblc\x00', 0x9, 0x9, 0x45}, {@empty, 0x4e20, 0x2, 0x7, 0x2ce, 0x1}}, 0x44) ioctl$TIOCGPTPEER(r0, 0x5441, 0xfffffffffffffffe) 09:00:07 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r3, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:07 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) name_to_handle_at(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x105, 0x9, "8496498a7fe6e746b8e35d7521901d357084a331a907ae4d3aa6253b01666e96f5efddf042a0f620a684e2df75ee45a708523b25aa9cc3ccb2a922096d4204f01a916e3ac56af4bf2b17152c6fc98d365f6964b3334d5f2cc39424cf961239b232c68cf7dce57ab8ccf943f952d11c59959037125502af485c627ad2b746b7f456b0ccb9a94eb4efcb7951e327eff7cd207fa3f5dd7dda26bc37d7884466bdc714fbe7ef763239d4a9cd273bca8cfce664e5f0ba9e767ffc7597be005de71bc684bb72d8faff069370001e7ddebb9bffe679c9f3aa0d0921d7c43cae409d0dc16c8177a3e286c2e0b37a5f490aeccd36c37c4023a1f81cbe342cb5a2df"}, &(0x7f0000000080), 0x1000) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX=r1], 0x12) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f00000001c0)=ANY=[], 0xfed2) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}]}, 0xda00) write$cgroup_int(r2, &(0x7f0000000200), 0x44000) openat$cgroup_ro(r2, &(0x7f0000000180)='cpuset.memory_pressure\x00', 0x0, 0x0) write$selinux_attr(r2, &(0x7f00000001c0)='system_u:object_r:shell_exec_t:s0\x00', 0x22) 09:00:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x68, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:07 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3fc, 0x0, 0x0, 0x0, 0x0) 09:00:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x159, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:07 executing program 3: socket$inet(0x10, 0x3, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000580)) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82) r1 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$get_keyring_id(0x0, r1, 0x0) r2 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x85nG\x13g\xa6\x05', 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) r3 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f0000000080)=@req3={0x10000, 0x100000001, 0x10000}, 0x1c) r4 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x3ae, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, 0x0) listxattr(&(0x7f0000000380)='./file0\x00', &(0x7f00000013c0)=""/21, 0xfffffea1) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) openat$pfkey(0xffffffffffffff9c, 0x0, 0xbfffe, 0x0) timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) 09:00:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6c, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 586.634114][T30834] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 586.651473][T30834] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 586.778279][T30851] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x6) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) sysfs$2(0x2, 0x3ff, &(0x7f0000000140)=""/113) r1 = inotify_init1(0x80000) ioctl$INOTIFY_IOC_SETNEXTWD(r1, 0x40044900, 0xfff) 09:00:07 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$inet6_dccp(0xa, 0x6, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x400000000000, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x400, 0x90140) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0xb1}, {0x16}]}) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0xa00, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x80800) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) listen(r4, 0x1) 09:00:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 586.914331][T30848] XFS (loop0): Invalid superblock magic number [ 586.993275][T30869] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 587.213857][T30837] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 587.232892][T30837] CPU: 1 PID: 30837 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 587.244348][T30837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.254584][T30837] Call Trace: [ 587.258853][T30837] dump_stack+0x172/0x1f0 [ 587.258878][T30837] dump_header+0x10f/0xb6c [ 587.268049][T30837] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 587.268075][T30837] ? ___ratelimit+0x60/0x595 [ 587.278645][T30837] ? do_raw_spin_unlock+0x57/0x270 [ 587.287828][T30837] oom_kill_process.cold+0x10/0x15 [ 587.293008][T30837] out_of_memory+0x79a/0x1280 [ 587.298759][T30837] ? lock_downgrade+0x880/0x880 [ 587.303626][T30837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 587.314319][T30837] ? oom_killer_disable+0x280/0x280 [ 587.319612][T30837] ? find_held_lock+0x35/0x130 [ 587.324479][T30837] mem_cgroup_out_of_memory+0x1ca/0x230 [ 587.330270][T30837] ? memcg_event_wake+0x230/0x230 [ 587.335302][T30837] ? do_raw_spin_unlock+0x57/0x270 [ 587.340949][T30837] ? _raw_spin_unlock+0x2d/0x50 [ 587.345888][T30837] try_charge+0x118d/0x1790 [ 587.350581][T30837] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 587.356486][T30837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 587.362806][T30837] ? kasan_check_read+0x11/0x20 [ 587.368785][T30837] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 587.374952][T30837] mem_cgroup_try_charge+0x24d/0x5e0 [ 587.380643][T30837] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 587.386359][T30837] wp_page_copy+0x408/0x1740 [ 587.394086][T30837] ? find_held_lock+0x35/0x130 [ 587.400667][T30837] ? pmd_pfn+0x1d0/0x1d0 [ 587.405773][T30837] ? lock_downgrade+0x880/0x880 [ 587.411393][T30837] ? __pte_alloc_kernel+0x220/0x220 [ 587.417279][T30837] ? kasan_check_read+0x11/0x20 [ 587.422316][T30837] ? do_raw_spin_unlock+0x57/0x270 [ 587.427510][T30837] do_wp_page+0x5d8/0x16c0 [ 587.433236][T30837] ? do_raw_spin_lock+0x12a/0x2e0 [ 587.438248][T30837] ? rwlock_bug.part.0+0x90/0x90 [ 587.443184][T30837] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 587.448552][T30837] ? add_mm_counter_fast.part.0+0x40/0x40 [ 587.454282][T30837] __handle_mm_fault+0x22e8/0x3ec0 [ 587.459386][T30837] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 587.465309][T30837] ? find_held_lock+0x35/0x130 [ 587.470233][T30837] ? handle_mm_fault+0x322/0xb30 [ 587.475193][T30837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 587.487863][T30837] ? kasan_check_read+0x11/0x20 [ 587.493147][T30837] handle_mm_fault+0x43f/0xb30 [ 587.497909][T30837] __do_page_fault+0x5ef/0xda0 [ 587.502874][T30837] do_page_fault+0x71/0x581 [ 587.507380][T30837] page_fault+0x1e/0x30 [ 587.511522][T30837] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 587.518095][T30837] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 587.539347][T30837] RSP: 0018:ffff88809f68fab8 EFLAGS: 00010206 [ 587.545489][T30837] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 587.553449][T30837] RDX: 0000000000001000 RSI: ffff888059587b00 RDI: 00000000209a1000 [ 587.562719][T30837] RBP: ffff88809f68faf0 R08: ffffed100b2b1000 R09: 0000000000000000 [ 587.570674][T30837] R10: ffffed100b2b0fff R11: ffff888059587fff R12: 00000000209a0500 [ 587.578729][T30837] R13: ffff888059587000 R14: 00000000209a1500 R15: 00007ffffffff000 [ 587.588035][T30837] ? copyout+0xe2/0x100 [ 587.592304][T30837] copy_page_to_iter+0x3b6/0xd60 [ 587.597331][T30837] ? kill_fasync+0x323/0x4a0 [ 587.602539][T30837] pipe_to_user+0xb4/0x170 [ 587.606960][T30837] __splice_from_pipe+0x395/0x7d0 [ 587.611989][T30837] ? iter_to_pipe+0x560/0x560 [ 587.617131][T30837] do_vmsplice.part.0+0x249/0x2b0 [ 587.622336][T30837] ? do_tee+0x850/0x850 [ 587.626477][T30837] ? import_iovec+0x12e/0x200 [ 587.631314][T30837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 587.637678][T30837] __do_sys_vmsplice+0x1b9/0x210 [ 587.642786][T30837] ? vmsplice_type.isra.0+0x160/0x160 [ 587.648338][T30837] ? kasan_check_read+0x11/0x20 [ 587.653529][T30837] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 587.659773][T30837] ? put_timespec64+0xda/0x140 [ 587.664525][T30837] ? nsecs_to_jiffies+0x30/0x30 [ 587.669376][T30837] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 587.674996][T30837] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 587.681064][T30837] ? do_syscall_64+0x26/0x610 [ 587.685847][T30837] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 587.692290][T30837] ? do_syscall_64+0x26/0x610 [ 587.697136][T30837] __x64_sys_vmsplice+0x97/0xf0 [ 587.702262][T30837] do_syscall_64+0x103/0x610 [ 587.706875][T30837] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 587.713544][T30837] RIP: 0033:0x457f29 [ 587.717430][T30837] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 587.750516][T30837] RSP: 002b:00007f975b212c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 587.761707][T30837] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 587.770464][T30837] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000007 [ 587.778621][T30837] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 587.797619][T30837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2136d4 [ 587.805998][T30837] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 587.815972][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 587.822505][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 587.828537][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 587.840394][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 587.870883][T30837] memory: usage 307136kB, limit 307200kB, failcnt 2932 [ 587.878253][T30837] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 587.890515][T30837] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 587.898684][T30837] Memory cgroup stats for /syz2: cache:52KB rss:290320KB rss_huge:260096KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278496KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 587.926346][T30837] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30763,uid=0 [ 587.944689][T30837] Memory cgroup out of memory: Killed process 30763 (syz-executor.2) total-vm:72708kB, anon-rss:16556kB, file-rss:35800kB, shmem-rss:0kB 09:00:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x7a, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f00000001c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0x81785501, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1ffff, 0x1) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) fcntl$getflags(r0, 0x40a) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000000)) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x7b1f, {{0xa, 0x4e23, 0x383, @mcast1, 0x3ff}}, 0x0, 0x6, [{{0xa, 0x4e22, 0x7f, @mcast1, 0x6}}, {{0xa, 0x4e22, 0x1ff, @empty, 0x3}}, {{0xa, 0x4e21, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x200}}, {{0xa, 0x4e20, 0x401, @loopback, 0xfff}}, {{0xa, 0x4e23, 0x3, @empty, 0x7}}, {{0xa, 0x4e22, 0x557e, @dev={0xfe, 0x80, [], 0x16}, 0x100000001}}]}, 0x390) 09:00:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 588.012564][ T26] audit: type=1800 audit(1552122008.877:18045): pid=30892 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16739 res=0 [ 588.064017][T30895] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:09 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x500, 0x0, 0x0, 0x0, 0x0) 09:00:09 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, 0x0, &(0x7f0000000180)) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:09 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1, 0x80000) ioctl$VIDIOC_QUERYSTD(0xffffffffffffffff, 0x8008563f, &(0x7f0000000040)=0x0) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000080)=r1) sendto$netrom(r0, &(0x7f00000000c0)="0acfcbea1590959d66d0f25dc0f6118127be70b255d5b02aa39712edd135e571e2e8298053e8d0b372dd7202a2f3e0ffa7c677cff4abcb52b0ebb63a1eb23fe140ef24ded0db00296268130c5792639d2b69394f0914209628434446b6486895cae81e2aad10f5e459875f2e96b3bbe6060ee5210f3b0e5820974cfe1da27e70d5c9a8d7a670b83a8e713b9ea77adb8682df380eb7f056432d6446722dd0449e78517529294ab0d22dee5c4ab913f5b326efce165d3aaf387b8b8c36aff3382fec539f7ddb8aec0c2ad49e555a80313c5a70bf09995f9ca196e9267eb5e1402e18cab278ca7b50e2", 0xe8, 0x4, &(0x7f00000001c0)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1}, [@bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x13, 0x3, 0x7ff, 0x5, 0x8, r0, 0x3}, 0x2c) write$apparmor_exec(r0, &(0x7f0000000280)={'stack ', '.trustedeth1vboxnet1f\x00'}, 0x1c) syz_genetlink_get_family_id$net_dm(&(0x7f00000002c0)='NET_DM\x00') openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) ioctl$VT_RELDISP(r0, 0x5605) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000340)={{0x2, 0x4e20, @multicast2}, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}}, 0x10, {0x2, 0x4e23, @empty}, 'batadv0\x00'}) getsockopt$inet6_dccp_int(r0, 0x21, 0x6, &(0x7f00000003c0), &(0x7f0000000400)=0x4) syz_genetlink_get_family_id$net_dm(&(0x7f0000000440)='NET_DM\x00') r3 = getpgid(0xffffffffffffffff) tkill(r3, 0x31) prctl$PR_SET_PDEATHSIG(0x1, 0x3e) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000480)={0x4, 0x1ff, 0x7, 'queue1\x00', 0x2}) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000540)={{0x8, 0x3, 0x8000, 0x101, 'syz1\x00', 0xfffffffffffffffb}, 0x0, [0x5, 0x2, 0x200000, 0x7, 0x2, 0x1ff, 0x9, 0xc12, 0xebc, 0x7, 0x100000000, 0x1, 0x0, 0xb6, 0x1ff, 0x3, 0x4, 0x1000, 0x1000, 0x3, 0xf3, 0x3ff, 0xc9, 0x2, 0x7, 0x8, 0x101, 0x8, 0x3, 0x7, 0x7, 0x3, 0x0, 0x9, 0xffffffffffffffff, 0xffffffffffffffc1, 0xf4ff, 0x4, 0xddfd, 0x5, 0x9, 0xff, 0xffffffffffffffff, 0xffffffffffffffff, 0x7, 0x9, 0x0, 0x8, 0x2, 0x9, 0x5, 0x4, 0x100000001, 0x6, 0x2, 0x1, 0x5, 0x7, 0x8, 0xffffffffffffffe0, 0x200, 0x5, 0x100, 0x1, 0x10000, 0x80000000, 0xab, 0x4, 0xf04, 0x9, 0x3a43, 0xd0de, 0x8, 0x0, 0x9, 0x3ff, 0x9d, 0x5, 0x7322, 0x5, 0x800, 0x1f, 0x2, 0x101, 0x138, 0x6, 0x100000001, 0xc15e, 0x7ff, 0x1, 0xfffffffffffffeff, 0x7fff, 0x6, 0x8, 0x7, 0x5f, 0x10000, 0xd7, 0x800, 0x3, 0x8, 0xfff, 0x7, 0x0, 0x4, 0xb0d, 0x100, 0x7, 0x1ff, 0x6, 0x91, 0x200, 0x8, 0x7a5, 0x8, 0x1000, 0xffff, 0x1ff, 0x401, 0x5, 0x0, 0x1, 0x6, 0x3f, 0x7, 0x40, 0x6, 0x5], {0x0, 0x989680}}) r4 = msgget(0x3, 0x461) msgsnd(r4, &(0x7f0000000a40)={0x0, "661e4d96b2598e29418e5274587bbb0978a4"}, 0x1a, 0x800) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/ptmx\x00', 0x121401, 0x0) ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000ac0)=0xff) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000b00)={{0x29, @loopback, 0x4e21, 0x1, 'rr\x00', 0x3, 0x5}, {@remote, 0x4e20, 0x0, 0x9, 0x7f, 0x8}}, 0x44) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000bc0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000001040)={&(0x7f0000000b80), 0xc, &(0x7f0000001000)={&(0x7f0000000c00)={0x3e4, r5, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xb9f}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x400}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x110f86ab}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffffffffffb}]}, @TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xd3de}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2e}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffffffffffe}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_NET={0x10, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x200}]}, @TIPC_NLA_LINK={0x60, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffffffffffe01}]}, @TIPC_NLA_BEARER={0xc0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xfffffffffffffff8}}, {0x14, 0x2, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x13}}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'bond_slave_1\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x2ecf, @rand_addr="d16c374937a28a6065badcd81d04e608", 0x6}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x6, @mcast1, 0x200}}}}]}, @TIPC_NLA_LINK={0xf8, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x64c7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff80000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MEDIA={0xfc, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9788}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x120}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd8a3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}]}]}, 0x3e4}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) setxattr$security_selinux(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)='security.selinux\x00', &(0x7f0000001100)='system_u:object_r:public_content_t:s0\x00', 0x26, 0x2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001180)={r2, 0x28, &(0x7f0000001140)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000011c0)={r6, 0x3ff, 0x8}, 0xc) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000001200)=r2, 0x4) 09:00:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup2(r0, r0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x80000001, 0x0) fcntl$getown(r3, 0x9) ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f00000000c0)={r2, 0x6, 0x4, 0x80000000, 0x10001, 0x8, 0x8}) ioctl$NBD_DISCONNECT(r3, 0xab08) write(r0, &(0x7f0000000200)="2031f4e371ebfe9ad693ecd40696da6b50fe2ed111c49f19f6a483429ed2adf7e8ebddf1bbf458fdea9a91244d87d2ba2b6e241b40d33e5cee2cf35ef224fdf691aa7704db683c5f8307c7f02a6905b1fc8a633ef1593355fda03199a760ee8aea5d78499c82b302557b441a4f2357f07418ae6295c7c20181afb861d24770be3cc2014dfafbc449068dd1acd08a7f3cabe4cd6fcb2231e020183602b12429b42ffd58b3611c1044d3b8418a01d50a51bd66d61cd12c36ef0c7a1ce50360249b90389e2ed86e9c0833a0bb7ae047cc830bc0ba0fbf12c12753c0a5ca6f1778d1cb29fafd2f7562c43a685eccf0e663515eeb5d4ba45f624b78345d8723a15e4096193a4ea8d94a9cd133536f5a4108fa72224a4f2b5f7673a54d3c026c8b2ecd266236b6637234ca2667f908a71d6490d0a3d4de5c3f60f6382e919998b053bbb93601803333ca457b1f5f3bf62f15c2c0ddf03d670eff61ee925a65ceb1e0c37d735f3bcab9db5a8de27be08bb8b2ebd49001950b7a5274a5c65f7538d8e2686cb7569e8bb8773ee8b5e62f3b5903be6a2040ebdcb86b984709a3a1100631bbfbe7e1d829bf17a362e0c14f2eb6c1805dcd001096241fead35ee591c804782ce7cbd7c66952ed62976db28306f3b3072e9040a8740dfa6021f67ab0604d6292338271058db0f47afe483b64a806574f78bc242c4458ab88220a0abcde17d95fed34b11255d3ba4c1b9431a723a5d53bd7dabc313b5a3cbe145fbe533ccb4c26515f645044fec6ca8ad559d8014de40af7c2bf4e31d296afd4f43f80c381d38ad2fb3b3b966660fd6c4199881bf25be36683934960fcf8b857ae30cbcb5b2a35f3b5c0612966a8d5f5da6760fca81d30c1ac4470006ad3d2fe112519b238b09bd6b282bd8963773d0f36ebadfd0b920ed690d29672c914666bdb14d853394f9468e1241c541917efa00eface0b16b82d465f26d2315d141443937968af1c41abddd5169c924a267466177835b41ff4ed45952d6c8d2b546f1150cf85cb76b1efc930de3ba3385700eef2a24a3bdf8a0e7700f23d28bf911493354aec89d2ba864cd0708549549c7e4164950c91e86996c6c350823e8cc2c7c737793407474065747509949fd762705ed0da9e9a084e58e70c6e246305251a8b2fa0c9ef791fb033f1c0efc39397d01832c12f6727d232762f47e09bf9b2d831cac8bd2a7a32f2fca1d13c22aa99caecaa1e8a0cd4569c583d04ebc0a0d94e2331dcd3eb2b764393f862a8e33434f939f819cd3716c9813eaa91dffdea5ab06ba0d0835e50c74c44d81006ca3d0e9085cb170b0769fb1072581f8c2a547a0682fa74c880ebda35a1a59bf18c0db7a2f7be7305206107153cdf6b2216e5bfcb3bc68db10d978761a49b34b824056a3c25f7800adece341b0f0a1cbbf30fd19f0a9193b3516c9b86f658d81cfc3f62f3f5548478a24a5218544ce006a9683f70dd27f55d100a1550619d89bad52cee5a3479bb8028bb4e6ff6b41e7da29a388366d9803aecfd9b81da5811fcd5577f2462c69348d047c9976c571e04476e1cb9db22ee9f474087bf6728429cb35546cd6c6271eb62ffb50acdb9d20c965e68ad29abfe5a5559faa7fcbd8e49e9876a63237d0ade21d0356d065346947b7ae309ed7878dd4e0aa19b7c79e627465de7c6f10529eb76ba342dcfd7217002c2f6653eb696e367329eefc632b948f2d2296fe0e95a71719d1c9be2e6169b5b5fdfb6b31cd8263ed1fcddc8bf9cf5858e22ce0226738bbda0a55ef27732a782396bd51839d0d4432e629cfd342771d40bff72ae04609eca099ae1e51c2b0a791153a5876fbc3395e4f62fee6ae97351cfdda688555caa7d05f75ae58f0917e62a9b00ab04ff86f6d9aa18a0d4f0c2b6f99a26750824bc1a770c1382cd9639bc666c1259adb21c1b8bcd1668dcdc6859e4ed5e1d702f8087b0d74d83b8ab8028761d0d05e6977933a2652a7fd64d72e4f8cfc67d034a9963a4b1e2b36ae1f14f0fa1f593c446f9584080685fc6420a28134bfb3baea8e004213c17cbc4598121f9361890bac25365a9ac31cfa114431b9c8de2105c40a3b7bdcef72ccb1e7ae8cc204da1bdbd469ce7e1af94458ffacf905818aecdea103c07523b88599f99dfe03f8d6fd2aad2dc84ece937037dfce491c9f1a03044d83d3e3fd4f51cc151c54f11816d23cce08aa43f3c87800db71731b34b64fb75dd959cf9320e598d0058119b186c1607694205669cf51a482e1d5067c0f82c0edd542bf5ba23bc8fe3d18898a5b809bc7529b5fd026c5be992781e5a6267dd2655676ea3226348e386d09955cb8513ce3f8b9c0038eb0d7280ac17d15186c066bf3481115cde9e54ef0c1d7c369ffe3e3796ff268c3bc567b648cf3304bb260d164021d8ecc07dca897844cd261e2a4ef0208be1a43f0d600dd667c6a27b02a624531bb379eaa2aeaaa2834ab68e0eb796fcb264cab4ba140802522f44caab9bde16d155e702dad90a74b399469127aa381bdda3cfb46e81e5f7c6a6319398be208c10b2bcc158747fbfdaf708a73713ab0adc2e0607ae64b324efbef16ac8943e7da74021229e1b6916f6e767683d21b3ae927ac1f2ab4e128f7ae09d3fe0a1c40ae764591327c1ca6888267ffac800510cb7c7f2ef4a2e64efd1fb47a918a7867ec497e21f976563a4ccc4e2d22311bc395d9d918d4cbc3555ae3fdd21e1be4b4583f7e6c8f52558aa48177d5685465d99de9ab230cf600be9a743f13fc3bb58aea312a959d1ff231db5e28cb26e4328a10e3840c89ce5246e66a3eb974dabd5a0f8d9645ceb8e8984f374cb89127bd9c6b9463350371493a3724ac7bad8a71b3bae94183595ab6418a448c20811a5f31f9739b4ad45e4011ec0aed5f53a07af5a58f56f930ef0a2de2ddf37eb55ec24ca3842815dd59c8f1c4cbd0765e8dacb69d9d35ad126294c80443c60af280e30255f57d466b198ebf96f0f9534524d5ebb00cd031b91442ef3ce084f70e9b27d48f6d19b5c9024a65b3179c7b03fa13e904c8cbd0eb09cf3b30052686a76f8322abd001e632c4f7d94571728dd4701a7583390aceb1a4d1446f1c6abf4284b0050ab1fec01102342a911080fa964639a888f99be6fc0b23293824cfcfafb38e40eaba57e04436478427717496ad9c3aa9645319b88ac23b6bdc33128fe658d3772a130c472ce6b3ba05545fb8cf0d2af5bd81525d1a42720b01fa8eac6f80f3e1a613ad0de9d4cf4334ba903e91528e615f783fa3178ce5d46ebe6cd00432b283a3bfc357cf41cc709a5d05b39917940407db22c230c803f1366034b161c7fd77dcda48715e52f2b9faf89070b4a0625017a4659ae40bc0d9e93b5a1bcdf8b693c5ecf82729c763bf59aff9be82e0a3e8efbb393f4d010e381523a20ffc3ebac1bbf52946b7364c0e372f2bd30feb476d96ade22bd7f9666747bbf8066fffbb039d3f582583a2ddc8f268f058b95ed55e8b4053214c2da8bcacf9103d8a9b67052508188099d24a1038ec9f614a281b7a8a58ec4166aa608440659e96d7c95fd0834d7bee844e17864fda1520abdb0d2ba6988f9ba97261683b8d39c81d24d6c8ef68a46f431af11c8f411e8ae8151bde12c0b94a1ddc169a915d85b722d3ecaf54d374c97179d3dc4e9d67d1bac19cc2014a058200b7da0bb7d70596eb56b40f986b10264379f24b15d2dbd24be37ba8512e6da1dc14a47cfe8729218b13e25bc3b2ef49f9342dacd4d69aadcc38ee5c132cd6391623e5569d4d1ebf1d453d577d07c1169905f2c2f3e5a9f09d98e5485ef1923ba95c0e40520d2a1e53e2fdad6303e45d4556a8fd68310f4d2b45db6b007d710149c6820ab9876ffef3d13364cba4f61c3386936bd449641427ae847bdde0d9039a591d8a256f7346d0dd4ab74a9c4f2f165e73a605c2f37316e23ee3098e1c2d83559276a2ba8957b55bd017ed9568909ddd9cf288cc77c00e46dd5fb27b4f906a763439314f00ce3e7665f6987ab0fd7065503e1c15f423535d7d40f26e8c0f9bacd5b00f511d5e3a8e38b6d51d912278c461ef60179fd4a4064c6190eab83a68c5850445a48f4b633fd521cbfe2c4776ab57d9378eb5ca84097531d4035606d6ef088c6b41a69ee07ebc921bd674a57ad2948fa392f0b7d6b14935229fd9f1dead07292328a71bc88b00c222a762f09eac060948e27deecec6431541c8aed86916309238c25ccd35e1d9914808949ad8ad85dbaab345e2efa7ca231ff4e4431d31cea89f76595052d2603060f7279049e65744a941427322184ae1653cc817187cc5cb51fdc95362c1e5dc2261b39fd0512e94ef931342b68aba6b6830c6b4ce369a39fb98fa026b755bf257db0bd972b4967d25d0b05af659e0f05f74cc27a7d0e9a093babcdbecb33e009e6e4d105da333258a1481b92937a9df5f64a93a94da2cad7c99dfacf97adf3bda454a0b5569d20445542f77608f0df7f275384a138d35f936bd45d89e60b8da0548ccd780aabb5719c32351607d30cddc1168855d54de4c66b939dc0e8ac0d1a042b61d7bc0e82d0c0f0ae2ff442361f080494f0543290480721408f2a12206d83112980c86c30568c3702906143decce2e41bacebe041328c96253281cff373ad10b7d491004b29e3976e6f9481acf220332d0ec4826a951c35fa6662fb5ade5498a0d7dc17a2e0c614af4994e3cf6499362fd66526be81c4f820713f9ef76006e4d0a4b51a26e836fbd11a0efe129d330eea622803ebbdc9917812831113b8c9e93e2862b76ef63872dc3be2b96378eaa9bd075e029d5d0037c3715095f8774c7f5371821dcb569e459ddf3d6da81b719e5b4718993035346226dedd675a662a372a8af63bb521f3ad0a9361bb1ab3891485874565abab837115ddf993415db7d33d159cf444e53f68ddde25afc61cc687d1ee300d52dc19b4a6e22c475ef502cc7bfea6d1c5093463c981277d2f61a3e47e97715032e470f625097c2b659c342c3bc8d634da7b629714904715221c704d2da1a503927eb45454f620a0a3d6694f3d17cf2417f9bdfa21e6ca93507769421f323ae53a2e0593e70d672ef750eee3e3baaec3e16ab522271bede1cff6af4a16a4c0a0a31e4dcc01ff4012052210ac1288c89d4d7fd2f0c49997322766844b5bc5f4be6d8ed3cea8095a3f7b899424a6c31a4750968e34622c1cf64b7c84b8cc37da26bd85e63f6c5434fc9325cc2f358690806b8e403a118b7dec6d51b3edb1a8999045f0ccc06cd5c641c401985a1a60ba78be4df39f03a958978937a74a7d8bb866cb0e823938758b186c6a71663c288b5151a81f102bafd30bc68649866eb4d2066530dd92edaf8cb41e84ed705c884226c2ce16a60c2cdd880826b2bc811116bbfb460eff57fc3d55302647d225eab027d4526e6284483956bfacdafe4091495f6c1e1afd8a4cf9eb00d48892c3e79e6a3cc7650823495146fad935098fcf9af0f56d00da55a9eae1547d07661ea7a40cc986b5bc3b9581ec0525563dbbd60b32336ab5cc562695f1117cff252238dc979e34a283173cec2aa415c0c3fa0cead8c9158fafa6a1ca14575160555c8151010ef380b8597a53479ac633b6925e8a7b3e351fb84c959c90a5363bf115146008877e62a8fc4f8f2abaafaa5562796257d5bf85b710543e510fd5b7fbbbffa883bc6a54201975e23434de09ccad55c1bc86860b45ee08162d72f1bd741165f0872758dde8254e6ba768a79973f7a2eeeed245402c8406bf1fe6bffaefd1", 0x1000) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xc, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="180000c01cd06cf4847f26de6e1c0000000000000000000000000061104c00000000009500000000000000ebbb7cac0372f6ae19c055f70303ed071544b08f984cc17956fce7630e69a082e37fb2c9294ca4b8062a3437d04fadbd424ca649ac22fe33c417bc561e8a11a07425c36e7493558afb222bf065d7b6687abe1e575d1e17c5a4c78a907f6ae47b93f8a47ea9cfcb427e37b7ca94839a0b069b76f91d22e7606995f41f5cbf81b79a8d5869ab73463e58fcd7fb1025e352e4c7c3f6298297b609d2ce965b4c0bb2578e0ab44ed450197cc1b3ee64f4e8e42d4a9ccd948e833396266608a3a9c0750310b0b719"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0xffffffffffffff4b) 09:00:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 588.178530][T30907] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:09 executing program 5: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xfffffffffffffc29, 0xab, 0x0, &(0x7f0000000280)=""/175}, 0x28) r0 = socket$kcm(0x2, 0x8000000000002, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x401, 0x40000) write$UHID_SET_REPORT_REPLY(r1, &(0x7f00000000c0)={0xe, 0x7, 0x0, 0xfffffffffffffffa, 0x67, "9c7e165c68815b1640243aab11059841c32c4d2cd4efccfc211635ab86bf35645d319fb9564aff7f2938832929090e084a61920a20c745662b43a2d690ae501d6235400dafdefdeb3a2a4e2d3ccdf112e1700d2da897e1d343b9d402ea7a7af0eaa3f9d84886c7"}, 0x73) sendmsg(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000000)=@nfc={0x27, 0x0, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x890b, &(0x7f0000000000)) socket$bt_hidp(0x1f, 0x3, 0x6) 09:00:09 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000380)=0xa01, &(0x7f0000000440)=0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000080), 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, &(0x7f0000000480)={'broute\x00', 0x0, 0x3, 0x0, [], 0xa, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x0}, &(0x7f0000000180)=0x78) ioctl$sock_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000000)) semop(0x0, &(0x7f0000000b40)=[{0x0, 0xff}, {0x3, 0x7fffffff, 0x800}, {0x6, 0x2}, {0x0, 0x7, 0x1000}, {0x6, 0x2, 0x1800}], 0x5) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, &(0x7f0000000500)) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/self/net/pfkey\x00', 0x8000, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000c40)={{{@in=@multicast2, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@initdev}}, &(0x7f0000000d40)=0xe8) ioctl$TUNSETIFINDEX(r3, 0x400454da, &(0x7f0000000d80)=r4) write$FUSE_IOCTL(r2, &(0x7f00000000c0)={0x20, 0x0, 0x4, {0x63e, 0x4, 0x6, 0x40}}, 0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000540)={0x0, @in={{0x2, 0x4e21, @local}}, 0x7f, 0x4}, &(0x7f0000000b00)=0x90) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0xffffffffffffffff) r5 = syz_open_dev$sndpcmp(&(0x7f0000000400)='/dev/snd/pcmC#D#p\x00', 0x3ff, 0x0) r6 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r6, &(0x7f0000000600)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$RDS_FREE_MR(r5, 0x114, 0x3, &(0x7f0000000340)={{0xbf, 0x6}, 0x2}, 0x10) connect$inet(r6, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10) getsockopt$SO_COOKIE(r6, 0x1, 0x39, &(0x7f0000000100), &(0x7f0000000040)=0x25b) setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000003c0)='tls\x00', 0x1b5) setsockopt$inet_mreqsrc(r6, 0x11a, 0x0, 0x0, 0x0) sendto$inet(r6, &(0x7f0000000300)='\a', 0x1, 0x8055, 0x0, 0x0) 09:00:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x300, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:09 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x16, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000001b611084000000000095000000000000001d1d8764d99f9d7ae3295250ff7596639ecf91d51b4a007350b4b789335068b07d600c012a19e0f5117097f2f8589db1acd692592213c07867aad754759ded4f0ec4b7c91b36dea0b3370eccc7c098815482ec346ca5370c89bf801b7ab8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) 09:00:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 588.464260][T30937] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 588.647698][T30947] XFS (loop0): Invalid superblock magic number [ 588.823731][T30958] XFS (loop0): Invalid superblock magic number [ 588.956185][T30906] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 588.974246][T30906] CPU: 0 PID: 30906 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 588.990286][T30906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 589.040537][T30906] Call Trace: [ 589.051890][T30906] dump_stack+0x172/0x1f0 [ 589.068934][T30906] dump_header+0x10f/0xb6c [ 589.073412][T30906] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 589.079433][T30906] ? ___ratelimit+0x60/0x595 [ 589.089240][T30906] ? do_raw_spin_unlock+0x57/0x270 [ 589.114393][T30906] oom_kill_process.cold+0x10/0x15 [ 589.122159][T30906] out_of_memory+0x79a/0x1280 [ 589.127237][T30906] ? lock_downgrade+0x880/0x880 [ 589.136970][T30906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 589.143827][T30906] ? oom_killer_disable+0x280/0x280 [ 589.159045][T30906] ? find_held_lock+0x35/0x130 [ 589.165984][T30906] mem_cgroup_out_of_memory+0x1ca/0x230 [ 589.171623][T30906] ? memcg_event_wake+0x230/0x230 [ 589.176745][T30906] ? do_raw_spin_unlock+0x57/0x270 [ 589.200408][T30906] ? _raw_spin_unlock+0x2d/0x50 [ 589.206826][T30906] try_charge+0x118d/0x1790 [ 589.211612][T30906] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 589.218130][T30906] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 589.232313][T30906] ? find_held_lock+0x35/0x130 [ 589.237585][T30906] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 589.243421][T30906] __memcg_kmem_charge_memcg+0x7c/0x130 [ 589.250299][T30906] ? memcg_kmem_put_cache+0xb0/0xb0 [ 589.265102][T30906] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 589.272046][T30906] __memcg_kmem_charge+0x136/0x300 [ 589.284109][T30906] __alloc_pages_nodemask+0x437/0x7e0 [ 589.290700][T30906] ? __alloc_pages_slowpath+0x2900/0x2900 [ 589.296442][T30906] ? copyin+0xb5/0x100 [ 589.300865][T30906] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 589.307768][T30906] alloc_pages_current+0x107/0x210 [ 589.312882][T30906] pipe_write+0x659/0xf30 [ 589.317340][T30906] new_sync_write+0x4c7/0x760 [ 589.322347][T30906] ? default_llseek+0x2e0/0x2e0 [ 589.327209][T30906] ? trace_hardirqs_on_caller+0x6a/0x220 [ 589.333336][T30906] __vfs_write+0xe4/0x110 [ 589.338112][T30906] vfs_write+0x20c/0x580 [ 589.345486][T30906] ksys_write+0xea/0x1f0 [ 589.349898][T30906] ? __ia32_sys_read+0xb0/0xb0 [ 589.354665][T30906] ? do_syscall_64+0x26/0x610 [ 589.359360][T30906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 589.365454][T30906] ? do_syscall_64+0x26/0x610 [ 589.370124][T30906] __x64_sys_write+0x73/0xb0 [ 589.374756][T30906] do_syscall_64+0x103/0x610 [ 589.379423][T30906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 589.385315][T30906] RIP: 0033:0x457f29 [ 589.389298][T30906] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 589.408902][T30906] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 589.417471][T30906] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 09:00:10 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x600, 0x0, 0x0, 0x0, 0x0) [ 589.425606][T30906] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 589.433744][T30906] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 589.442214][T30906] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 589.450290][T30906] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 589.468429][T30906] memory: usage 307104kB, limit 307200kB, failcnt 3042 [ 589.475501][T30906] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 589.484526][T30906] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 589.491702][T30906] Memory cgroup stats for /syz2: cache:52KB rss:290276KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278444KB inactive_file:4KB active_file:0KB unevictable:2048KB 09:00:10 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, 0x0, &(0x7f0000000180)) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000180)={0xfffffffffffffffd, 0x70, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x40247007, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000640)='/dev/fuse\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/autofs\x00', 0x8000, 0x0) ioctl$TIOCGETD(r2, 0x5424, 0x0) utimes(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={{}, {0x0, 0x2710}}) set_thread_area(&(0x7f0000000580)={0x7a, 0x20001800, 0x4000, 0x200, 0x0, 0x1, 0x0, 0x2, 0xffffffff, 0x3}) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f00000008c0)=@md0='/dev/md0\x00', &(0x7f0000000880)='./file0\x00', &(0x7f0000000740)='bdev\x00', 0x0, &(0x7f0000000900)='\x8auU{-\x154\x05-\xab\xc0\xcb\x1an\xd76*5\xec2c\x9f\xcf\xb8\xb6v\x9aA\x06K\x95\xd4dx#\xf8\x90\r\xf1S\xc4\xc2\a\b\x03^\xe6b\x03\xaal)eb,z4\xc9\xe8\x11Y\xacV') mount(0x0, 0x0, 0x0, 0x0, 0x0) setitimer(0x2, &(0x7f0000000480), &(0x7f00000004c0)) mount(0x0, 0x0, 0x0, 0x80000, 0x0) r3 = dup2(0xffffffffffffffff, r0) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x8e9) write$FUSE_OPEN(r3, &(0x7f0000000380)={0x20, 0x0, 0x8, {0x0, 0x1}}, 0x20) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f0000000800)='devtmpfs\x00', 0x847, &(0x7f0000000780)) preadv(0xffffffffffffffff, 0x0, 0x0, 0x2) listen(r3, 0xb6a) ioctl$int_out(0xffffffffffffffff, 0xfffffffffffffffe, &(0x7f00000002c0)) link(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='./file0\x00') ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, 0x0) clock_gettime(0x3, &(0x7f0000000680)) utimes(&(0x7f0000000440)='./file0\x00', 0x0) close(r3) socket$inet_tcp(0x2, 0x1, 0x0) 09:00:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000140)='bfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000300)='/dev/input/mice\x00', 0x0, 0x240000) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000003c0)=0x0) write$cgroup_pid(r0, &(0x7f0000000400)=r1, 0x12) ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000000340)) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffffd, 0x204000) getsockopt$EBT_SO_GET_INIT_ENTRIES(r2, 0x0, 0x83, &(0x7f00000000c0)={'broute\x00', 0x0, 0x4, 0xeb, [], 0x8, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}], &(0x7f00000001c0)=""/235}, &(0x7f00000002c0)=0x78) 09:00:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x500, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 589.516604][T30906] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30903,uid=0 [ 589.532290][T30906] Memory cgroup out of memory: Killed process 30906 (syz-executor.2) total-vm:72840kB, anon-rss:16336kB, file-rss:35676kB, shmem-rss:0kB [ 589.555251][ T1044] oom_reaper: reaped process 30906 (syz-executor.2), now anon-rss:0kB, file-rss:34716kB, shmem-rss:0kB [ 589.607549][T30976] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x600, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 589.680193][T30983] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 589.691016][T30970] XFS (loop0): Invalid superblock magic number 09:00:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') r1 = syz_open_pts(r0, 0x0) r2 = open(&(0x7f0000000280)='./file0\x00', 0x40081, 0x11) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f00000002c0)=0x2, 0x4) r3 = socket$caif_seqpacket(0x25, 0x5, 0x1) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000240)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x1000003) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x40, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r4, 0x227b, &(0x7f0000000200)=0x1) ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000300)={0x1fd, 0x0, &(0x7f0000ffb000/0x4000)=nil}) r5 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x1, 0x6040c0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r5, 0x29, 0x45, &(0x7f0000000140)={'IDLETIMER\x00'}, &(0x7f0000000180)=0x1e) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)) 09:00:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@null, @bcast, @netrom, @rose, @default, @netrom, @netrom, @null]}, 0x48) close(r1) r2 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f00000000c0), 0x4) 09:00:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x700, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:11 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x700, 0x0, 0x0, 0x0, 0x0) [ 590.301061][T31034] XFS (loop0): Invalid superblock magic number [ 590.383962][T30998] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 590.397707][T30998] CPU: 0 PID: 30998 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 590.406486][T30998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.406492][T30998] Call Trace: [ 590.406519][T30998] dump_stack+0x172/0x1f0 [ 590.406547][T30998] dump_header+0x10f/0xb6c [ 590.406564][T30998] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 590.406579][T30998] ? ___ratelimit+0x60/0x595 [ 590.406595][T30998] ? do_raw_spin_unlock+0x57/0x270 [ 590.406611][T30998] oom_kill_process.cold+0x10/0x15 [ 590.406627][T30998] out_of_memory+0x79a/0x1280 [ 590.406641][T30998] ? lock_downgrade+0x880/0x880 [ 590.406656][T30998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 590.406675][T30998] ? oom_killer_disable+0x280/0x280 [ 590.426118][T30998] ? find_held_lock+0x35/0x130 [ 590.426147][T30998] mem_cgroup_out_of_memory+0x1ca/0x230 [ 590.426161][T30998] ? memcg_event_wake+0x230/0x230 [ 590.426182][T30998] ? do_raw_spin_unlock+0x57/0x270 [ 590.493848][T30998] ? _raw_spin_unlock+0x2d/0x50 [ 590.498738][T30998] try_charge+0x118d/0x1790 [ 590.503268][T30998] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 590.508829][T30998] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 590.514394][T30998] ? find_held_lock+0x35/0x130 [ 590.519273][T30998] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 590.525116][T30998] __memcg_kmem_charge_memcg+0x7c/0x130 [ 590.530681][T30998] ? memcg_kmem_put_cache+0xb0/0xb0 [ 590.535903][T30998] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 590.541443][T30998] __memcg_kmem_charge+0x136/0x300 [ 590.546572][T30998] __alloc_pages_nodemask+0x437/0x7e0 [ 590.551986][T30998] ? __alloc_pages_slowpath+0x2900/0x2900 [ 590.557713][T30998] ? copyin+0xb5/0x100 [ 590.570834][T30998] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 590.586276][T30998] alloc_pages_current+0x107/0x210 [ 590.592416][T30998] pipe_write+0x659/0xf30 [ 590.596949][T30998] new_sync_write+0x4c7/0x760 [ 590.601622][T30998] ? default_llseek+0x2e0/0x2e0 [ 590.606509][T30998] ? common_file_perm+0x238/0x720 [ 590.611546][T30998] ? retint_kernel+0x2d/0x2d [ 590.616440][T30998] ? apparmor_file_permission+0x25/0x30 [ 590.623212][T30998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 590.630339][T30998] ? security_file_permission+0x94/0x380 [ 590.635970][T30998] __vfs_write+0xe4/0x110 [ 590.640401][T30998] vfs_write+0x20c/0x580 [ 590.644657][T30998] ksys_write+0xea/0x1f0 [ 590.648911][T30998] ? __ia32_sys_read+0xb0/0xb0 [ 590.653667][T30998] ? do_syscall_64+0x26/0x610 [ 590.658423][T30998] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.664477][T30998] ? do_syscall_64+0x26/0x610 [ 590.669360][T30998] __x64_sys_write+0x73/0xb0 [ 590.673968][T30998] do_syscall_64+0x103/0x610 [ 590.678562][T30998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.684442][T30998] RIP: 0033:0x457f29 [ 590.689057][T30998] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 590.709217][T30998] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 590.717834][T30998] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 590.725822][T30998] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 590.733821][T30998] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 590.741802][T30998] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 590.749768][T30998] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 590.761053][T30998] memory: usage 307196kB, limit 307200kB, failcnt 3113 [ 590.773810][T30998] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 590.782015][T30998] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 590.788959][T30998] Memory cgroup stats for /syz2: cache:52KB rss:290268KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278436KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 590.811997][T30998] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30995,uid=0 09:00:11 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, 0x0, &(0x7f0000000180)) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:11 executing program 3: clone(0x206, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000200)='./file0\x00', 0x1041, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x1, 0x2) socket$isdn(0x22, 0x3, 0x21) r0 = accept4$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000100)=0x10, 0x800) r1 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/exec\x00', 0x2, 0x0) r2 = dup2(r0, r1) ioctl$SIOCAX25DELFWD(r2, 0x89eb, &(0x7f0000000040)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}) clone(0x200002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000300)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2088}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$CAPI_GET_ERRCODE(r2, 0x80024321, &(0x7f0000000180)) 09:00:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xa00, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:11 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000840)=[{&(0x7f00000000c0)=""/12, 0xc}, {&(0x7f00000001c0)=""/124, 0x7c}, {0x0}, {&(0x7f0000000580)=""/239, 0xef}, {0x0}, {&(0x7f0000000340)=""/90, 0x5a}, {&(0x7f0000000680)=""/229, 0xe5}, {&(0x7f0000000780)=""/111, 0x6f}, {&(0x7f0000000800)=""/20, 0x14}], 0x9, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$RTC_IRQP_READ(r1, 0x8008700b, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f00000003c0)=""/200, 0xc8}, {0x0}, {&(0x7f00000004c0)=""/143, 0x8f}], 0x3) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0x0, 0x4) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x10000005, 0x0) ioctl$int_in(r2, 0x0, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000280)={@mcast2, 0x2}) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000180)) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x200000, 0xfffffffffffffffd, 0x2012, r2, 0x0) unshare(0x40000000) 09:00:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:11 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x900, 0x0, 0x0, 0x0, 0x0) [ 590.828399][T30998] Memory cgroup out of memory: Killed process 30998 (syz-executor.2) total-vm:72708kB, anon-rss:16328kB, file-rss:35672kB, shmem-rss:0kB [ 590.849007][ T1044] oom_reaper: reaped process 30998 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:00:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xabf, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 590.970885][T31062] IPVS: ftp: loaded support on port[0] = 21 09:00:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 591.200618][T31052] XFS (loop0): Invalid superblock magic number [ 591.243450][T31087] IPVS: ftp: loaded support on port[0] = 21 09:00:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xe00, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:12 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='trusted.overlay.nlink\x00', &(0x7f0000000100)='/dev/nullb0\x00', 0xc, 0x3) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x0, 0x4004400}) [ 591.422159][T31092] __nla_parse: 5 callbacks suppressed [ 591.422170][T31092] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:12 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:12 executing program 3: r0 = creat(&(0x7f0000000280)='./file1\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f00000002c0)="b8afd4f5fa9ab5b524884dd2f17930f2c33d52cefd554b4ad800e64f6c2857cb99b4a36fe1eeeaf75460a96123e29efb42ac92bd5c9d8915e4e57db9dbcfb9f8ca04b60449163152f490d33858305fc455254b28054232ce083a67ec454d2f5ccf93fa82bdd12b97f3232468b46ec0659e474efe462959ace5ae53c69f6ed71a4742cda1a5ed6168116bc4d33dcd38a3960032ff388951ed9a3c33bc7a09d68394748887a41237667e5b656daeb5c6753c7e4ba4570f774b7f74986a6e1b0ef5b936d5672f69485dae4ab731b80b4330e76ea879dda480adfe0e97ad3daa80892f6080199cca478991c2b59850a81841ae63a18da912f106db628d9592a5e562") ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000440)=0x80040) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=0x0) r3 = syz_open_procfs(r2, &(0x7f0000000040)='net/l2cap\x00') r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4ca0010}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x24, r4, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffff9}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x1) 09:00:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xec0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:12 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xa00, 0x0, 0x0, 0x0, 0x0) 09:00:12 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0xc401, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f00000005c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000240)={@mcast1, 0x0}, &(0x7f0000000280)=0x14) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x200000, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000600)={0x4, 0x1f, 0x20000000000, 0xffffffff, 0x1, 0xffffffffffffffc0, 0x7, 0x3, 0x2, 0x8}) socket$rds(0x15, 0x5, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000800)={@mcast1, @mcast1, @rand_addr="ecade7d6b7dcb995dab51942c43cf65d", 0x0, 0x5, 0x5, 0xffffffffffffffff, 0x8, 0x10000000280, r3}) r5 = dup(r0) syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="000827bd7000fbdbdf250d0000000800040001010000080600010000004c528aa200030008000500ac1414bb08000400167b0000080007004e24000014000600fe88000000000000000000000000000114000600ff01000000000000000000000000000108000300000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f00000004c0)={0x100000000000, 0x40000009, 0x9, {0x0, 0x989680}, 0x40, 0x7}) ioctl$SG_SCSI_RESET(r4, 0x2284, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r6, 0x200, 0x70bd2c, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sync_file_range(r2, 0x0, 0x3, 0x0) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="0b0081000000000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4844}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_tid_address(&(0x7f0000000540)) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000140)=0x2) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r8, &(0x7f0000000100)=[{&(0x7f0000000000)=""/1, 0x2}], 0x200000000000000f) sendmsg$nl_generic(r7, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x0, 0xd}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4000000000004}, [@nested={0x8, 0x11, [@generic="e2ab"]}]}, 0x1c}}, 0x2) 09:00:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 591.879487][T31127] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 591.982074][ C1] net_ratelimit: 19 callbacks suppressed [ 591.982139][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 591.994278][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 592.001361][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 592.007811][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 592.014820][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 592.021269][ C1] protocol 88fb is buggy, dev hsr_slave_1 09:00:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf00, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:12 executing program 3: keyctl$update(0x2, 0x0, &(0x7f00000001c0)="7119bc7ce21cdf73280dc522546a956a2a3cb00a3d38ce91f84d0ea5ad1b31207958ffaf82fc7f80a15a7ffb8f9e720ac994f0bb2ed866c9427f3f05ff407645103336e5bcc5044cc03af12d9bd2b1b6e5a971281a7ff4d818", 0x59) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000100)=@default) r1 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_proto_private(r1, 0x89e4, &(0x7f0000000000)="ce0e9ec0bbaa65fda9538680a46f95a55b769ff097b9501b09468fffd5488e58d03b1623f00298e790f4bc2a902730c35295d815a4be16f703d33c9f1ade5f8c05e56a62ab694e7ae7e4187fc33603d348fc9625d60010c2f3b1b1300f4652a5cbc960c22d5da7ad72b6d93eea8aa7f9c3c53d113097349a6979e8a5a522634c9abf811b8748b76009ac49e0ff34c737a6ba3409e1546a21b291ad954ce1a1fbaedb10ce537892c5a4e4f6427195985484ae3c4a8ec960ab8bb62ff7a85e8c2a517529a07c839882db9f96d2c34ad2ba1b0fbb19d4b093c8039d2f79b1db57c93a8bbc3c8a583ef9369dcf4c9e133606ef") r2 = socket$inet6(0xa, 0x100001, 0xfffffffffffffffc) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x4e22, 0x4, @rand_addr="46a78cb08b53e57e4c6b766d6eab6f5b", 0x5}}, 0x0, 0x1f, 0x0, "fbae79a0049be4c1032f0add47c43d0b73b3a38a35b8105ce44247686d78b19dc639421105de7581a9b81dea81c7a18709fbb5d9acf56fe638e246692aadd932b2059591b75a644e58d8c263550dcda4"}, 0xd8) [ 592.041236][T31125] XFS (loop0): Invalid superblock magic number 09:00:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 592.094812][T31116] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 592.115638][T31154] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 592.166988][T31116] CPU: 1 PID: 31116 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 592.175712][T31116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 592.175719][T31116] Call Trace: [ 592.175746][T31116] dump_stack+0x172/0x1f0 [ 592.175764][T31116] dump_header+0x10f/0xb6c [ 592.175779][T31116] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 592.175795][T31116] ? ___ratelimit+0x60/0x595 [ 592.175812][T31116] ? do_raw_spin_unlock+0x57/0x270 [ 592.175828][T31116] oom_kill_process.cold+0x10/0x15 [ 592.175844][T31116] out_of_memory+0x79a/0x1280 [ 592.175860][T31116] ? lock_downgrade+0x880/0x880 [ 592.175876][T31116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 592.175892][T31116] ? oom_killer_disable+0x280/0x280 [ 592.175903][T31116] ? find_held_lock+0x35/0x130 [ 592.175927][T31116] mem_cgroup_out_of_memory+0x1ca/0x230 [ 592.175952][T31116] ? memcg_event_wake+0x230/0x230 [ 592.175970][T31116] ? do_raw_spin_unlock+0x57/0x270 [ 592.175981][T31116] ? _raw_spin_unlock+0x2d/0x50 [ 592.175995][T31116] try_charge+0x118d/0x1790 [ 592.176010][T31116] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 592.176022][T31116] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 592.176036][T31116] ? find_held_lock+0x35/0x130 [ 592.176050][T31116] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 592.228691][T31116] __memcg_kmem_charge_memcg+0x7c/0x130 [ 592.228708][T31116] ? memcg_kmem_put_cache+0xb0/0xb0 [ 592.228726][T31116] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 592.228744][T31116] __memcg_kmem_charge+0x136/0x300 09:00:13 executing program 3: socket$kcm(0x10, 0x800000000002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x5346, 0xc903fa50d268bc72) ioctl$KVM_SET_XSAVE(r0, 0x5000aea5, &(0x7f0000000200)={"06fa2ac5bfbe996f188213074dfc73ef35d6fa39cdf1ea7f03d3c8f1a6b326f5cac184958c5a5fe1d5851cb2e29db9b68718cec6bf84b45fe2251374e37ab2413091cc6143562ed79f6dc5825b5a959f241ad75fdbd4c4b43c8b040f71dec19becbdadaa4d6542a2c5722e3a7e2b4cc7b052b723eb4a378fa7728a9e5139cbb16c84ac5733a17f8c483314c966756f38e1517e0f5d9e276db992a6bcde2010c25f41a7b66b57c3eb1e272b8add0cf9f52ce9aa03b8d1d31de1b552fca28680394a1b35d540161c566067a52e11e4c27f8b5cf7b42d5a1f01abb7c757ce7495a15396a898c019428048dc0f0cdfc41e773e535286d69ac25ee2089a8cb2e1e91f0af7f25e18fb178d7653a186c6cbef782b4e898296fad5bd601b1afb9742b99e7f5d07be8c62caff24c2eac0f479f0c510a921109b71c4c28d3fd49699c6b53979bd1ca10fbb1bda36e235d568952be25076e3722c0db6f004fd1573f41234d38aafc2d123a111d5e5d4bf9e79eac666400e21f9450ce65d2a0d2a8e432b752cc7e519eec9a67f4170fcdcac51e3e660fd4d26a8050fb14ddfc0c5da6d4a6cb2a977ead3940cda72fb82f251479450076bbdcdd108e1816368a2bfad657da3cbb877bc651ec78dedf192491b003fb5f9eb2672ff10cbd358e0b9a59f65aeb30f1d9e92fda443afcf58414d6725afea869c05312dcba6ff509d9086f44e1f9cee9efb6497a967289233923eaa9f7d8195f94e2528e265b13e480674f3a628cd46ca717f29bd889888a79fa16a475624632487c4e404df6ad98d7cf669b32b5d91e9a5b1ac34399921f81d4862fa392c3d96327aa019ac9ab52aa09eba35e2eb32dd7a3ca330c67ccf731804627068016aaa85e88fc20d2115a8adc566529fe09128c4a4ad54a4eebce346c00c2cfde1fc4596acd8737d0661668470c026032417f2caaf69ff33e650bba543213402ea91cd81d7c5a758c117fdff916430092f3cc419681a364a8446d697dc3ed9b245541e709aa8af5557355f7c319a54ccf0227e987da5a08f581b8bf5820b14d5e795609caef09cccb06961fffe2b87357149c743bc9d858f921e77c91a64014715c9d849fe1d687c840a47858fe1311fb7ccb02f23653fffbb12a5ee3585d769a858a3c125ad84dd8a43406ff66fdedcf777facd2085fd475fb2b59d88d52dd1a39be43c2b8747f6987b2992a9fa43e45837358891939c313a1008cc266485255b178066fdd29d0583dcea8d139ba4290680c7b14375f28c0d45d7936ebadf4365f03a49d53f1f18677cfcb7dd5ad2e1365bba6137bb948f583c439b59d95551e6748dd63cdb76b624ea4dd018383368d675408f52fa67b92ea6ebbd9e0b4ff6706f4be512ad271ca8ae54002520694edf0c39375f634e2e96c7313c28827d3b2dee70a44183b451dd38dc51cff056818790"}) r1 = socket$unix(0x1, 0x0, 0x0) r2 = socket$caif_seqpacket(0x25, 0x5, 0x3) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x2, 0xfffffffffffffe70) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x1f) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) close(r3) [ 592.228764][T31116] __alloc_pages_nodemask+0x437/0x7e0 [ 592.228786][T31116] ? __alloc_pages_slowpath+0x2900/0x2900 [ 592.228806][T31116] ? copyin+0xb5/0x100 [ 592.228832][T31116] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 592.261827][T31116] alloc_pages_current+0x107/0x210 [ 592.261851][T31116] pipe_write+0x659/0xf30 [ 592.261876][T31116] new_sync_write+0x4c7/0x760 [ 592.261893][T31116] ? default_llseek+0x2e0/0x2e0 [ 592.261916][T31116] ? common_file_perm+0x238/0x720 [ 592.261932][T31116] ? __fget+0x381/0x550 [ 592.261951][T31116] ? apparmor_file_permission+0x25/0x30 [ 592.261968][T31116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 592.261986][T31116] ? security_file_permission+0x94/0x380 [ 592.262003][T31116] __vfs_write+0xe4/0x110 [ 592.262022][T31116] vfs_write+0x20c/0x580 [ 592.262046][T31116] ksys_write+0xea/0x1f0 [ 592.276998][T31116] ? __ia32_sys_read+0xb0/0xb0 [ 592.277020][T31116] __x64_sys_write+0x73/0xb0 [ 592.314370][T31116] do_syscall_64+0x103/0x610 [ 592.314393][T31116] entry_SYSCALL_64_after_hwframe+0x49/0xbe 09:00:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x2000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 592.314404][T31116] RIP: 0033:0x457f29 [ 592.314423][T31116] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 592.314429][T31116] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 592.314440][T31116] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 592.314449][T31116] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 592.330302][T31116] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 592.330311][T31116] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 592.330319][T31116] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 592.416122][T31116] memory: usage 307200kB, limit 307200kB, failcnt 3167 [ 592.437514][T31166] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 592.461267][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 592.473148][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 592.474325][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 592.482320][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 592.541776][T31116] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 592.583701][T31116] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 592.608838][T31116] Memory cgroup stats for /syz2: cache:52KB rss:290004KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278236KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 592.709720][T31116] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31067,uid=0 [ 592.781490][T31116] Memory cgroup out of memory: Killed process 31067 (syz-executor.2) total-vm:72708kB, anon-rss:14508kB, file-rss:35800kB, shmem-rss:0kB 09:00:13 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x2800, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:13 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xa790, 0x80) ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000100)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x2}, 0x8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000280)={0x0, 0x1000, "1de4f669769d90a09020e718a2f2232e343012579ccb4b8d9a348a78c6f736bfcaf034ace3858ed61b1ec962947c2cfbec2cfc98fd433c91d7f5cac0429749d4d5ef6f88cb0e683d4877c47952855bb074f84d7082177dbfcd8d536c25880090ba5b368e2a7b8cf85af1c98c2b078c9548555c659ac1cefc22e63cd44e96ebf60979b83a5f994419d793ff1fcc8e340251672e4483dce1558fbb4183c4efca796da1f3859702513389a034d380fa291f140888ced754b123f1aa2f889834ef93665216d98bf4140d521d4b4b25a3e50fd2e15490fd4ca2fd4f86a25220b81f0e40b79ba298de1f7303f341125511e410179cbe8e3bab7db9814fee1501f66fb04b0e034dc9929d75503226f8313edb3d5f723b2bc9f2ce2bf55d1009963b70c9cfc3892de3914e57a26f1b1fd962a6275b96a19d0ee283ba5e5090122ad838ca807bbe1b0fc75da0931e0b94988c96663d51747ad0509d496f682f902a82a9c1ef73b35f16704c02963635ac0fe7adad1498e67acf9971fcd637e94187f92811938fb40f1b374aa42af48ad8b98bc1733d00113364f2433e5dbbec37555420c79e83a13f4d4f0346dbb51658042bec9c177325cf702516edd8b2a7b59a323e9e12a115cda66ac36c02340f20c2e2092fb27fba92d543d26fe03354a60587daa0a3613991d398a57b52a16d16e0f7f5fb85f6db85f069f757a76ccab653e464de77d0ca6579f94a880878bf5e60e7091dd768b7b2a1cab8bedf9f123332689d3f8c8e09035c061b51a9308bfe7a3b7cf37e21a0c10935603fae23f7ac2c23d2e924d2d44c886234c97a368d6e1abfedfc49876ebadc473ede813832d8d52d3bb34b33bbea1761f12e6a5780d2834eb1ddf202ca502b62fee63620affca346a6789e4945c9ff5e708d1b9f9a7ebdb3f4143d8f27b25257c9219af5b4cc70025f9663ad89dd42cc308cb622353fbcb00594c0ecf42456ca0ed1d42e213ce005bca7f84e024f4afd1d71dfa13ed3bd26c886f36e06af8f7466e5523f095eb6aed913a86ab9192c195ca902df5221353a892c08d2a6bc6eb5ee353794253106aa71629d787c7288429d80f8dc3f4ab17c0478e6009fa1b92b1c3b3238005792507a7070ee4142a7b6d70adb2aea37d618786f21e11e064ffe036bd84b82abb79949bdab19c4399f29a86432ef364cbe1034ea85e36110f8051bb518694c8f658970380b4dd4374c79bd8f10a8316317b16b9a25875e85dde68ce78b7a60170df41780a17b2faee279baa156513f885f496d020e3fe653ac8318cedeacb2c456f67d758ffcaa3779b0f85d40a5894d5906699de8d7285a2edf169ff4e5b260c16671f508744b0a95a2cca4080ada31238eb3d13fdec8d1e9bcf9f4a8c9e2c6cce5385b16a87d22e7d91891d9dd18c3ea78221714ba9e1d0b6f58ba65ef16a776550228b0aa11f30b72fccaeb4eec2a5cf24788d5c247ec979e2f7532a092da7def1a1619fbce450b7d971f704258c33a9c802def2a8016857925b73d30d1f0beb1b91cd15a72f19ff57a560c456162a2ac95ceb3869eb4a3968150d1fca5893122efacbb4f48da09428e242ed7c7ad766ea747a0c2ff750104379c2f23db63ccb4f1f7282f8abb8bf83835171679db538ae796a2423c39e342b968c54dfe6cac313392d5e28c6eb6e04c92046b1acc8443f3c6fcfeb7867fb88e7a95727e5f7b94b9b4d0a4c13fbb1f0e80f675b736af724463f7d3c4776d948903c4b7067e78ca06521a84a8c82f594914944247a079c0fa76eb3e5bd07ab0fbb2868da988c64a0f85c49e97e0ea3bfb0fdc9b2ed3587beac214a4cf68be1943d0f80d8acd2f199a3fd7d71292e9b50f0f1771734f0145760e8520ab5db97262e95f7aa00f7114b02997a943ad30e22328979051062a47dec1ee7817e1a78d2bb2ea3276680c130e32462ff927f640167a2d10475705359ad5ac5af10205257ec05c2e2f5afdf1df1835e105a72cd90e13c61a5ab27c442412d94635daba8f6410809ac231749d4793af667cdb638ca7ec57fb9abc7ce01cb87536f28574d29664fb51fb7f56f47bff14d13503003c489f22c6d59511e62fdf3b2f299e2647079afb578dc52ac7f3e5de2781a6f12735e055044065c8e5cc159100d8544b482728c046079d97f7368a739576d581720e3b5710db038f2fe7f85cecf8c6c000dbeff58ffcf03ac971f23660af640b8bbe4bdad33fae5ce3ead91e9fa9fb4ee3a9b8d8fa373f3539a08db603439236d1043cc6783d8a87932bc5e336c64f1c899d8917ae37c85c2c708e6c006c2353a3571700d75cd35a549ce4f58e1c90c526b6481abfebc446204cb4d17a9ffd7f9d45ef03b5f16af67d1ecf42b6f88b2151904c44980a18633561f56d4c38d4d034e57155e2fc65dd0a6bfa194e1a1f72e4dd78e8fd85cbde6b8dd708be11fcc702f6c43cc2fe72eefe3c1bc21447370838d977c2fe2aa24903de580ec6eab5975e7c1eb17532e04f125d95281b6165e9aa8ffa2d5370ec97fb77a1f71e6f8f3497da2c94db138ce18bbe32882a1cf58d0feda3add670569748e4b89c1d2cb3e6ce81d164adc5ab637e2d69c5fbd81cf8958e8303e151b7786335045ec667d95598f73dfa209bb0002fb08bcb12d3bd4331848bc9700103d59718ef637b17b08a189979244681904446ee84333b692a3d967350248ba58cecf49374bc07200646d536cdba8d0eec0abd2fd1d47dd7586fe286a469a3c4637ea7a6b6788663296e447927dc969e346042f7506e852ddf62fce7d0a3cb4a0979ec3cb22a1275105f895f0a8930548b0179413931fac1162246c353f36c1dfc63ce1672fdc7bb7310164ca0911db0a7e76d15b79f43a1a545fc6efdb873a6a77d97a50dfba4f7c5f19196e7f5c810edcdb3b4edd7eaa3e361cbfcd57e8f5b6a805c8ad203bd2e1d32d5af0f6a836b823cc7281fe7c6bc52fbed697d29f173f07256640c9147a2c9442d75e4874346199c4478c704371bb3217dc1b88402be32a836b9232141e75430516cdc9ba5749032bc8f74dc5b41d7b165088f092036bb5ab53825e5e2a075b5fbe24e236439026fd6ceb21466036fe9ef8d0ec7f1cd4426ab4ae5d4170f0e2a731e4d1ca62e4cf7a96c8aed3fd680b30bce91d6145efb61d0d06351daa88083ba13e8a8ff9fa55d16d1314046a33b3715d179c975f59bab4e2d13b4d1f741b36735c609e5d61379829e5929f653ddc4a16391389c3514dc48638303d71872da2a6dc3dfb5d884b1e992be5b15c36aa9ce0a7fe57b93ee595a8bbcabe8e66be5588f38987c014a68bd784ce64af536560b4d720d9525b4851a1f36e6d27c54b1770b1af25bd2c202cfec8d28f2ac8c73d428a337f82fdd1514e670e573c64f4afcaa5594978e9fbd6669424e3e3774641df51ab20cfb0bd916742c92090f27a633376d3ccfcc9a3a871efe20bdff980a447ee52f751bb265a5db2d797c3f5807e12d882f62a2cd73d63616f7a8d55340affee8be1ea904e30f99d00604ef61994c85f2d757a4a2414f55049fba04e517f60a38734e8c8c9af18a8d39604ce9116de38c07d861ff58da2002908c2a66233a0c9e6acd4854bb203916e08c1fc2213ec94027d7d09656d398d10930b77a6fc1fb108f2abe5270ee9bbcd1d12623f309d893af390695689b93bcb76cff09b1a9ac83a4b57865187e2f7614a2be054da2abdf90be3c0c229bd2be7a8877c1501f75c48d99034f5aa8dce8311fb79d1e0abb1e6b47e6fc91c901be5b8957281b47d228e4ef020ffc48386d007c5b694a142c5f9d1d8e38d301365cf24f5c0a150fb0605fafbf3ef19f94af45c38744c67f280628768fb8f6de6ce064942f61d6c89ab18aed954a042dfa5858dffd05a5ad8b9a8d32aedcc07384762b48dca1c7a1db8e130e13fe587a753be73f2fbae1fa452e9cad50fc6368a39ef43ccf36d99e7cab7dd51c88aaa3c0f41aa09a54da41882945991a3ffe27ab2655b60dd2cef0cf9f5486d231672737e9acb1b13a3482a9a4102fcf1c684220dc03750d5e38c582a209a5d5b2e396ae488eaeadb370e76fb5687bc9f2e8b6d8586c687f82a6b033e47bc6d21854861ed59692fa51ecbde35579661db439ec6738fef489616c288aa199ff3640561c86ada742f53d81aa806ba4e63a6acc75951fb7f5b2b17598873af5c2d21352f2371d2f6fa30d822029a3bc3172c20edd2cbca2f150fb18ee2360ff5853a4ccdd4e52542ae37a5e801e2e49198d53b06d6f49978f5461239bc73da7883e87f2359f167f3b7083d4fe0e185edfa84e86767896f9e6d739ff60df75a4b75fb5a13e951d1a3495d7170726ab0e1fa28f5fe1b9b89df0f4db04d92a4747ee9dfe4f97f8b22b4517a61f53e2a6f6f9281381bd2bd6a4b097c9313fbb1df29dbb690df2d0593d505e1ecc1c518a7a6aa42e8d03993ed4b815d1ee7c86d983b1cf851321cdb8e58b2aa1c070f05bbb4c5c29eced5827064e0d6913e8ce737f38b88ea2d4a8380a25187c6a45bc3ada9f949fdbead93d1aa74ba7e62d2e24201c4b53e9fbebaac276fb0054207717f831cff5ae25b0b2a5a730f42df7e5b73dbf81cc6bebc55ddc5a8f6e05d40d8ea8e654e46dce9caadcab53ffc130a9021e4b28899ce9da6fc6f2f99e7650fb655b35c1118929919166db458593855f6ec81e1d99ed1a26be59802a9eb9286608eb337056940e1ff9b14a966ca0b1b9b199a36aa7bd5a3a11979af69a888f74b77af5cb5d71d30d23fb07e7de48fae2f6b50af7808ef6f81315d36b79c3776e58ca42991ed2b191c4960d8638bc48c7ce5f96f24ed14df8b3df6f0df01377a6cb729df0ceacbe48236ef25ef891900f45e18d7ec35124d704d9b88842ecbd8cdfa24e5420d0c2b1abae17835041ede7c5dfb0517735893267ebc85bbb8e55e396a0ea0f340ac154571342f8a1b08805f2ddcb4a237bcdfb4745a0f81db2104c5e1d5a74bab8d223c35266bbfc968f75a68ddf26ab01f37c43ecd1e9d5a9419b4ee858b6f4fe3109926579a46e37fd8af0282d491404c146c10009e8c8a6bd291b9f3ae02c7719d7c9b0a97b438ddc8866603ed83c33e261732495c4f4edbee002ca26f71a142da3d1a1ebfb193550cd1b40b97dbe9310ea8d5f6b8bbcdc571340d55d587ef7078df1f9ed0d6ad9a2ec120f2af83b5d67ceacf82be59e3fe3f4d5ee022652308b0695a4d34a11ca3dbfedba0f9b4065a571736986997d4c7436063e0aa1ff817dfa7bb57181ba82a8da7e7c5eb86213a01ceefc0d364f6c9377623083dedf7bcec8071f019a4a38142f6647706f2255d77939e33de4b912a1e3c03e39f53710d4f50295520a0c058084cc96d6e9178f610b2de86ae3264152c95046227e0196da3197eb3778cf02d866bc6b34ab9ff0eadccc086079f98fae148322f722f739b573ec6831fe16c08b7466db20074c173d76b3233f1781179a6b314cb523450bd08c3d1f7894852496c1ff4ef2b09304ee9d6ac49a8a726930b5285101ca06e724a25068a5f11e413cc5db5ff3f745991ec5e672248bc7923fabd74680808c497c6180f68e978550f8948e7858a9e4ac6a9d9e2f9a6dd3a03ef539e3856d0d1373c86c7b5064e2782e6aec10368a2ff67990104f20eb4431f000a5c0157c8a14a465b2fb8245f2983461d7f923d2af2c7382a7762cf1adc1dfdfa204383e1ce19efbe82c4136754921e6c54ebdfd465be7d8cfba1e95f7c99160261aebf7bad9400db9456cbb25142918a9009899b48ac9411c"}, &(0x7f0000000000)=0x1008) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000040)={r3}, 0xfffffffffffffeca) 09:00:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:13 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xc00, 0x0, 0x0, 0x0, 0x0) 09:00:13 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0xc401, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f00000005c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000240)={@mcast1, 0x0}, &(0x7f0000000280)=0x14) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x200000, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000600)={0x4, 0x1f, 0x20000000000, 0xffffffff, 0x1, 0xffffffffffffffc0, 0x7, 0x3, 0x2, 0x8}) socket$rds(0x15, 0x5, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000800)={@mcast1, @mcast1, @rand_addr="ecade7d6b7dcb995dab51942c43cf65d", 0x0, 0x5, 0x5, 0xffffffffffffffff, 0x8, 0x10000000280, r3}) r5 = dup(r0) syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="000827bd7000fbdbdf250d0000000800040001010000080600010000004c528aa200030008000500ac1414bb08000400167b0000080007004e24000014000600fe88000000000000000000000000000114000600ff01000000000000000000000000000108000300000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f00000004c0)={0x100000000000, 0x40000009, 0x9, {0x0, 0x989680}, 0x40, 0x7}) ioctl$SG_SCSI_RESET(r4, 0x2284, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r6, 0x200, 0x70bd2c, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sync_file_range(r2, 0x0, 0x3, 0x0) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="0b0081000000000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4844}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_tid_address(&(0x7f0000000540)) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000140)=0x2) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r8, &(0x7f0000000100)=[{&(0x7f0000000000)=""/1, 0x2}], 0x200000000000000f) sendmsg$nl_generic(r7, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x0, 0xd}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4000000000004}, [@nested={0x8, 0x11, [@generic="e2ab"]}]}, 0x1c}}, 0x2) [ 592.900534][T31185] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:13 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0xff00000000000000, 0x0, 0xffffff9f}, [@ldst={0x3fd, 0x2, 0x8dfb1, 0x0, 0x0, 0x0, 0xe4ffffff}]}, &(0x7f0000000080)='GPL\x04\x9c5\x14\xbfw-\xa0z\xe8.vY\n6\xf6I>\xc1\xab\x91\xb3\x97\xe4*\xbf\x1e\xa6\xcd\x8c\xd7t\'\xfc\x9a\x9e+qe\xf5+A\a\xbf\bP\xd8\x99\xdcR\xd0\x13\x17]\xdb\x1b/F <*\x05\xb7\"\xe3>Uo\xb2\xe3\xf3\x9a<\xde\x1f\xcaSd\x037\xec\x95aF\xbd\xbf\xcb\x11Pp\x19V1\xde]!\xa5\xea\x9ec\x8c+\xdbx\xa5\x01\xcaKn\xa3\x13\xd8%h\xf98,,?o\xab\xa6\xb4\xeeTy;N\xd2m\xae>R\"P)\xbb*\xc0\x00\x7fwuL?#\xce\xda\x98\t\xb9\xa9hJ\x94\n\xbc\xaa\x8c\xfc\xc7\x13>\xc4\"\xe9\xc88\x881\x8dA\xe9\xa4\x93\xf0\x19_\xe2Y\x96Q\xb8\x95\x04\xf5\xdb\xa1F%\xce#f\xf3=\x95\xdb\xa9/\x86ry\xca\xbfJ\xce\xdd\xc8Z\x8a\xf7\xa0\xfah\xd7g\xceQ6\xb9\xd0\xd1\x96lI\x9c\xb6\xbf4\xc2\x98\x86f\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'}, 0x48) 09:00:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x4800, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 593.058619][T31187] XFS (loop0): Invalid superblock magic number [ 593.149847][T31215] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:14 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4001ff) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x7, 0x1, 0x60}]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfb, &(0x7f0000002880)=""/251}, 0x48) 09:00:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x4c00, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 593.449704][T31226] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:14 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:14 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r1 = open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000180)=0x401) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:14 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd00, 0x0, 0x0, 0x0, 0x0) 09:00:14 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0xc401, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f00000005c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000240)={@mcast1, 0x0}, &(0x7f0000000280)=0x14) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x200000, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000600)={0x4, 0x1f, 0x20000000000, 0xffffffff, 0x1, 0xffffffffffffffc0, 0x7, 0x3, 0x2, 0x8}) socket$rds(0x15, 0x5, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000800)={@mcast1, @mcast1, @rand_addr="ecade7d6b7dcb995dab51942c43cf65d", 0x0, 0x5, 0x5, 0xffffffffffffffff, 0x8, 0x10000000280, r3}) r5 = dup(r0) syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="000827bd7000fbdbdf250d0000000800040001010000080600010000004c528aa200030008000500ac1414bb08000400167b0000080007004e24000014000600fe88000000000000000000000000000114000600ff01000000000000000000000000000108000300000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f00000004c0)={0x100000000000, 0x40000009, 0x9, {0x0, 0x989680}, 0x40, 0x7}) ioctl$SG_SCSI_RESET(r4, 0x2284, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r6, 0x200, 0x70bd2c, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sync_file_range(r2, 0x0, 0x3, 0x0) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="0b0081000000000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4844}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_tid_address(&(0x7f0000000540)) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000140)=0x2) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r8, &(0x7f0000000100)=[{&(0x7f0000000000)=""/1, 0x2}], 0x200000000000000f) sendmsg$nl_generic(r7, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x0, 0xd}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4000000000004}, [@nested={0x8, 0x11, [@generic="e2ab"]}]}, 0x1c}}, 0x2) [ 593.777008][T31243] UBIFS error (pid: 31243): cannot open "ubi!_0x0", error -19 [ 593.779162][T31239] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:14 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r1 = open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000180)=0x401) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6800, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 593.969941][T31242] XFS (loop0): Invalid superblock magic number 09:00:14 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r1 = open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000180)=0x401) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 593.985359][T31264] UBIFS error (pid: 31264): cannot open "ubi!_0x0", error -19 [ 594.020015][T31269] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 594.095053][T31253] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 594.121420][T31273] UBIFS error (pid: 31273): cannot open "ubi!_0x0", error -19 09:00:15 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r1 = open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000180)=0x401) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 594.154066][T31253] CPU: 0 PID: 31253 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 594.162785][T31253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.172845][T31253] Call Trace: [ 594.176147][T31253] dump_stack+0x172/0x1f0 [ 594.176170][T31253] dump_header+0x10f/0xb6c [ 594.176187][T31253] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 594.176205][T31253] ? ___ratelimit+0x60/0x595 [ 594.176226][T31253] ? do_raw_spin_unlock+0x57/0x270 [ 594.190778][T31253] oom_kill_process.cold+0x10/0x15 [ 594.190797][T31253] out_of_memory+0x79a/0x1280 [ 594.190819][T31253] ? lock_downgrade+0x880/0x880 [ 594.190835][T31253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 594.190852][T31253] ? oom_killer_disable+0x280/0x280 [ 594.210366][T31253] ? find_held_lock+0x35/0x130 [ 594.210404][T31253] mem_cgroup_out_of_memory+0x1ca/0x230 [ 594.210419][T31253] ? memcg_event_wake+0x230/0x230 [ 594.210446][T31253] ? do_raw_spin_unlock+0x57/0x270 [ 594.220063][T31278] UBIFS error (pid: 31278): cannot open "ubi!_0x0", error -19 [ 594.232119][T31253] ? _raw_spin_unlock+0x2d/0x50 [ 594.232138][T31253] try_charge+0x118d/0x1790 [ 594.232160][T31253] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 594.232174][T31253] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 594.232191][T31253] ? find_held_lock+0x35/0x130 [ 594.232205][T31253] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 594.232226][T31253] __memcg_kmem_charge_memcg+0x7c/0x130 [ 594.232240][T31253] ? memcg_kmem_put_cache+0xb0/0xb0 [ 594.232260][T31253] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 594.232274][T31253] __memcg_kmem_charge+0x136/0x300 [ 594.232293][T31253] __alloc_pages_nodemask+0x437/0x7e0 [ 594.243173][T31253] ? __alloc_pages_slowpath+0x2900/0x2900 [ 594.243196][T31253] ? copyin+0xb5/0x100 [ 594.243216][T31253] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 594.243234][T31253] alloc_pages_current+0x107/0x210 [ 594.243255][T31253] pipe_write+0x659/0xf30 [ 594.260730][T31253] new_sync_write+0x4c7/0x760 [ 594.260749][T31253] ? default_llseek+0x2e0/0x2e0 [ 594.260766][T31253] ? retint_kernel+0x2d/0x2d [ 594.260786][T31253] ? common_file_perm+0x238/0x720 [ 594.260802][T31253] ? apparmor_mmap_file+0xa0/0xa0 [ 594.260822][T31253] ? apparmor_file_permission+0x25/0x30 [ 594.260838][T31253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 594.260858][T31253] ? security_file_permission+0x94/0x380 [ 594.260877][T31253] __vfs_write+0xe4/0x110 [ 594.260895][T31253] vfs_write+0x20c/0x580 [ 594.260916][T31253] ksys_write+0xea/0x1f0 [ 594.260936][T31253] ? __ia32_sys_read+0xb0/0xb0 [ 594.292414][T31253] ? do_syscall_64+0x26/0x610 [ 594.292433][T31253] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.292447][T31253] ? do_syscall_64+0x26/0x610 [ 594.292470][T31253] __x64_sys_write+0x73/0xb0 [ 594.292487][T31253] do_syscall_64+0x103/0x610 [ 594.292510][T31253] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.303251][T31253] RIP: 0033:0x457f29 [ 594.303266][T31253] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 594.303273][T31253] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 594.303287][T31253] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 594.303296][T31253] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 594.303304][T31253] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 594.303313][T31253] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 594.303322][T31253] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 594.512614][T31253] memory: usage 307200kB, limit 307200kB, failcnt 3218 [ 594.530445][T31253] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 594.556392][T31253] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 594.570130][T31253] Memory cgroup stats for /syz2: cache:52KB rss:289956KB rss_huge:256000KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278108KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 594.595289][T31253] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26827,uid=0 [ 594.618513][T31253] Memory cgroup out of memory: Killed process 26827 (syz-executor.2) total-vm:72708kB, anon-rss:13680kB, file-rss:35800kB, shmem-rss:0kB 09:00:15 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6c00, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:15 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:15 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0xc401, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f00000005c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000240)={@mcast1, 0x0}, &(0x7f0000000280)=0x14) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x200000, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000600)={0x4, 0x1f, 0x20000000000, 0xffffffff, 0x1, 0xffffffffffffffc0, 0x7, 0x3, 0x2, 0x8}) socket$rds(0x15, 0x5, 0x0) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000800)={@mcast1, @mcast1, @rand_addr="ecade7d6b7dcb995dab51942c43cf65d", 0x0, 0x5, 0x5, 0xffffffffffffffff, 0x8, 0x10000000280, r3}) r5 = dup(r0) syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="000827bd7000fbdbdf250d0000000800040001010000080600010000004c528aa200030008000500ac1414bb08000400167b0000080007004e24000014000600fe88000000000000000000000000000114000600ff01000000000000000000000000000108000300000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f00000004c0)={0x100000000000, 0x40000009, 0x9, {0x0, 0x989680}, 0x40, 0x7}) ioctl$SG_SCSI_RESET(r4, 0x2284, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r6, 0x200, 0x70bd2c, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sync_file_range(r2, 0x0, 0x3, 0x0) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="0b0081000000000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4844}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_tid_address(&(0x7f0000000540)) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000140)=0x2) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r8, &(0x7f0000000100)=[{&(0x7f0000000000)=""/1, 0x2}], 0x200000000000000f) sendmsg$nl_generic(r7, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x0, 0xd}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4000000000004}, [@nested={0x8, 0x11, [@generic="e2ab"]}]}, 0x1c}}, 0x2) 09:00:15 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe00, 0x0, 0x0, 0x0, 0x0) 09:00:15 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 594.801776][T31293] UBIFS error (pid: 31293): cannot open "ubi!_0x0", error -19 [ 594.816826][T31297] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x7400, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:15 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 594.935730][T31313] UBIFS error (pid: 31313): cannot open "ubi!_0x0", error -19 [ 594.970548][T31290] XFS (loop0): Invalid superblock magic number 09:00:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x7a00, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 595.064267][T31325] UBIFS error (pid: 31325): cannot open "ubi!_0x0", error -19 [ 595.301040][T31303] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 595.350740][T31303] CPU: 1 PID: 31303 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 595.359463][T31303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 595.369666][T31303] Call Trace: [ 595.372964][T31303] dump_stack+0x172/0x1f0 [ 595.377298][T31303] dump_header+0x10f/0xb6c [ 595.381718][T31303] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 595.387525][T31303] ? ___ratelimit+0x60/0x595 [ 595.392117][T31303] ? do_raw_spin_unlock+0x57/0x270 [ 595.397233][T31303] oom_kill_process.cold+0x10/0x15 [ 595.402364][T31303] out_of_memory+0x79a/0x1280 [ 595.407052][T31303] ? lock_downgrade+0x880/0x880 [ 595.411900][T31303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 595.418145][T31303] ? oom_killer_disable+0x280/0x280 [ 595.423348][T31303] ? find_held_lock+0x35/0x130 [ 595.428212][T31303] mem_cgroup_out_of_memory+0x1ca/0x230 [ 595.433756][T31303] ? memcg_event_wake+0x230/0x230 [ 595.438799][T31303] ? do_raw_spin_unlock+0x57/0x270 [ 595.443914][T31303] ? _raw_spin_unlock+0x2d/0x50 [ 595.448764][T31303] try_charge+0x118d/0x1790 [ 595.453276][T31303] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 595.458822][T31303] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 595.464374][T31303] ? find_held_lock+0x35/0x130 [ 595.469129][T31303] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 595.474665][T31303] __memcg_kmem_charge_memcg+0x7c/0x130 [ 595.480193][T31303] ? memcg_kmem_put_cache+0xb0/0xb0 [ 595.485378][T31303] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 595.490919][T31303] __memcg_kmem_charge+0x136/0x300 [ 595.496116][T31303] __alloc_pages_nodemask+0x437/0x7e0 [ 595.501474][T31303] ? __alloc_pages_slowpath+0x2900/0x2900 [ 595.507184][T31303] ? ___might_sleep+0x163/0x280 [ 595.512020][T31303] ? copyin+0xb5/0x100 [ 595.516091][T31303] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 595.522320][T31303] alloc_pages_current+0x107/0x210 [ 595.527454][T31303] pipe_write+0x659/0xf30 [ 595.531794][T31303] new_sync_write+0x4c7/0x760 [ 595.536464][T31303] ? default_llseek+0x2e0/0x2e0 [ 595.541304][T31303] ? common_file_perm+0x238/0x720 [ 595.546310][T31303] ? __fget+0x381/0x550 [ 595.550456][T31303] ? apparmor_file_permission+0x25/0x30 [ 595.556004][T31303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 595.562236][T31303] ? security_file_permission+0x94/0x380 [ 595.568028][T31303] __vfs_write+0xe4/0x110 [ 595.572349][T31303] vfs_write+0x20c/0x580 [ 595.576578][T31303] ksys_write+0xea/0x1f0 [ 595.580801][T31303] ? __ia32_sys_read+0xb0/0xb0 [ 595.585548][T31303] ? do_syscall_64+0x26/0x610 [ 595.590208][T31303] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.596257][T31303] ? do_syscall_64+0x26/0x610 [ 595.600921][T31303] __x64_sys_write+0x73/0xb0 [ 595.605498][T31303] do_syscall_64+0x103/0x610 [ 595.610073][T31303] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.615947][T31303] RIP: 0033:0x457f29 [ 595.619824][T31303] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 595.639420][T31303] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 595.647827][T31303] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 595.656046][T31303] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 595.664005][T31303] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 595.671971][T31303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 595.679941][T31303] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 595.697753][T31303] memory: usage 307092kB, limit 307200kB, failcnt 3258 [ 595.704838][T31303] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 595.712498][T31303] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 595.719752][T31303] Memory cgroup stats for /syz2: cache:52KB rss:290032KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278232KB inactive_file:0KB active_file:0KB unevictable:2048KB 09:00:16 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:16 executing program 3: openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xbf0a, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 595.744944][T31303] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31301,uid=0 [ 595.760790][T31303] Memory cgroup out of memory: Killed process 31309 (syz-executor.2) total-vm:72576kB, anon-rss:14736kB, file-rss:35796kB, shmem-rss:0kB 09:00:16 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:16 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x1020, 0x0, 0x0, 0x0, 0x0) [ 595.808153][ T1044] oom_reaper: reaped process 31309 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 595.831874][T31338] UBIFS error (pid: 31338): cannot open "ubi!_0x0", error -19 09:00:16 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xc00e, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:16 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 595.926993][T31356] UBIFS error (pid: 31356): cannot open "ubi!_0x0", error -19 [ 595.948125][T31364] UBIFS error (pid: 31364): cannot open "ubi!_0x0", error -19 [ 595.982293][T31352] XFS (loop0): Invalid superblock magic number 09:00:16 executing program 3: mount(0x0, &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 596.068069][T31377] UBIFS error (pid: 31377): cannot open "ubi!_0x0", error -19 [ 596.092176][T31379] UBIFS error (pid: 31379): cannot open "(null)", error -22 [ 596.308999][T31384] XFS (loop0): Invalid superblock magic number [ 596.467134][T31347] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 596.482972][T31347] CPU: 0 PID: 31347 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 596.491673][T31347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 596.501717][T31347] Call Trace: [ 596.505009][T31347] dump_stack+0x172/0x1f0 [ 596.509575][T31347] dump_header+0x10f/0xb6c [ 596.513990][T31347] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 596.519780][T31347] ? ___ratelimit+0x60/0x595 [ 596.524361][T31347] ? do_raw_spin_unlock+0x57/0x270 [ 596.529453][T31347] oom_kill_process.cold+0x10/0x15 [ 596.534565][T31347] out_of_memory+0x79a/0x1280 [ 596.539230][T31347] ? lock_downgrade+0x880/0x880 [ 596.544080][T31347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 596.550346][T31347] ? oom_killer_disable+0x280/0x280 [ 596.555531][T31347] ? find_held_lock+0x35/0x130 [ 596.560292][T31347] mem_cgroup_out_of_memory+0x1ca/0x230 [ 596.565828][T31347] ? memcg_event_wake+0x230/0x230 [ 596.570835][T31347] ? do_raw_spin_unlock+0x57/0x270 [ 596.575923][T31347] ? _raw_spin_unlock+0x2d/0x50 [ 596.580754][T31347] try_charge+0x118d/0x1790 [ 596.585241][T31347] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 596.590762][T31347] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 596.596309][T31347] ? find_held_lock+0x35/0x130 [ 596.601066][T31347] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 596.606605][T31347] __memcg_kmem_charge_memcg+0x7c/0x130 [ 596.612128][T31347] ? memcg_kmem_put_cache+0xb0/0xb0 [ 596.617311][T31347] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 596.622836][T31347] __memcg_kmem_charge+0x136/0x300 [ 596.627930][T31347] __alloc_pages_nodemask+0x437/0x7e0 [ 596.633289][T31347] ? __alloc_pages_slowpath+0x2900/0x2900 [ 596.638999][T31347] ? ___might_sleep+0x163/0x280 [ 596.643831][T31347] ? copyin+0xb5/0x100 [ 596.647881][T31347] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 596.654118][T31347] alloc_pages_current+0x107/0x210 [ 596.659217][T31347] pipe_write+0x659/0xf30 [ 596.663534][T31347] new_sync_write+0x4c7/0x760 [ 596.668202][T31347] ? default_llseek+0x2e0/0x2e0 [ 596.673223][T31347] ? common_file_perm+0x238/0x720 [ 596.678490][T31347] ? __fget+0x381/0x550 [ 596.682636][T31347] ? apparmor_file_permission+0x25/0x30 [ 596.688440][T31347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 596.694671][T31347] ? security_file_permission+0x94/0x380 [ 596.700300][T31347] __vfs_write+0xe4/0x110 [ 596.704614][T31347] vfs_write+0x20c/0x580 [ 596.708840][T31347] ksys_write+0xea/0x1f0 [ 596.713064][T31347] ? __ia32_sys_read+0xb0/0xb0 [ 596.717813][T31347] ? do_syscall_64+0x26/0x610 [ 596.722474][T31347] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 596.728543][T31347] ? do_syscall_64+0x26/0x610 [ 596.733201][T31347] __x64_sys_write+0x73/0xb0 [ 596.737783][T31347] do_syscall_64+0x103/0x610 [ 596.742382][T31347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 596.748269][T31347] RIP: 0033:0x457f29 [ 596.752150][T31347] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 596.771730][T31347] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 596.780140][T31347] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 596.788114][T31347] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 596.796071][T31347] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 596.804041][T31347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 596.811997][T31347] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 596.821755][T31347] memory: usage 307104kB, limit 307200kB, failcnt 3347 [ 596.828656][T31347] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 596.836736][T31347] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 596.843640][T31347] Memory cgroup stats for /syz2: cache:52KB rss:290020KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278240KB inactive_file:0KB active_file:0KB unevictable:2048KB 09:00:17 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:17 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') open(&(0x7f0000000140)='./file0\x00', 0x4000, 0x40) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:17 executing program 3: mount(0x0, &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:17 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x1e02, 0x0, 0x0, 0x0, 0x0) [ 596.866231][T31347] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31336,uid=0 [ 596.881662][T31347] Memory cgroup out of memory: Killed process 31339 (syz-executor.2) total-vm:72708kB, anon-rss:14736kB, file-rss:35800kB, shmem-rss:0kB [ 596.899949][ T1044] oom_reaper: reaped process 31339 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 596.933016][T31400] __nla_parse: 4 callbacks suppressed [ 596.933026][T31400] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:17 executing program 3: mount(0x0, &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:17 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 596.954060][T31407] UBIFS error (pid: 31407): cannot open "(null)", error -22 [ 596.981700][T31411] UBIFS error (pid: 31411): cannot open "ubi!_0x0", error -19 [ 597.027065][T31400] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 597.076902][T31422] UBIFS error (pid: 31422): cannot open "ubi!_0x0", error -19 09:00:18 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x200) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x34000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 597.078795][T31424] UBIFS error (pid: 31424): cannot open "(null)", error -22 [ 597.149588][T31406] XFS (loop0): Invalid superblock magic number [ 597.199100][T31436] UBIFS error (pid: 31436): cannot open "ubi!_0x0", error -19 [ 597.283490][T31441] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 597.434145][T31445] XFS (loop0): Invalid superblock magic number [ 597.591243][T31413] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 597.603430][T31413] CPU: 1 PID: 31413 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 597.612099][T31413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.622136][T31413] Call Trace: [ 597.625487][T31413] dump_stack+0x172/0x1f0 [ 597.629815][T31413] dump_header+0x10f/0xb6c [ 597.634221][T31413] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 597.640159][T31413] ? ___ratelimit+0x60/0x595 [ 597.644757][T31413] ? do_raw_spin_unlock+0x57/0x270 [ 597.649989][T31413] oom_kill_process.cold+0x10/0x15 [ 597.655085][T31413] out_of_memory+0x79a/0x1280 [ 597.659855][T31413] ? lock_downgrade+0x880/0x880 [ 597.664732][T31413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.670957][T31413] ? oom_killer_disable+0x280/0x280 [ 597.676133][T31413] ? find_held_lock+0x35/0x130 [ 597.680884][T31413] mem_cgroup_out_of_memory+0x1ca/0x230 [ 597.686411][T31413] ? memcg_event_wake+0x230/0x230 [ 597.695296][T31413] ? do_raw_spin_unlock+0x57/0x270 [ 597.700392][T31413] ? _raw_spin_unlock+0x2d/0x50 [ 597.705230][T31413] try_charge+0x118d/0x1790 [ 597.715153][T31413] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 597.720679][T31413] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 597.726390][T31413] ? find_held_lock+0x35/0x130 [ 597.731146][T31413] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 597.736727][T31413] __memcg_kmem_charge_memcg+0x7c/0x130 [ 597.742270][T31413] ? memcg_kmem_put_cache+0xb0/0xb0 [ 597.747479][T31413] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 597.753030][T31413] __memcg_kmem_charge+0x136/0x300 [ 597.758150][T31413] __alloc_pages_nodemask+0x437/0x7e0 [ 597.764135][T31413] ? __alloc_pages_slowpath+0x2900/0x2900 [ 597.769834][T31413] ? ___might_sleep+0x163/0x280 [ 597.774667][T31413] ? copyin+0xb5/0x100 [ 597.778719][T31413] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 597.784951][T31413] alloc_pages_current+0x107/0x210 [ 597.790066][T31413] pipe_write+0x659/0xf30 [ 597.794412][T31413] new_sync_write+0x4c7/0x760 [ 597.799079][T31413] ? default_llseek+0x2e0/0x2e0 [ 597.803920][T31413] ? common_file_perm+0x238/0x720 [ 597.808937][T31413] ? __fget+0x381/0x550 [ 597.820557][T31413] ? apparmor_file_permission+0x25/0x30 [ 597.826096][T31413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.832323][T31413] ? security_file_permission+0x94/0x380 [ 597.837944][T31413] __vfs_write+0xe4/0x110 [ 597.842272][T31413] vfs_write+0x20c/0x580 [ 597.846519][T31413] ksys_write+0xea/0x1f0 [ 597.850852][T31413] ? __ia32_sys_read+0xb0/0xb0 [ 597.855596][T31413] ? do_syscall_64+0x26/0x610 [ 597.860261][T31413] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 597.866303][T31413] ? do_syscall_64+0x26/0x610 [ 597.870964][T31413] __x64_sys_write+0x73/0xb0 [ 597.875536][T31413] do_syscall_64+0x103/0x610 [ 597.880109][T31413] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 597.885998][T31413] RIP: 0033:0x457f29 [ 597.889881][T31413] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 597.909492][T31413] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 597.917918][T31413] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 597.925885][T31413] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 597.933855][T31413] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 597.941818][T31413] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 597.949773][T31413] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 597.958750][T31413] memory: usage 307136kB, limit 307200kB, failcnt 3433 [ 597.968456][T31413] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 597.976023][T31413] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 597.976030][T31413] Memory cgroup stats for /syz2: cache:52KB rss:290144KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278296KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 597.976105][T31413] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31410,uid=0 [ 597.976189][T31413] Memory cgroup out of memory: Killed process 31412 (syz-executor.2) total-vm:72576kB, anon-rss:14728kB, file-rss:35800kB, shmem-rss:0kB 09:00:18 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:18 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', 0x0, &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:18 executing program 5: openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x400000, 0x0) mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x400300, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:18 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2000, 0x0, 0x0, 0x0, 0x0) [ 598.011744][ T1044] oom_reaper: reaped process 31412 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:00:19 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 598.083253][T31458] UBIFS error (pid: 31458): cannot open "ubi!_0x0", error -19 [ 598.106152][T31467] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:19 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', 0x0, &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:19 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 598.200016][T31463] XFS (loop0): Invalid superblock magic number [ 598.223066][ C1] net_ratelimit: 26 callbacks suppressed [ 598.223075][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 598.235076][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 598.240970][ C1] protocol 88fb is buggy, dev hsr_slave_0 09:00:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf0ffff, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:19 executing program 5: mount(0x0, &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 598.246795][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 598.252671][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 598.258446][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 598.277920][T31493] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:19 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', 0x0, &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 598.278580][T31487] UBIFS error (pid: 31487): cannot open "ubi!_0x0", error -19 [ 598.371423][T31498] UBIFS error (pid: 31498): cannot open "(null)", error -22 [ 598.559022][T31503] XFS (loop0): Invalid superblock magic number [ 598.745537][T31479] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 598.757549][T31479] CPU: 1 PID: 31479 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 598.766204][T31479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.776350][T31479] Call Trace: [ 598.779631][T31479] dump_stack+0x172/0x1f0 [ 598.784038][T31479] dump_header+0x10f/0xb6c [ 598.788432][T31479] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 598.794248][T31479] ? ___ratelimit+0x60/0x595 [ 598.798823][T31479] ? do_raw_spin_unlock+0x57/0x270 [ 598.803938][T31479] oom_kill_process.cold+0x10/0x15 [ 598.809137][T31479] out_of_memory+0x79a/0x1280 [ 598.813793][T31479] ? lock_downgrade+0x880/0x880 [ 598.818639][T31479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.824861][T31479] ? oom_killer_disable+0x280/0x280 [ 598.830037][T31479] ? find_held_lock+0x35/0x130 [ 598.834787][T31479] mem_cgroup_out_of_memory+0x1ca/0x230 [ 598.840320][T31479] ? memcg_event_wake+0x230/0x230 [ 598.845348][T31479] ? do_raw_spin_unlock+0x57/0x270 [ 598.850461][T31479] ? _raw_spin_unlock+0x2d/0x50 [ 598.855311][T31479] try_charge+0x118d/0x1790 [ 598.859796][T31479] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 598.865319][T31479] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 598.870846][T31479] ? find_held_lock+0x35/0x130 [ 598.875603][T31479] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 598.881129][T31479] __memcg_kmem_charge_memcg+0x7c/0x130 [ 598.886764][T31479] ? memcg_kmem_put_cache+0xb0/0xb0 [ 598.892235][T31479] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 598.897765][T31479] __memcg_kmem_charge+0x136/0x300 [ 598.902884][T31479] __alloc_pages_nodemask+0x437/0x7e0 [ 598.908262][T31479] ? __alloc_pages_slowpath+0x2900/0x2900 [ 598.913966][T31479] ? ___might_sleep+0x163/0x280 [ 598.918801][T31479] ? copyin+0xb5/0x100 [ 598.922854][T31479] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 598.929103][T31479] alloc_pages_current+0x107/0x210 [ 598.934205][T31479] pipe_write+0x659/0xf30 [ 598.938532][T31479] new_sync_write+0x4c7/0x760 [ 598.943192][T31479] ? default_llseek+0x2e0/0x2e0 [ 598.948037][T31479] ? common_file_perm+0x238/0x720 [ 598.953100][T31479] ? __fget+0x381/0x550 [ 598.957266][T31479] ? apparmor_file_permission+0x25/0x30 [ 598.962893][T31479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.969112][T31479] ? security_file_permission+0x94/0x380 [ 598.974722][T31479] __vfs_write+0xe4/0x110 [ 598.979033][T31479] vfs_write+0x20c/0x580 [ 598.983255][T31479] ksys_write+0xea/0x1f0 [ 598.987497][T31479] ? __ia32_sys_read+0xb0/0xb0 [ 598.992334][T31479] ? do_syscall_64+0x26/0x610 [ 598.996988][T31479] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 599.003030][T31479] ? do_syscall_64+0x26/0x610 [ 599.007686][T31479] __x64_sys_write+0x73/0xb0 [ 599.012272][T31479] do_syscall_64+0x103/0x610 [ 599.016873][T31479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 599.022744][T31479] RIP: 0033:0x457f29 [ 599.026617][T31479] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 599.046209][T31479] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 599.054613][T31479] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 599.062584][T31479] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 599.070538][T31479] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 599.078487][T31479] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 599.086435][T31479] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 599.094672][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 599.100445][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 599.101338][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 599.107384][T31479] memory: usage 307136kB, limit 307200kB, failcnt 3504 [ 599.112001][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 599.118804][T31479] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 599.132360][T31479] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 599.139208][T31479] Memory cgroup stats for /syz2: cache:52KB rss:290156KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278292KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 599.161936][T31479] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31464,uid=0 [ 599.177315][T31479] Memory cgroup out of memory: Killed process 31468 (syz-executor.2) total-vm:72576kB, anon-rss:14732kB, file-rss:35796kB, shmem-rss:0kB 09:00:20 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x1000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:20 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', 0x0, 0x0, 0x0) 09:00:20 executing program 5: mount(0x0, &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:20 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2003, 0x0, 0x0, 0x0, 0x0) [ 599.195658][ T1044] oom_reaper: reaped process 31468 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 599.240348][T31522] UBIFS error (pid: 31522): cannot open "(null)", error -22 [ 599.242663][T31518] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:20 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', 0x0, 0x0, 0x0) 09:00:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:20 executing program 5: mount(0x0, &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x2000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:20 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', 0x0, &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 599.392038][T31524] XFS (loop0): Invalid superblock magic number 09:00:20 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', 0x0, 0x0, 0x0) [ 599.396585][T31547] UBIFS error (pid: 31547): cannot open "(null)", error -22 [ 599.447389][T31551] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 599.881944][T31533] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 599.894152][T31533] CPU: 1 PID: 31533 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 599.902836][T31533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 599.912888][T31533] Call Trace: [ 599.916430][T31533] dump_stack+0x172/0x1f0 [ 599.920975][T31533] dump_header+0x10f/0xb6c [ 599.925757][T31533] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 599.931566][T31533] ? ___ratelimit+0x60/0x595 [ 599.936233][T31533] ? do_raw_spin_unlock+0x57/0x270 [ 599.941335][T31533] oom_kill_process.cold+0x10/0x15 [ 599.946437][T31533] out_of_memory+0x79a/0x1280 [ 599.951123][T31533] ? lock_downgrade+0x880/0x880 [ 599.955960][T31533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 599.962192][T31533] ? oom_killer_disable+0x280/0x280 [ 599.967382][T31533] ? find_held_lock+0x35/0x130 [ 599.972132][T31533] mem_cgroup_out_of_memory+0x1ca/0x230 [ 599.977901][T31533] ? memcg_event_wake+0x230/0x230 [ 599.982947][T31533] ? do_raw_spin_unlock+0x57/0x270 [ 599.988060][T31533] ? _raw_spin_unlock+0x2d/0x50 [ 599.992897][T31533] try_charge+0x118d/0x1790 [ 599.997384][T31533] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 600.002913][T31533] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 600.008440][T31533] ? find_held_lock+0x35/0x130 [ 600.013192][T31533] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 600.018902][T31533] __memcg_kmem_charge_memcg+0x7c/0x130 [ 600.031602][T31533] ? memcg_kmem_put_cache+0xb0/0xb0 [ 600.036794][T31533] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 600.042344][T31533] __memcg_kmem_charge+0x136/0x300 [ 600.047455][T31533] __alloc_pages_nodemask+0x437/0x7e0 [ 600.052847][T31533] ? __alloc_pages_slowpath+0x2900/0x2900 [ 600.063415][T31533] ? ___might_sleep+0x163/0x280 [ 600.068749][T31533] ? copyin+0xb5/0x100 [ 600.072909][T31533] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 600.079143][T31533] alloc_pages_current+0x107/0x210 [ 600.084273][T31533] pipe_write+0x659/0xf30 [ 600.088614][T31533] new_sync_write+0x4c7/0x760 [ 600.093330][T31533] ? default_llseek+0x2e0/0x2e0 [ 600.098195][T31533] ? common_file_perm+0x238/0x720 [ 600.103207][T31533] ? __fget+0x381/0x550 [ 600.107361][T31533] ? apparmor_file_permission+0x25/0x30 [ 600.121022][T31533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.127252][T31533] ? security_file_permission+0x94/0x380 [ 600.132892][T31533] __vfs_write+0xe4/0x110 [ 600.137223][T31533] vfs_write+0x20c/0x580 [ 600.141534][T31533] ksys_write+0xea/0x1f0 [ 600.145766][T31533] ? __ia32_sys_read+0xb0/0xb0 [ 600.150625][T31533] ? do_syscall_64+0x26/0x610 [ 600.155287][T31533] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 600.161337][T31533] ? do_syscall_64+0x26/0x610 [ 600.166336][T31533] __x64_sys_write+0x73/0xb0 [ 600.170915][T31533] do_syscall_64+0x103/0x610 [ 600.175497][T31533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 600.181568][T31533] RIP: 0033:0x457f29 [ 600.185468][T31533] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 600.213257][T31533] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 600.221933][T31533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 600.229934][T31533] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 600.253174][T31533] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 600.261235][T31533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 600.271207][T31533] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 600.280269][T31533] memory: usage 307136kB, limit 307200kB, failcnt 3590 [ 600.287207][T31533] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 600.294761][T31533] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 600.303461][T31533] Memory cgroup stats for /syz2: cache:52KB rss:290144KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278256KB inactive_file:0KB active_file:0KB unevictable:2048KB 09:00:21 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:21 executing program 3 (fault-call:0 fault-nth:0): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:21 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', 0x0, &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x3000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:21 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2010, 0x0, 0x0, 0x0, 0x0) [ 600.327642][T31533] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31529,uid=0 [ 600.343359][T31533] Memory cgroup out of memory: Killed process 31530 (syz-executor.2) total-vm:72576kB, anon-rss:14728kB, file-rss:35800kB, shmem-rss:0kB [ 600.363752][ T1044] oom_reaper: reaped process 31530 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:00:21 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', 0x0, &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:21 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 600.436032][T31581] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 600.453697][T31581] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x4000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:21 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', 0x0, 0x0, 0x0) [ 600.569646][T31600] UBIFS error (pid: 31600): cannot open "ubi!_0x0", error -19 [ 600.591425][T31576] XFS (loop0): Invalid superblock magic number 09:00:21 executing program 3: mount(&(0x7f0000000100)=@sg0='.bi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 600.632873][T31606] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 600.699085][T31612] UBIFS error (pid: 31612): cannot open ".bi!_0x0", error -22 [ 600.704381][T31612] UBIFS error (pid: 31612): cannot open ".bi!_0x0", error -22 [ 600.756358][T31586] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 600.774201][T31586] CPU: 1 PID: 31586 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 600.782922][T31586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.792972][T31586] Call Trace: [ 600.796259][T31586] dump_stack+0x172/0x1f0 [ 600.800598][T31586] dump_header+0x10f/0xb6c [ 600.805004][T31586] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 600.819851][T31586] ? ___ratelimit+0x60/0x595 [ 600.824485][T31586] ? do_raw_spin_unlock+0x57/0x270 [ 600.829583][T31586] oom_kill_process.cold+0x10/0x15 [ 600.834699][T31586] out_of_memory+0x79a/0x1280 [ 600.839380][T31586] ? lock_downgrade+0x880/0x880 [ 600.844220][T31586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.850444][T31586] ? oom_killer_disable+0x280/0x280 [ 600.856040][T31586] ? find_held_lock+0x35/0x130 [ 600.860809][T31586] mem_cgroup_out_of_memory+0x1ca/0x230 [ 600.866349][T31586] ? memcg_event_wake+0x230/0x230 [ 600.871369][T31586] ? do_raw_spin_unlock+0x57/0x270 [ 600.876469][T31586] ? _raw_spin_unlock+0x2d/0x50 [ 600.881308][T31586] try_charge+0x118d/0x1790 [ 600.885800][T31586] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 600.891342][T31586] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 600.896868][T31586] ? find_held_lock+0x35/0x130 [ 600.901698][T31586] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 600.907241][T31586] __memcg_kmem_charge_memcg+0x7c/0x130 [ 600.912770][T31586] ? memcg_kmem_put_cache+0xb0/0xb0 [ 600.917954][T31586] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 600.923483][T31586] __memcg_kmem_charge+0x136/0x300 [ 600.928622][T31586] __alloc_pages_nodemask+0x437/0x7e0 [ 600.934362][T31586] ? __alloc_pages_slowpath+0x2900/0x2900 [ 600.940065][T31586] ? ___might_sleep+0x163/0x280 [ 600.944900][T31586] ? copyin+0xb5/0x100 [ 600.948969][T31586] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 600.955212][T31586] alloc_pages_current+0x107/0x210 [ 600.960337][T31586] pipe_write+0x659/0xf30 [ 600.964665][T31586] new_sync_write+0x4c7/0x760 [ 600.969479][T31586] ? default_llseek+0x2e0/0x2e0 [ 600.974336][T31586] ? common_file_perm+0x238/0x720 [ 600.979345][T31586] ? __fget+0x381/0x550 [ 600.983514][T31586] ? apparmor_file_permission+0x25/0x30 [ 600.989046][T31586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.995272][T31586] ? security_file_permission+0x94/0x380 [ 601.000907][T31586] __vfs_write+0xe4/0x110 [ 601.005221][T31586] vfs_write+0x20c/0x580 [ 601.009453][T31586] ksys_write+0xea/0x1f0 [ 601.013683][T31586] ? __ia32_sys_read+0xb0/0xb0 [ 601.018445][T31586] ? do_syscall_64+0x26/0x610 [ 601.023117][T31586] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 601.029185][T31586] ? do_syscall_64+0x26/0x610 [ 601.033865][T31586] __x64_sys_write+0x73/0xb0 [ 601.038451][T31586] do_syscall_64+0x103/0x610 [ 601.043045][T31586] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 601.049047][T31586] RIP: 0033:0x457f29 [ 601.052925][T31586] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 601.072614][T31586] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 601.081173][T31586] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 601.091165][T31586] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 601.099404][T31586] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 601.107360][T31586] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 601.115401][T31586] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 601.130118][T31586] memory: usage 307200kB, limit 307200kB, failcnt 3667 [ 601.137255][T31586] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 601.145243][T31586] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 601.152213][T31586] Memory cgroup stats for /syz2: cache:52KB rss:290012KB rss_huge:258048KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:278232KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 601.175284][T31586] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31572,uid=0 [ 601.191273][T31586] Memory cgroup out of memory: Killed process 31572 (syz-executor.2) total-vm:72576kB, anon-rss:14684kB, file-rss:34816kB, shmem-rss:0kB 09:00:22 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:22 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', 0x0, 0x0, 0x0) 09:00:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x5000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:22 executing program 3: mount(&(0x7f0000000100)=@sg0='/bi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 601.211657][ T1044] oom_reaper: reaped process 31572 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 09:00:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2300, 0x0, 0x0, 0x0, 0x0) 09:00:22 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 601.271704][T31625] UBIFS error (pid: 31625): cannot open "/bi!_0x0", error -22 [ 601.288740][T31625] UBIFS error (pid: 31625): cannot open "/bi!_0x0", error -22 09:00:22 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', 0x0, 0x0, 0x0) 09:00:22 executing program 3: mount(&(0x7f0000000100)=@sg0='ub%!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:22 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:22 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi:_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 601.445646][T31655] UBIFS error (pid: 31655): cannot open "ub%!_0x0", error -22 09:00:22 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:22 executing program 5: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x7000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 601.446269][T31655] UBIFS error (pid: 31655): cannot open "ub%!_0x0", error -22 [ 601.499557][T31640] XFS (loop0): Invalid superblock magic number [ 601.579778][T31669] UBIFS error (pid: 31669): cannot open "ubi:_0x0", error -19 [ 601.580999][T31669] UBIFS error (pid: 31669): cannot open "ubi:_0x0", error -19 09:00:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2403, 0x0, 0x0, 0x0, 0x0) 09:00:22 executing program 5: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:22 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_1x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x8000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 601.947277][T31676] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 601.965021][T31696] UBIFS error (pid: 31696): cannot open "ubi!_1x0", error -19 [ 601.966356][T31693] __nla_parse: 3 callbacks suppressed [ 601.966366][T31693] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 601.978006][T31676] CPU: 1 PID: 31676 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 601.980069][T31696] UBIFS error (pid: 31696): cannot open "ubi!_1x0", error -19 [ 601.997318][T31676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.015042][T31676] Call Trace: [ 602.016012][T31702] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 602.018448][T31676] dump_stack+0x172/0x1f0 [ 602.018469][T31676] dump_header+0x10f/0xb6c [ 602.018485][T31676] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 602.018499][T31676] ? ___ratelimit+0x60/0x595 [ 602.018523][T31676] ? do_raw_spin_unlock+0x57/0x270 [ 602.056105][T31676] oom_kill_process.cold+0x10/0x15 [ 602.061247][T31676] out_of_memory+0x79a/0x1280 [ 602.061925][T31706] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 602.066455][T31676] ? lock_downgrade+0x880/0x880 [ 602.066472][T31676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.066489][T31676] ? oom_killer_disable+0x280/0x280 [ 602.066499][T31676] ? find_held_lock+0x35/0x130 [ 602.066520][T31676] mem_cgroup_out_of_memory+0x1ca/0x230 [ 602.066533][T31676] ? memcg_event_wake+0x230/0x230 [ 602.066558][T31676] ? do_raw_spin_unlock+0x57/0x270 [ 602.084194][T31706] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 602.086935][T31676] ? _raw_spin_unlock+0x2d/0x50 [ 602.086956][T31676] try_charge+0x118d/0x1790 [ 602.086978][T31676] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 602.086990][T31676] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 602.087005][T31676] ? find_held_lock+0x35/0x130 09:00:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xa000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xe000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 602.087030][T31676] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 602.123336][T31711] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 602.127024][T31676] __memcg_kmem_charge_memcg+0x7c/0x130 [ 602.127040][T31676] ? memcg_kmem_put_cache+0xb0/0xb0 [ 602.127058][T31676] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 602.127073][T31676] __memcg_kmem_charge+0x136/0x300 [ 602.127100][T31676] __alloc_pages_nodemask+0x437/0x7e0 [ 602.127122][T31676] ? __alloc_pages_slowpath+0x2900/0x2900 [ 602.134286][T31711] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 602.137160][T31676] ? ___might_sleep+0x163/0x280 [ 602.137180][T31676] ? copyin+0xb5/0x100 [ 602.137200][T31676] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 602.137222][T31676] alloc_pages_current+0x107/0x210 [ 602.233615][T31676] pipe_write+0x659/0xf30 [ 602.238280][T31676] new_sync_write+0x4c7/0x760 [ 602.243112][T31676] ? default_llseek+0x2e0/0x2e0 [ 602.248402][T31676] ? common_file_perm+0x238/0x720 [ 602.253662][T31676] ? __fget+0x381/0x550 [ 602.257816][T31676] ? apparmor_file_permission+0x25/0x30 [ 602.263616][T31676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.270722][T31676] ? security_file_permission+0x94/0x380 [ 602.277029][T31676] __vfs_write+0xe4/0x110 [ 602.284657][T31676] vfs_write+0x20c/0x580 [ 602.288950][T31676] ksys_write+0xea/0x1f0 [ 602.294269][T31676] ? __ia32_sys_read+0xb0/0xb0 [ 602.299414][T31676] ? do_syscall_64+0x26/0x610 [ 602.305019][T31676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 602.311522][T31676] ? do_syscall_64+0x26/0x610 [ 602.316239][T31676] __x64_sys_write+0x73/0xb0 [ 602.320833][T31676] do_syscall_64+0x103/0x610 [ 602.325422][T31676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 602.331358][T31676] RIP: 0033:0x457f29 [ 602.335337][T31676] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 602.355711][T31676] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 602.365374][T31676] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 602.373563][T31676] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 602.381540][T31676] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 602.389664][T31676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 602.397695][T31676] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 602.411425][T31676] memory: usage 307168kB, limit 307200kB, failcnt 3747 [ 602.418713][T31676] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 602.418722][T31676] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 602.418729][T31676] Memory cgroup stats for /syz2: cache:52KB rss:289584KB rss_huge:256000KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277764KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 602.481319][T31676] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31198,uid=0 09:00:23 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x10000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:23 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x1\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:23 executing program 5: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(0x0) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 602.507842][T31676] Memory cgroup out of memory: Killed process 31198 (syz-executor.2) total-vm:72708kB, anon-rss:13360kB, file-rss:35800kB, shmem-rss:0kB [ 602.526555][ T1044] oom_reaper: reaped process 31198 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 602.584029][T31725] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 602.584185][T31727] UBIFS error (pid: 31727): cannot open "ubi!_0x1", error -19 [ 602.600244][T31727] UBIFS error (pid: 31727): cannot open "ubi!_0x1", error -19 [ 602.678356][T31717] XFS (loop0): Invalid superblock magic number [ 602.873962][T31740] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 602.887379][T31740] CPU: 0 PID: 31740 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 602.896647][T31740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.907210][T31740] Call Trace: [ 602.910505][T31740] dump_stack+0x172/0x1f0 [ 602.915198][T31740] dump_header+0x10f/0xb6c [ 602.919633][T31740] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 602.925629][T31740] ? ___ratelimit+0x60/0x595 [ 602.930745][T31740] ? do_raw_spin_unlock+0x57/0x270 [ 602.936909][T31740] oom_kill_process.cold+0x10/0x15 [ 602.942275][T31740] out_of_memory+0x79a/0x1280 [ 602.947046][T31740] ? lock_downgrade+0x880/0x880 [ 602.952135][T31740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.958839][T31740] ? oom_killer_disable+0x280/0x280 [ 602.964935][T31740] ? find_held_lock+0x35/0x130 [ 602.970619][T31740] mem_cgroup_out_of_memory+0x1ca/0x230 [ 602.976652][T31740] ? memcg_event_wake+0x230/0x230 [ 602.982393][T31740] ? do_raw_spin_unlock+0x57/0x270 [ 602.993000][T31740] ? _raw_spin_unlock+0x2d/0x50 [ 602.998317][T31740] try_charge+0x118d/0x1790 [ 603.003319][T31740] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 603.011186][T31740] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 603.017953][T31740] ? find_held_lock+0x35/0x130 [ 603.025373][T31740] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 603.031308][T31740] __memcg_kmem_charge_memcg+0x7c/0x130 [ 603.041439][T31740] ? memcg_kmem_put_cache+0xb0/0xb0 [ 603.046968][T31740] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 603.056564][T31740] __memcg_kmem_charge+0x136/0x300 [ 603.065528][T31740] __alloc_pages_nodemask+0x437/0x7e0 [ 603.071648][T31740] ? __alloc_pages_slowpath+0x2900/0x2900 [ 603.078125][T31740] ? ___might_sleep+0x163/0x280 [ 603.085781][T31740] ? copyin+0xb5/0x100 [ 603.095082][T31740] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 603.101735][T31740] alloc_pages_current+0x107/0x210 [ 603.107676][T31740] pipe_write+0x659/0xf30 [ 603.112808][T31740] new_sync_write+0x4c7/0x760 [ 603.118284][T31740] ? default_llseek+0x2e0/0x2e0 [ 603.124160][T31740] ? common_file_perm+0x238/0x720 [ 603.131335][T31740] ? __fget+0x381/0x550 [ 603.141130][T31740] ? apparmor_file_permission+0x25/0x30 [ 603.154614][T31740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 603.174768][T31740] ? security_file_permission+0x94/0x380 [ 603.181421][T31740] __vfs_write+0xe4/0x110 [ 603.186096][T31740] vfs_write+0x20c/0x580 [ 603.190919][T31740] ksys_write+0xea/0x1f0 [ 603.197100][T31740] ? __ia32_sys_read+0xb0/0xb0 [ 603.206745][T31740] ? do_syscall_64+0x26/0x610 [ 603.213276][T31740] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 603.219690][T31740] ? do_syscall_64+0x26/0x610 [ 603.224479][T31740] __x64_sys_write+0x73/0xb0 [ 603.230621][T31740] do_syscall_64+0x103/0x610 [ 603.235359][T31740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 603.242193][T31740] RIP: 0033:0x457f29 [ 603.246109][T31740] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 603.261322][ C1] net_ratelimit: 20 callbacks suppressed [ 603.261331][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 603.266225][T31740] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 603.272359][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 603.278198][T31740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 603.278216][T31740] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 603.319643][T31740] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 603.331473][T31740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 603.343002][T31740] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 603.357529][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 603.365360][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 603.372642][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 603.381009][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 603.392604][T31740] memory: usage 307084kB, limit 307200kB, failcnt 3812 [ 603.400319][T31740] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 603.411822][T31740] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 603.419007][T31740] Memory cgroup stats for /syz2: cache:52KB rss:289440KB rss_huge:256000KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277636KB inactive_file:8KB active_file:0KB unevictable:2048KB [ 603.449844][T31740] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29123,uid=0 09:00:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2c00, 0x0, 0x0, 0x0, 0x0) 09:00:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x20000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:24 executing program 5 (fault-call:0 fault-nth:0): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:24 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x02', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 603.474024][T31740] Memory cgroup out of memory: Killed process 29123 (syz-executor.2) total-vm:72708kB, anon-rss:12460kB, file-rss:35804kB, shmem-rss:0kB 09:00:24 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 603.557358][T31761] UBIFS error (pid: 31761): cannot open "ubi!_0x0", error -19 [ 603.557935][T31761] UBIFS error (pid: 31761): cannot open "ubi!_0x0", error -19 [ 603.563640][T31763] FAULT_INJECTION: forcing a failure. [ 603.563640][T31763] name failslab, interval 1, probability 0, space 0, times 0 [ 603.607135][T31763] CPU: 0 PID: 31763 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 603.608964][T31764] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 603.616269][T31763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.616278][T31763] Call Trace: [ 603.616310][T31763] dump_stack+0x172/0x1f0 [ 603.616335][T31763] should_fail.cold+0xa/0x15 [ 603.616355][T31763] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 603.616373][T31763] ? ___might_sleep+0x163/0x280 [ 603.616394][T31763] __should_failslab+0x121/0x190 [ 603.616429][T31763] should_failslab+0x9/0x14 [ 603.616448][T31763] __kmalloc_track_caller+0x2d8/0x740 [ 603.616469][T31763] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 603.616479][T31763] ? fput_many+0x12c/0x1a0 09:00:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:24 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x03', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 603.616492][T31763] ? strndup_user+0x77/0xd0 [ 603.616512][T31763] memdup_user+0x26/0xb0 [ 603.695280][T31776] UBIFS error (pid: 31776): cannot open "ubi!_0x0", error -19 [ 603.696066][T31776] UBIFS error (pid: 31776): cannot open "ubi!_0x0", error -19 [ 603.700705][T31763] strndup_user+0x77/0xd0 [ 603.700722][T31763] ksys_mount+0x3c/0x150 [ 603.700737][T31763] __x64_sys_mount+0xbe/0x150 [ 603.700759][T31763] do_syscall_64+0x103/0x610 09:00:24 executing program 5 (fault-call:0 fault-nth:1): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 603.700777][T31763] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 603.700794][T31763] RIP: 0033:0x457f29 [ 603.711803][T31764] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 603.715794][T31763] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 603.715802][T31763] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 603.715817][T31763] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 603.715824][T31763] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 603.715833][T31763] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 603.715841][T31763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 603.715852][T31763] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 09:00:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:24 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x04', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 603.893385][T31788] FAULT_INJECTION: forcing a failure. [ 603.893385][T31788] name failslab, interval 1, probability 0, space 0, times 0 09:00:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x28000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 603.948311][T31788] CPU: 1 PID: 31788 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 603.957729][T31788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.968675][T31788] Call Trace: [ 603.972206][T31788] dump_stack+0x172/0x1f0 [ 603.976907][T31788] should_fail.cold+0xa/0x15 [ 603.981822][T31788] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 603.988106][T31788] ? ___might_sleep+0x163/0x280 [ 603.993937][T31788] __should_failslab+0x121/0x190 [ 604.002621][T31788] should_failslab+0x9/0x14 [ 604.007601][T31788] __kmalloc_track_caller+0x2d8/0x740 [ 604.016218][T31788] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 604.018452][T31798] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 604.023732][T31788] ? strndup_user+0x77/0xd0 [ 604.023751][T31788] memdup_user+0x26/0xb0 [ 604.023766][T31788] strndup_user+0x77/0xd0 [ 604.023782][T31788] ksys_mount+0x7b/0x150 [ 604.023802][T31788] __x64_sys_mount+0xbe/0x150 [ 604.023823][T31788] do_syscall_64+0x103/0x610 [ 604.023845][T31788] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 604.023857][T31788] RIP: 0033:0x457f29 [ 604.023872][T31788] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 604.023879][T31788] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 604.044373][T31766] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 604.047292][T31788] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 604.047301][T31788] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 604.047309][T31788] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 604.047318][T31788] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 604.047327][T31788] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 [ 604.061342][T31799] UBIFS error (pid: 31799): cannot open "ubi!_0x0", error -19 [ 604.062240][T31799] UBIFS error (pid: 31799): cannot open "ubi!_0x0", error -19 [ 604.067685][T31766] CPU: 0 PID: 31766 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 604.204501][T31766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.227451][T31766] Call Trace: [ 604.231451][T31766] dump_stack+0x172/0x1f0 [ 604.237342][T31766] dump_header+0x10f/0xb6c [ 604.247174][T31766] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 604.255348][T31766] ? ___ratelimit+0x60/0x595 [ 604.260588][T31766] ? do_raw_spin_unlock+0x57/0x270 [ 604.270092][T31766] oom_kill_process.cold+0x10/0x15 [ 604.276665][T31766] out_of_memory+0x79a/0x1280 [ 604.284973][T31766] ? lock_downgrade+0x880/0x880 [ 604.294757][T31766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.307840][T31766] ? oom_killer_disable+0x280/0x280 [ 604.315833][T31766] ? find_held_lock+0x35/0x130 [ 604.327908][T31766] mem_cgroup_out_of_memory+0x1ca/0x230 [ 604.342221][T31766] ? memcg_event_wake+0x230/0x230 [ 604.357118][T31766] ? do_raw_spin_unlock+0x57/0x270 [ 604.365275][T31766] ? _raw_spin_unlock+0x2d/0x50 [ 604.377896][T31766] try_charge+0x118d/0x1790 [ 604.388874][T31766] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 604.407869][T31766] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 604.427878][T31766] ? find_held_lock+0x35/0x130 [ 604.437765][T31766] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 604.445191][T31766] __memcg_kmem_charge_memcg+0x7c/0x130 [ 604.451614][T31766] ? memcg_kmem_put_cache+0xb0/0xb0 [ 604.456826][T31766] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 604.461311][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 604.465117][T31766] __memcg_kmem_charge+0x136/0x300 [ 604.475221][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 604.480570][T31766] __alloc_pages_nodemask+0x437/0x7e0 [ 604.486919][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 604.492467][T31766] ? __alloc_pages_slowpath+0x2900/0x2900 [ 604.492484][T31766] ? ___might_sleep+0x163/0x280 [ 604.492504][T31766] ? copyin+0xb5/0x100 [ 604.499103][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 604.505130][T31766] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 604.505148][T31766] alloc_pages_current+0x107/0x210 [ 604.505169][T31766] pipe_write+0x659/0xf30 [ 604.505194][T31766] new_sync_write+0x4c7/0x760 [ 604.542458][T31766] ? default_llseek+0x2e0/0x2e0 [ 604.548058][T31766] ? common_file_perm+0x238/0x720 [ 604.554433][T31766] ? __fget+0x381/0x550 [ 604.559152][T31766] ? apparmor_file_permission+0x25/0x30 [ 604.565604][T31766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.572119][T31766] ? security_file_permission+0x94/0x380 [ 604.578156][T31766] __vfs_write+0xe4/0x110 [ 604.583199][T31766] vfs_write+0x20c/0x580 [ 604.587715][T31766] ksys_write+0xea/0x1f0 [ 604.608502][T31766] ? __ia32_sys_read+0xb0/0xb0 [ 604.619695][T31766] ? do_syscall_64+0x26/0x610 [ 604.627491][T31766] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 604.634183][T31766] ? do_syscall_64+0x26/0x610 [ 604.639631][T31766] __x64_sys_write+0x73/0xb0 [ 604.650695][T31766] do_syscall_64+0x103/0x610 [ 604.655817][T31766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 604.663396][T31766] RIP: 0033:0x457f29 [ 604.667332][T31766] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 604.696845][T31766] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 604.706829][T31766] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 604.715287][T31766] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 604.723563][T31766] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 604.731624][T31766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 604.739873][T31766] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 604.749838][T31766] memory: usage 307200kB, limit 307200kB, failcnt 3832 [ 604.757423][T31766] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 604.781399][T31766] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 604.802015][T31766] Memory cgroup stats for /syz2: cache:52KB rss:289608KB rss_huge:256000KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277700KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 604.853530][T31766] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31740,uid=0 [ 604.878084][T31766] Memory cgroup out of memory: Killed process 31740 (syz-executor.2) total-vm:72708kB, anon-rss:13232kB, file-rss:35804kB, shmem-rss:0kB 09:00:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2c01, 0x0, 0x0, 0x0, 0x0) 09:00:25 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x05', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:25 executing program 5 (fault-call:0 fault-nth:2): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x48000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:25 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 605.010238][T31817] UBIFS error (pid: 31817): cannot open "ubi!_0x0", error -19 [ 605.014119][T31817] UBIFS error (pid: 31817): cannot open "ubi!_0x0", error -19 [ 605.025835][T31819] FAULT_INJECTION: forcing a failure. [ 605.025835][T31819] name failslab, interval 1, probability 0, space 0, times 0 [ 605.066341][T31819] CPU: 0 PID: 31819 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 605.075635][T31819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.087511][T31819] Call Trace: [ 605.091080][T31819] dump_stack+0x172/0x1f0 [ 605.096318][T31819] should_fail.cold+0xa/0x15 [ 605.101780][T31819] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 605.105011][T31827] UBIFS error (pid: 31827): cannot open "ubi!_0x0", error -19 [ 605.105473][T31827] UBIFS error (pid: 31827): cannot open "ubi!_0x0", error -19 [ 605.107897][T31819] ? ___might_sleep+0x163/0x280 [ 605.107921][T31819] __should_failslab+0x121/0x190 [ 605.107948][T31819] should_failslab+0x9/0x14 [ 605.142101][T31819] kmem_cache_alloc+0x2b2/0x6f0 [ 605.147016][T31819] ? __might_fault+0x12b/0x1e0 [ 605.155001][T31819] getname_flags+0xd6/0x5b0 [ 605.166006][T31819] user_path_at_empty+0x2f/0x50 [ 605.173921][T31819] do_mount+0x150/0x2c40 [ 605.178280][T31819] ? copy_mount_string+0x40/0x40 [ 605.183626][T31819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.190305][T31819] ? _copy_from_user+0xdd/0x150 [ 605.195205][T31819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.202818][T31819] ? copy_mount_options+0x280/0x3a0 [ 605.210337][T31819] ksys_mount+0xdb/0x150 [ 605.215378][T31819] __x64_sys_mount+0xbe/0x150 [ 605.221059][T31819] do_syscall_64+0x103/0x610 [ 605.226235][T31819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.232410][T31819] RIP: 0033:0x457f29 [ 605.236414][T31819] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 605.258148][T31819] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 605.268053][T31834] UBIFS error (pid: 31834): cannot open "ubi!_0x0", error -19 [ 605.268209][T31819] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 605.270411][T31834] UBIFS error (pid: 31834): cannot open "ubi!_0x0", error -19 [ 605.284641][T31819] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 605.301460][T31819] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 605.310071][T31819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 09:00:25 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x06', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:26 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\a', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x4c000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:26 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0H', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 605.318335][T31819] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 09:00:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 605.386594][T31847] UBIFS error (pid: 31847): cannot open "ubi!_0x0H", error -19 [ 605.406433][T31822] XFS (loop0): Invalid superblock magic number [ 605.418051][T31847] UBIFS error (pid: 31847): cannot open "ubi!_0x0H", error -19 [ 605.508843][T31816] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 605.529884][T31816] CPU: 1 PID: 31816 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 605.540198][T31816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.553931][T31816] Call Trace: [ 605.559662][T31816] dump_stack+0x172/0x1f0 [ 605.564469][T31816] dump_header+0x10f/0xb6c [ 605.570687][T31816] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 605.578325][T31816] ? ___ratelimit+0x60/0x595 [ 605.585112][T31816] ? do_raw_spin_unlock+0x57/0x270 [ 605.590755][T31816] oom_kill_process.cold+0x10/0x15 [ 605.596665][T31816] out_of_memory+0x79a/0x1280 [ 605.604995][T31816] ? lock_downgrade+0x880/0x880 [ 605.610620][T31816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.617084][T31816] ? oom_killer_disable+0x280/0x280 [ 605.622570][T31816] ? find_held_lock+0x35/0x130 [ 605.627356][T31816] mem_cgroup_out_of_memory+0x1ca/0x230 [ 605.632902][T31816] ? memcg_event_wake+0x230/0x230 [ 605.639204][T31816] ? do_raw_spin_unlock+0x57/0x270 [ 605.644844][T31816] ? _raw_spin_unlock+0x2d/0x50 [ 605.650071][T31816] try_charge+0x118d/0x1790 [ 605.654797][T31816] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 605.661693][T31816] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 605.667445][T31816] ? find_held_lock+0x35/0x130 [ 605.672754][T31816] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 605.678903][T31816] __memcg_kmem_charge_memcg+0x7c/0x130 [ 605.684469][T31816] ? memcg_kmem_put_cache+0xb0/0xb0 [ 605.689883][T31816] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 605.695440][T31816] __memcg_kmem_charge+0x136/0x300 [ 605.700786][T31816] __alloc_pages_nodemask+0x437/0x7e0 [ 605.706522][T31816] ? __alloc_pages_slowpath+0x2900/0x2900 [ 605.712264][T31816] ? ___might_sleep+0x163/0x280 [ 605.717207][T31816] ? copyin+0xb5/0x100 [ 605.721594][T31816] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 605.727851][T31816] alloc_pages_current+0x107/0x210 [ 605.733254][T31816] pipe_write+0x659/0xf30 [ 605.737648][T31816] new_sync_write+0x4c7/0x760 [ 605.742376][T31816] ? default_llseek+0x2e0/0x2e0 [ 605.747332][T31816] ? common_file_perm+0x238/0x720 [ 605.752397][T31816] ? __fget+0x381/0x550 [ 605.756822][T31816] ? apparmor_file_permission+0x25/0x30 [ 605.762891][T31816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.769185][T31816] ? security_file_permission+0x94/0x380 [ 605.774823][T31816] __vfs_write+0xe4/0x110 [ 605.779395][T31816] vfs_write+0x20c/0x580 [ 605.783806][T31816] ksys_write+0xea/0x1f0 [ 605.788110][T31816] ? __ia32_sys_read+0xb0/0xb0 [ 605.793213][T31816] ? do_syscall_64+0x26/0x610 [ 605.797896][T31816] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.804014][T31816] ? do_syscall_64+0x26/0x610 [ 605.808781][T31816] __x64_sys_write+0x73/0xb0 [ 605.813370][T31816] do_syscall_64+0x103/0x610 [ 605.818048][T31816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.823934][T31816] RIP: 0033:0x457f29 [ 605.827854][T31816] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 605.847808][T31816] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 605.856427][T31816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 605.865817][T31816] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 605.874104][T31816] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 605.882993][T31816] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 605.891303][T31816] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 605.907045][T31816] memory: usage 307200kB, limit 307200kB, failcnt 3902 [ 605.916187][T31816] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 605.929063][T31816] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 605.937425][T31816] Memory cgroup stats for /syz2: cache:52KB rss:289512KB rss_huge:256000KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277652KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 605.962180][T31816] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31766,uid=0 [ 605.979498][T31816] Memory cgroup out of memory: Killed process 31766 (syz-executor.2) total-vm:72708kB, anon-rss:12460kB, file-rss:35804kB, shmem-rss:0kB [ 605.998435][ T1044] oom_reaper: reaped process 31766 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 09:00:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3c00, 0x0, 0x0, 0x0, 0x0) 09:00:26 executing program 5 (fault-call:0 fault-nth:3): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x60000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:26 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0L', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:26 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 606.087266][T31860] UBIFS error (pid: 31860): cannot open "ubi!_0x0L", error -19 [ 606.089109][T31860] UBIFS error (pid: 31860): cannot open "ubi!_0x0L", error -19 [ 606.102909][T31867] FAULT_INJECTION: forcing a failure. [ 606.102909][T31867] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 606.124006][T31867] CPU: 1 PID: 31867 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 09:00:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x68000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 606.132718][T31867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.143149][T31867] Call Trace: [ 606.146605][T31867] dump_stack+0x172/0x1f0 [ 606.151059][T31867] should_fail.cold+0xa/0x15 [ 606.156202][T31867] ? kernel_text_address+0x73/0xf0 [ 606.161984][T31867] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 606.168038][T31867] ? __lock_acquire+0x548/0x3fb0 [ 606.173024][T31867] ? __save_stack_trace+0x8a/0xf0 [ 606.178178][T31867] should_fail_alloc_page+0x50/0x60 [ 606.183421][T31867] __alloc_pages_nodemask+0x1a1/0x7e0 [ 606.189012][T31867] ? __alloc_pages_slowpath+0x2900/0x2900 [ 606.194760][T31867] ? find_held_lock+0x35/0x130 [ 606.199560][T31867] ? do_syscall_64+0x103/0x610 [ 606.204390][T31867] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 606.210420][T31867] cache_grow_begin+0x9c/0x860 [ 606.215567][T31867] ? getname_flags+0xd6/0x5b0 [ 606.221580][T31867] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 606.228211][T31867] kmem_cache_alloc+0x62d/0x6f0 [ 606.233977][T31867] getname_flags+0xd6/0x5b0 09:00:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6c000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 606.238720][T31867] user_path_at_empty+0x2f/0x50 [ 606.243783][T31867] do_mount+0x150/0x2c40 [ 606.248062][T31867] ? copy_mount_string+0x40/0x40 [ 606.253120][T31867] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 606.259910][T31867] ? _copy_from_user+0xdd/0x150 [ 606.264827][T31867] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 606.271273][T31867] ? copy_mount_options+0x280/0x3a0 [ 606.277008][T31867] ksys_mount+0xdb/0x150 [ 606.281306][T31867] __x64_sys_mount+0xbe/0x150 09:00:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x74000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 606.286035][T31867] do_syscall_64+0x103/0x610 [ 606.290976][T31867] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 606.297005][T31867] RIP: 0033:0x457f29 [ 606.300996][T31867] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 606.320771][T31867] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 606.329364][T31867] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 09:00:27 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0h', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 606.337365][T31867] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 606.345366][T31867] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 606.353385][T31867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 606.361857][T31867] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 09:00:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 606.385920][T31867] UBIFS error (pid: 31867): cannot open "ubi!_0x0", error -19 09:00:27 executing program 5 (fault-call:0 fault-nth:4): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 606.431520][T31891] UBIFS error (pid: 31891): cannot open "ubi!_0x0h", error -19 [ 606.432288][T31891] UBIFS error (pid: 31891): cannot open "ubi!_0x0h", error -19 [ 606.517261][T31885] XFS (loop0): Invalid superblock magic number [ 606.517615][T31902] FAULT_INJECTION: forcing a failure. [ 606.517615][T31902] name failslab, interval 1, probability 0, space 0, times 0 [ 606.540502][T31902] CPU: 0 PID: 31902 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 606.549402][T31902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.559499][T31902] Call Trace: [ 606.562830][T31902] dump_stack+0x172/0x1f0 [ 606.567289][T31902] should_fail.cold+0xa/0x15 [ 606.572125][T31902] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 606.577963][T31902] ? ___might_sleep+0x163/0x280 [ 606.582831][T31902] __should_failslab+0x121/0x190 [ 606.587836][T31902] should_failslab+0x9/0x14 [ 606.592737][T31902] kmem_cache_alloc_trace+0x2d1/0x760 [ 606.598120][T31902] alloc_fs_context+0x5a/0x640 [ 606.602900][T31902] fs_context_for_mount+0x25/0x30 [ 606.607974][T31902] do_mount+0x13d7/0x2c40 [ 606.612401][T31902] ? copy_mount_string+0x40/0x40 [ 606.617336][T31902] ? _copy_from_user+0xdd/0x150 [ 606.622259][T31902] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 606.628556][T31902] ? copy_mount_options+0x280/0x3a0 [ 606.634208][T31902] ksys_mount+0xdb/0x150 [ 606.638551][T31902] __x64_sys_mount+0xbe/0x150 [ 606.643248][T31902] do_syscall_64+0x103/0x610 [ 606.647869][T31902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 606.653875][T31902] RIP: 0033:0x457f29 [ 606.658931][T31902] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 606.678957][T31902] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 606.687655][T31902] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 606.695834][T31902] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 606.703815][T31902] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 606.711961][T31902] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 606.720097][T31902] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 [ 606.862840][T31906] XFS (loop0): Invalid superblock magic number 09:00:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3c03, 0x0, 0x0, 0x0, 0x0) 09:00:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x7a000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:27 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0l', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:27 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:27 executing program 5 (fault-call:0 fault-nth:5): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 607.015589][T31924] UBIFS error (pid: 31924): cannot open "ubi!_0x0l", error -19 [ 607.017189][T31924] UBIFS error (pid: 31924): cannot open "ubi!_0x0l", error -19 [ 607.037487][T31929] FAULT_INJECTION: forcing a failure. [ 607.037487][T31929] name failslab, interval 1, probability 0, space 0, times 0 09:00:27 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0t', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 607.073777][T31923] __nla_parse: 7 callbacks suppressed [ 607.073787][T31923] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x9effffff, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 607.129559][T31936] UBIFS error (pid: 31936): cannot open "ubi!_0x0t", error -19 [ 607.130271][T31936] UBIFS error (pid: 31936): cannot open "ubi!_0x0t", error -19 [ 607.179225][T31932] XFS (loop0): Invalid superblock magic number [ 607.180918][T31929] CPU: 1 PID: 31929 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 607.201916][T31929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.212114][T31929] Call Trace: [ 607.215580][T31929] dump_stack+0x172/0x1f0 [ 607.219969][T31929] should_fail.cold+0xa/0x15 [ 607.224602][T31929] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 607.230707][T31929] ? ___might_sleep+0x163/0x280 [ 607.235858][T31929] __should_failslab+0x121/0x190 [ 607.241272][T31929] should_failslab+0x9/0x14 [ 607.245806][T31929] kmem_cache_alloc_trace+0x2d1/0x760 [ 607.251813][T31929] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 607.257745][T31929] ? rcu_read_lock_sched_held+0x110/0x130 [ 607.263591][T31929] ? kmem_cache_alloc_trace+0x354/0x760 [ 607.269261][T31929] legacy_init_fs_context+0x48/0xe0 [ 607.274487][T31929] ? generic_parse_monolithic+0x200/0x200 [ 607.280257][T31929] alloc_fs_context+0x365/0x640 [ 607.285330][T31929] fs_context_for_mount+0x25/0x30 [ 607.290934][T31929] do_mount+0x13d7/0x2c40 [ 607.295691][T31929] ? copy_mount_string+0x40/0x40 [ 607.300912][T31929] ? _copy_from_user+0xdd/0x150 [ 607.305971][T31929] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 607.312706][T31929] ? copy_mount_options+0x280/0x3a0 [ 607.318235][T31929] ksys_mount+0xdb/0x150 [ 607.322525][T31929] __x64_sys_mount+0xbe/0x150 [ 607.327506][T31929] do_syscall_64+0x103/0x610 [ 607.332328][T31929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 607.338504][T31929] RIP: 0033:0x457f29 [ 607.342595][T31929] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 607.363057][T31929] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 607.371682][T31929] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 09:00:28 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0z', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:28 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:28 executing program 5 (fault-call:0 fault-nth:6): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 607.378410][T31925] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 607.379690][T31929] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 607.379699][T31929] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 607.379707][T31929] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 607.379716][T31929] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 [ 607.441332][T31925] CPU: 1 PID: 31925 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 607.450270][T31925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.452125][T31956] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 607.460874][T31925] Call Trace: [ 607.460918][T31925] dump_stack+0x172/0x1f0 [ 607.460936][T31925] dump_header+0x10f/0xb6c [ 607.460956][T31925] ? oom_kill_process+0x94/0x400 [ 607.488540][T31925] oom_kill_process.cold+0x10/0x15 [ 607.493689][T31925] out_of_memory+0x79a/0x1280 [ 607.498400][T31925] ? lock_downgrade+0x880/0x880 [ 607.499515][T31959] FAULT_INJECTION: forcing a failure. [ 607.499515][T31959] name failslab, interval 1, probability 0, space 0, times 0 [ 607.503858][T31925] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.503877][T31925] ? oom_killer_disable+0x280/0x280 [ 607.503905][T31925] ? find_held_lock+0x35/0x130 [ 607.503928][T31925] mem_cgroup_out_of_memory+0x1ca/0x230 [ 607.503941][T31925] ? memcg_event_wake+0x230/0x230 [ 607.503970][T31925] ? do_raw_spin_unlock+0x57/0x270 [ 607.551904][T31925] ? _raw_spin_unlock+0x2d/0x50 [ 607.556873][T31925] try_charge+0x118d/0x1790 [ 607.561913][T31925] ? lockdep_hardirqs_on+0x418/0x5d0 [ 607.567427][T31925] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 607.573505][T31925] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 607.579244][T31925] ? find_held_lock+0x35/0x130 [ 607.584160][T31925] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 607.589828][T31925] __memcg_kmem_charge_memcg+0x7c/0x130 [ 607.595876][T31925] ? memcg_kmem_put_cache+0xb0/0xb0 [ 607.601279][T31925] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 607.606941][T31925] __memcg_kmem_charge+0x136/0x300 [ 607.612344][T31925] __alloc_pages_nodemask+0x437/0x7e0 [ 607.617732][T31925] ? __alloc_pages_slowpath+0x2900/0x2900 [ 607.623658][T31925] ? ___might_sleep+0x163/0x280 [ 607.628961][T31925] ? copyin+0xb5/0x100 [ 607.633049][T31925] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 607.639302][T31925] alloc_pages_current+0x107/0x210 [ 607.644847][T31925] pipe_write+0x659/0xf30 [ 607.649490][T31925] new_sync_write+0x4c7/0x760 [ 607.656460][T31925] ? default_llseek+0x2e0/0x2e0 [ 607.661410][T31925] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 607.666994][T31925] ? retint_kernel+0x2d/0x2d [ 607.673304][T31925] ? rw_verify_area+0x118/0x360 [ 607.678329][T31925] __vfs_write+0xe4/0x110 [ 607.684524][T31925] vfs_write+0x20c/0x580 [ 607.689459][T31925] ksys_write+0xea/0x1f0 [ 607.693918][T31925] ? __ia32_sys_read+0xb0/0xb0 [ 607.698794][T31925] ? do_syscall_64+0x26/0x610 [ 607.704064][T31925] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 607.710938][T31925] ? do_syscall_64+0x26/0x610 [ 607.716940][T31925] __x64_sys_write+0x73/0xb0 [ 607.725014][T31925] do_syscall_64+0x103/0x610 [ 607.730145][T31925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 607.737576][T31925] RIP: 0033:0x457f29 [ 607.741780][T31925] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 607.762716][T31925] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 607.771403][T31925] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 607.779564][T31925] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 607.788372][T31925] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 607.796974][T31925] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 607.805050][T31925] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 607.813458][T31959] CPU: 0 PID: 31959 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 607.822374][T31959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.822380][T31959] Call Trace: [ 607.822405][T31959] dump_stack+0x172/0x1f0 [ 607.822428][T31959] should_fail.cold+0xa/0x15 [ 607.822443][T31959] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 607.822462][T31959] ? ___might_sleep+0x163/0x280 [ 607.822480][T31959] __should_failslab+0x121/0x190 [ 607.822498][T31959] should_failslab+0x9/0x14 [ 607.822513][T31959] kmem_cache_alloc+0x2b2/0x6f0 [ 607.822536][T31959] getname_kernel+0x53/0x370 [ 607.822551][T31959] kern_path+0x20/0x40 [ 607.822616][T31959] ubi_open_volume_path.part.0+0xa4/0x200 [ 607.822635][T31959] ? ubi_open_volume_nm+0x280/0x280 [ 607.841260][T31959] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 607.841274][T31959] ? kasan_kmalloc+0x9/0x10 [ 607.841288][T31959] ? kmem_cache_alloc_trace+0x151/0x760 [ 607.841301][T31959] ? legacy_init_fs_context+0x48/0xe0 [ 607.841312][T31959] ? alloc_fs_context+0x365/0x640 [ 607.841321][T31959] ? fs_context_for_mount+0x25/0x30 [ 607.841332][T31959] ? do_mount+0x13d7/0x2c40 [ 607.841341][T31959] ? ksys_mount+0xdb/0x150 [ 607.841361][T31959] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 607.841380][T31959] ? find_held_lock+0x35/0x130 [ 607.857321][T31925] memory: usage 307104kB, limit 307200kB, failcnt 3962 [ 607.857649][T31959] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 607.857668][T31959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.857682][T31959] ? should_fail+0x1de/0x852 [ 607.857704][T31959] ubi_open_volume_path+0x79/0xa0 [ 607.863993][T31925] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 607.869093][T31959] ubifs_mount+0x13b/0x602f [ 607.869115][T31959] ? rcu_read_lock_sched_held+0x110/0x130 [ 607.875829][T31925] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 607.880271][T31959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.880288][T31959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.880305][T31959] ? vfs_parse_fs_string+0x111/0x170 [ 607.880320][T31959] ? vfs_parse_fs_string+0x111/0x170 [ 607.880336][T31959] ? rcu_read_lock_sched_held+0x110/0x130 [ 607.880356][T31959] ? kfree+0x1fa/0x230 [ 607.884805][T31925] Memory cgroup stats for /syz2: cache:52KB rss:289504KB rss_huge:256000KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277644KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 607.890438][T31959] ? ubifs_iget+0x1b30/0x1b30 [ 607.890452][T31959] ? vfs_parse_fs_string+0x116/0x170 [ 607.890465][T31959] ? vfs_parse_fs_param+0x510/0x510 [ 607.890482][T31959] ? ubifs_iget+0x1b30/0x1b30 [ 607.890495][T31959] legacy_get_tree+0xf2/0x200 [ 607.890511][T31959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.890529][T31959] vfs_get_tree+0x123/0x450 [ 607.896259][T31925] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31869,uid=0 [ 607.901728][T31959] do_mount+0x1436/0x2c40 [ 607.901749][T31959] ? copy_mount_string+0x40/0x40 [ 607.901765][T31959] ? _copy_from_user+0xdd/0x150 [ 607.901784][T31959] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 607.901797][T31959] ? copy_mount_options+0x280/0x3a0 [ 607.901812][T31959] ksys_mount+0xdb/0x150 [ 607.901826][T31959] __x64_sys_mount+0xbe/0x150 [ 607.901843][T31959] do_syscall_64+0x103/0x610 [ 607.901864][T31959] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 607.910425][T31925] Memory cgroup out of memory: Killed process 31869 (syz-executor.2) total-vm:72708kB, anon-rss:16556kB, file-rss:35772kB, shmem-rss:0kB [ 607.912685][T31959] RIP: 0033:0x457f29 [ 607.912701][T31959] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 607.912708][T31959] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 607.912721][T31959] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 607.912729][T31959] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 607.912738][T31959] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 607.912747][T31959] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 607.912756][T31959] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 [ 607.916018][T31960] UBIFS error (pid: 31960): cannot open "ubi!_0x0z", error -19 [ 607.944032][T31959] UBIFS error (pid: 31959): cannot open "ubi!_0x0", error -19 [ 607.949319][T31960] UBIFS error (pid: 31960): cannot open "ubi!_0x0z", error -19 09:00:29 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3e03, 0x0, 0x0, 0x0, 0x0) 09:00:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xbf0a0000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:29 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xf0', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:29 executing program 5 (fault-call:0 fault-nth:7): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:29 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, 0x0, 0x0) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 608.458346][T31975] FAULT_INJECTION: forcing a failure. [ 608.458346][T31975] name failslab, interval 1, probability 0, space 0, times 0 [ 608.458562][T31977] UBIFS error (pid: 31977): cannot open "ubi!_0x0ð", error -19 [ 608.463827][T31969] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 608.481830][T31977] UBIFS error (pid: 31977): cannot open "ubi!_0x0ð", error -19 [ 608.529990][T31975] CPU: 0 PID: 31975 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 608.539607][T31975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.539613][T31975] Call Trace: [ 608.539640][T31975] dump_stack+0x172/0x1f0 [ 608.539662][T31975] should_fail.cold+0xa/0x15 [ 608.539682][T31975] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 608.569381][T31975] ? ___might_sleep+0x163/0x280 [ 608.574625][T31975] __should_failslab+0x121/0x190 [ 608.580053][T31975] should_failslab+0x9/0x14 [ 608.585461][T31975] kmem_cache_alloc+0x2b2/0x6f0 [ 608.590940][T31975] getname_kernel+0x53/0x370 [ 608.596097][T31975] kern_path+0x20/0x40 [ 608.600274][T31975] ubi_open_volume_path.part.0+0xa4/0x200 [ 608.601142][T31993] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 608.606321][T31975] ? ubi_open_volume_nm+0x280/0x280 [ 608.606342][T31975] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 608.606355][T31975] ? kasan_kmalloc+0x9/0x10 [ 608.606368][T31975] ? kmem_cache_alloc_trace+0x151/0x760 [ 608.606380][T31975] ? legacy_init_fs_context+0x48/0xe0 [ 608.606398][T31975] ? alloc_fs_context+0x365/0x640 [ 608.606410][T31975] ? fs_context_for_mount+0x25/0x30 [ 608.606422][T31975] ? do_mount+0x13d7/0x2c40 [ 608.606432][T31975] ? ksys_mount+0xdb/0x150 [ 608.606456][T31975] ? fs_reclaim_acquire.part.0+0x30/0x30 09:00:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xc00e0000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 608.606479][T31975] ? find_held_lock+0x35/0x130 [ 608.621332][ C1] net_ratelimit: 20 callbacks suppressed [ 608.621359][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 608.621405][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 608.627446][T31975] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 608.627462][T31975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.627482][T31975] ? should_fail+0x1de/0x852 [ 608.632217][ C1] protocol 88fb is buggy, dev hsr_slave_0 09:00:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf0ffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 608.637705][T31975] ubi_open_volume_path+0x79/0xa0 [ 608.643555][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 608.648537][T31975] ubifs_mount+0x13b/0x602f [ 608.648560][T31975] ? rcu_read_lock_sched_held+0x110/0x130 [ 608.653947][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 608.658300][T31975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.663323][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 608.669047][T31975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.691650][T31993] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 608.694336][T31975] ? vfs_parse_fs_string+0x111/0x170 [ 608.694353][T31975] ? vfs_parse_fs_string+0x111/0x170 [ 608.694375][T31975] ? rcu_read_lock_sched_held+0x110/0x130 [ 608.694391][T31975] ? kfree+0x1fa/0x230 [ 608.694413][T31975] ? ubifs_iget+0x1b30/0x1b30 [ 608.774620][T32000] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 608.777136][T31975] ? vfs_parse_fs_string+0x116/0x170 09:00:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xfffff000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 608.777152][T31975] ? vfs_parse_fs_param+0x510/0x510 [ 608.777171][T31975] ? ubifs_iget+0x1b30/0x1b30 [ 608.777183][T31975] legacy_get_tree+0xf2/0x200 [ 608.777207][T31975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.842189][T31975] vfs_get_tree+0x123/0x450 [ 608.847025][T31975] do_mount+0x1436/0x2c40 [ 608.852634][T31975] ? copy_mount_string+0x40/0x40 [ 608.858135][T31975] ? _copy_from_user+0xdd/0x150 [ 608.863743][T31975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 608.870422][T32003] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 608.870773][T31975] ? copy_mount_options+0x280/0x3a0 [ 608.870794][T31975] ksys_mount+0xdb/0x150 [ 608.870808][T31975] __x64_sys_mount+0xbe/0x150 [ 608.870853][T31975] do_syscall_64+0x103/0x610 [ 608.899861][T31975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.900238][T32003] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 608.905930][T31975] RIP: 0033:0x457f29 [ 608.905945][T31975] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 608.905953][T31975] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 608.905966][T31975] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 608.905973][T31975] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 09:00:29 executing program 5 (fault-call:0 fault-nth:8): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:29 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 608.905980][T31975] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 608.905987][T31975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 608.905997][T31975] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 [ 608.923031][T31975] UBIFS error (pid: 31975): cannot open "ubi!_0x0", error -19 [ 609.017951][T32007] UBIFS error (pid: 32007): cannot open "ubi!_0x0", error -19 [ 609.021410][T32007] UBIFS error (pid: 32007): cannot open "ubi!_0x0", error -19 [ 609.033360][T32009] FAULT_INJECTION: forcing a failure. [ 609.033360][T32009] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 609.058342][T32009] CPU: 1 PID: 32009 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 609.058353][T32009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.058358][T32009] Call Trace: [ 609.058386][T32009] dump_stack+0x172/0x1f0 [ 609.058411][T32009] should_fail.cold+0xa/0x15 [ 609.058429][T32009] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 609.058450][T32009] ? __lock_acquire+0x548/0x3fb0 [ 609.102969][T32009] ? find_held_lock+0x35/0x130 [ 609.107884][T32009] should_fail_alloc_page+0x50/0x60 [ 609.113408][T32009] __alloc_pages_nodemask+0x1a1/0x7e0 [ 609.118912][T32009] ? __alloc_pages_slowpath+0x2900/0x2900 [ 609.125538][T32009] ? find_held_lock+0x35/0x130 [ 609.131058][T32009] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 609.139359][T32009] cache_grow_begin+0x9c/0x860 [ 609.141041][T31983] XFS (loop0): Invalid superblock magic number [ 609.145137][T32009] ? getname_kernel+0x53/0x370 [ 609.145155][T32009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 609.145173][T32009] kmem_cache_alloc+0x62d/0x6f0 [ 609.145196][T32009] getname_kernel+0x53/0x370 [ 609.145212][T32009] kern_path+0x20/0x40 [ 609.145228][T32009] ubi_open_volume_path.part.0+0xa4/0x200 [ 609.145239][T32009] ? ubi_open_volume_nm+0x280/0x280 [ 609.145260][T32009] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 609.200320][T32009] ? kasan_kmalloc+0x9/0x10 [ 609.205678][T32009] ? kmem_cache_alloc_trace+0x151/0x760 [ 609.211252][T32009] ? legacy_init_fs_context+0x48/0xe0 [ 609.220863][T32009] ? alloc_fs_context+0x365/0x640 [ 609.228290][T32009] ? fs_context_for_mount+0x25/0x30 [ 609.233958][T32009] ? do_mount+0x13d7/0x2c40 [ 609.239367][T32009] ? ksys_mount+0xdb/0x150 [ 609.250642][T32009] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 609.256993][T32009] ? find_held_lock+0x35/0x130 [ 609.263279][T32009] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 609.271421][T32009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.278082][T32009] ? should_fail+0x1de/0x852 [ 609.282879][T32009] ubi_open_volume_path+0x79/0xa0 [ 609.288420][T32009] ubifs_mount+0x13b/0x602f [ 609.296354][T32009] ? rcu_read_lock_sched_held+0x110/0x130 [ 609.304144][T32009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.310954][T32009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.317910][T32009] ? vfs_parse_fs_string+0x111/0x170 [ 609.317925][T32009] ? vfs_parse_fs_string+0x111/0x170 [ 609.317948][T32009] ? rcu_read_lock_sched_held+0x110/0x130 [ 609.329044][T32009] ? kfree+0x1fa/0x230 [ 609.329062][T32009] ? ubifs_iget+0x1b30/0x1b30 [ 609.329075][T32009] ? vfs_parse_fs_string+0x116/0x170 [ 609.329087][T32009] ? vfs_parse_fs_param+0x510/0x510 [ 609.329101][T32009] ? ubifs_iget+0x1b30/0x1b30 [ 609.329117][T32009] legacy_get_tree+0xf2/0x200 [ 609.366130][T32009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.372965][T32009] vfs_get_tree+0x123/0x450 [ 609.378094][T32009] do_mount+0x1436/0x2c40 [ 609.382437][T32009] ? copy_mount_string+0x40/0x40 [ 609.388004][T32009] ? _copy_from_user+0xdd/0x150 [ 609.393153][T32009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 609.400226][T32009] ? copy_mount_options+0x280/0x3a0 [ 609.406837][T32009] ksys_mount+0xdb/0x150 [ 609.411339][T32009] __x64_sys_mount+0xbe/0x150 [ 609.416296][T32009] do_syscall_64+0x103/0x610 [ 609.421909][T32009] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.427945][T32009] RIP: 0033:0x457f29 [ 609.431905][T32009] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 609.453913][T32009] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 609.462886][T32009] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 609.471273][T32009] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 609.480288][T32009] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 609.489297][T32009] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 609.498846][T32009] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 [ 609.508030][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 609.513890][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 609.521002][T32009] UBIFS error (pid: 32009): cannot open "ubi!_0x0", error -19 09:00:30 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3f00, 0x0, 0x0, 0x0, 0x0) 09:00:30 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, 0x0, 0x0) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xffffff7f, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:30 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:30 executing program 5 (fault-call:0 fault-nth:9): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 609.649865][T32025] UBIFS error (pid: 32025): cannot open "ubi!_0x0", error -19 [ 609.659718][T32025] UBIFS error (pid: 32025): cannot open "ubi!_0x0", error -19 [ 609.673750][T32029] FAULT_INJECTION: forcing a failure. [ 609.673750][T32029] name failslab, interval 1, probability 0, space 0, times 0 [ 609.677170][T32027] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xffffff9e, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 609.708500][T32029] CPU: 1 PID: 32029 Comm: syz-executor.5 Not tainted 5.0.0-next-20190306 #4 [ 609.718034][T32029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.730375][T32029] Call Trace: [ 609.733900][T32029] dump_stack+0x172/0x1f0 [ 609.739134][T32029] should_fail.cold+0xa/0x15 [ 609.743873][T32029] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 609.750080][T32029] ? ___might_sleep+0x163/0x280 09:00:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xfffffff0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 609.756704][T32029] __should_failslab+0x121/0x190 [ 609.760293][T32038] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 609.764243][T32029] should_failslab+0x9/0x14 [ 609.764320][T32029] kmem_cache_alloc+0x2b2/0x6f0 [ 609.764345][T32029] ? __lock_acquire+0x548/0x3fb0 [ 609.791352][T32029] __d_alloc+0x2e/0x8c0 [ 609.795708][T32029] d_alloc+0x4d/0x2b0 [ 609.799916][T32029] d_alloc_parallel+0xf4/0x1bc0 [ 609.805143][T32029] ? is_bpf_text_address+0xac/0x170 09:00:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x40030000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf0ffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 609.810473][T32029] ? lockref_get_not_dead+0x70/0x90 [ 609.815825][T32029] ? __d_lookup_rcu+0x6c0/0x6c0 [ 609.820785][T32029] ? lockref_get_not_dead+0x70/0x90 [ 609.826050][T32029] ? lockdep_init_map+0x1be/0x6d0 [ 609.831962][T32029] ? lockdep_init_map+0x1be/0x6d0 [ 609.837378][T32029] __lookup_slow+0x1ab/0x500 [ 609.842430][T32029] ? vfs_unlink+0x560/0x560 [ 609.847526][T32029] ? kasan_check_read+0x11/0x20 [ 609.853744][T32029] lookup_slow+0x58/0x80 09:00:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x100000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 609.858119][T32029] walk_component+0x74b/0x2000 [ 609.863780][T32029] ? inode_permission+0xb4/0x570 [ 609.869589][T32029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.876587][T32029] ? path_init+0x18f0/0x18f0 [ 609.881568][T32029] ? walk_component+0x2000/0x2000 [ 609.887028][T32029] path_lookupat.isra.0+0x1f5/0x8d0 [ 609.892492][T32029] ? do_syscall_64+0x103/0x610 [ 609.897831][T32029] ? path_parentat.isra.0+0x160/0x160 [ 609.903329][T32029] ? cache_grow_end+0xa4/0x190 09:00:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x200000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 609.908299][T32029] ? find_held_lock+0x35/0x130 [ 609.913707][T32029] ? cache_grow_end+0xa4/0x190 [ 609.918631][T32029] filename_lookup+0x1b0/0x410 [ 609.923490][T32029] ? nd_jump_link+0x1d0/0x1d0 [ 609.928384][T32029] ? getname_kernel+0x53/0x370 [ 609.933181][T32029] ? rcu_read_lock_sched_held+0x110/0x130 [ 609.939724][T32029] ? memcpy+0x46/0x50 [ 609.943736][T32029] kern_path+0x36/0x40 [ 609.947850][T32029] ubi_open_volume_path.part.0+0xa4/0x200 [ 609.953882][T32029] ? ubi_open_volume_nm+0x280/0x280 [ 609.960093][T32029] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 609.966748][T32029] ? kasan_kmalloc+0x9/0x10 [ 609.972839][T32029] ? kmem_cache_alloc_trace+0x151/0x760 [ 609.978482][T32029] ? legacy_init_fs_context+0x48/0xe0 [ 609.983976][T32029] ? alloc_fs_context+0x365/0x640 [ 609.989301][T32029] ? fs_context_for_mount+0x25/0x30 [ 609.995644][T32029] ? do_mount+0x13d7/0x2c40 [ 610.000682][T32029] ? ksys_mount+0xdb/0x150 [ 610.005150][T32029] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 610.010929][T32029] ? find_held_lock+0x35/0x130 [ 610.015883][T32029] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 610.023078][T32029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.029379][T32029] ? should_fail+0x1de/0x852 [ 610.034134][T32029] ubi_open_volume_path+0x79/0xa0 [ 610.041005][T32029] ubifs_mount+0x13b/0x602f [ 610.047688][T32029] ? rcu_read_lock_sched_held+0x110/0x130 [ 610.053513][T32029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.060505][T32029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.068549][T32029] ? vfs_parse_fs_string+0x111/0x170 [ 610.074455][T32029] ? vfs_parse_fs_string+0x111/0x170 [ 610.080230][T32029] ? rcu_read_lock_sched_held+0x110/0x130 [ 610.087437][T32029] ? kfree+0x1fa/0x230 [ 610.091763][T32029] ? ubifs_iget+0x1b30/0x1b30 [ 610.096757][T32029] ? vfs_parse_fs_string+0x116/0x170 [ 610.102234][T32029] ? vfs_parse_fs_param+0x510/0x510 [ 610.107552][T32029] ? ubifs_iget+0x1b30/0x1b30 [ 610.112286][T32029] legacy_get_tree+0xf2/0x200 [ 610.116985][T32029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.124465][T32029] vfs_get_tree+0x123/0x450 [ 610.129380][T32029] do_mount+0x1436/0x2c40 [ 610.133763][T32029] ? copy_mount_string+0x40/0x40 [ 610.138715][T32029] ? _copy_from_user+0xdd/0x150 [ 610.143609][T32029] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 610.150070][T32029] ? copy_mount_options+0x280/0x3a0 [ 610.155362][T32029] ksys_mount+0xdb/0x150 [ 610.159944][T32029] __x64_sys_mount+0xbe/0x150 [ 610.164634][T32029] do_syscall_64+0x103/0x610 [ 610.169346][T32029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 610.175229][T32029] RIP: 0033:0x457f29 [ 610.179213][T32029] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 610.200338][T32029] RSP: 002b:00007f7c4f37fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 610.209055][T32029] RAX: ffffffffffffffda RBX: 00007f7c4f37fc90 RCX: 0000000000457f29 [ 610.221148][T32029] RDX: 0000000020000380 RSI: 00000000200000c0 RDI: 0000000020000100 [ 610.229936][T32029] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 610.238704][T32029] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c4f3806d4 [ 610.246673][T32029] R13: 00000000004c3cf7 R14: 00000000004d6f00 R15: 0000000000000003 [ 610.261479][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 610.267325][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 610.270945][T32029] UBIFS error (pid: 32029): cannot open "ubi!_0x0", error -19 [ 610.329594][T32033] XFS (loop0): Invalid superblock magic number [ 610.416324][T32055] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 610.427544][T32055] CPU: 1 PID: 32055 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 610.436697][T32055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.450859][T32055] Call Trace: [ 610.454191][T32055] dump_stack+0x172/0x1f0 [ 610.478372][T32055] dump_header+0x10f/0xb6c [ 610.484110][T32055] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 610.490021][T32055] ? ___ratelimit+0x60/0x595 [ 610.494653][T32055] ? do_raw_spin_unlock+0x57/0x270 [ 610.500188][T32055] oom_kill_process.cold+0x10/0x15 [ 610.505678][T32055] out_of_memory+0x79a/0x1280 [ 610.510469][T32055] ? lock_downgrade+0x880/0x880 [ 610.515833][T32055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.522422][T32055] ? oom_killer_disable+0x280/0x280 [ 610.528157][T32055] ? find_held_lock+0x35/0x130 [ 610.533020][T32055] mem_cgroup_out_of_memory+0x1ca/0x230 [ 610.538943][T32055] ? memcg_event_wake+0x230/0x230 [ 610.544460][T32055] ? do_raw_spin_unlock+0x57/0x270 [ 610.544477][T32055] ? _raw_spin_unlock+0x2d/0x50 [ 610.544497][T32055] try_charge+0x118d/0x1790 [ 610.555828][T32055] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 610.555845][T32055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.555864][T32055] ? kasan_check_read+0x11/0x20 [ 610.555881][T32055] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 610.555897][T32055] mem_cgroup_try_charge+0x24d/0x5e0 [ 610.555916][T32055] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 610.594822][T32055] wp_page_copy+0x408/0x1740 [ 610.599589][T32055] ? find_held_lock+0x35/0x130 [ 610.604588][T32055] ? pmd_pfn+0x1d0/0x1d0 [ 610.608930][T32055] ? lock_downgrade+0x880/0x880 [ 610.613827][T32055] ? __pte_alloc_kernel+0x220/0x220 [ 610.619123][T32055] ? kasan_check_read+0x11/0x20 [ 610.624064][T32055] ? do_raw_spin_unlock+0x57/0x270 [ 610.629293][T32055] do_wp_page+0x5d8/0x16c0 [ 610.633722][T32055] ? do_raw_spin_lock+0x12a/0x2e0 [ 610.638885][T32055] ? rwlock_bug.part.0+0x90/0x90 [ 610.645055][T32055] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 610.650437][T32055] ? add_mm_counter_fast.part.0+0x40/0x40 [ 610.658747][T32055] __handle_mm_fault+0x22e8/0x3ec0 [ 610.664152][T32055] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 610.670070][T32055] ? find_held_lock+0x35/0x130 [ 610.681401][T32055] ? handle_mm_fault+0x322/0xb30 [ 610.692463][T32055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.701166][T32055] ? kasan_check_read+0x11/0x20 [ 610.716522][T32055] handle_mm_fault+0x43f/0xb30 [ 610.722980][T32055] __do_page_fault+0x5ef/0xda0 [ 610.728598][T32055] do_page_fault+0x71/0x581 [ 610.733949][T32055] page_fault+0x1e/0x30 [ 610.748068][T32055] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 610.756745][T32055] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 610.780586][T32055] RSP: 0018:ffff888045f0fab8 EFLAGS: 00010206 [ 610.788563][T32055] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 610.797979][T32055] RDX: 0000000000001000 RSI: ffff8880a990ab00 RDI: 00000000208a2000 [ 610.807692][T32055] RBP: ffff888045f0faf0 R08: ffffed1015321600 R09: 0000000000000000 [ 610.816988][T32055] R10: ffffed10153215ff R11: ffff8880a990afff R12: 00000000208a1500 [ 610.826162][T32055] R13: ffff8880a990a000 R14: 00000000208a2500 R15: 00007ffffffff000 [ 610.835129][T32055] ? copyout+0xe2/0x100 [ 610.839467][T32055] copy_page_to_iter+0x3b6/0xd60 [ 610.844558][T32055] ? kill_fasync+0x323/0x4a0 [ 610.849261][T32055] pipe_to_user+0xb4/0x170 [ 610.854115][T32055] ? anon_pipe_buf_release+0x1c6/0x270 [ 610.861066][T32055] __splice_from_pipe+0x395/0x7d0 [ 610.867329][T32055] ? iter_to_pipe+0x560/0x560 [ 610.873080][T32055] do_vmsplice.part.0+0x249/0x2b0 [ 610.879381][T32055] ? do_tee+0x850/0x850 [ 610.889082][T32055] ? import_iovec+0x12e/0x200 [ 610.893909][T32055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.900652][T32055] __do_sys_vmsplice+0x1b9/0x210 [ 610.906928][T32055] ? vmsplice_type.isra.0+0x160/0x160 [ 610.912806][T32055] ? kasan_check_read+0x11/0x20 [ 610.918460][T32055] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 610.925314][T32055] ? put_timespec64+0xda/0x140 [ 610.930663][T32055] ? nsecs_to_jiffies+0x30/0x30 [ 610.935635][T32055] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 610.941268][T32055] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 610.946785][T32055] ? do_syscall_64+0x26/0x610 [ 610.951601][T32055] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 610.958035][T32055] ? do_syscall_64+0x26/0x610 [ 610.962892][T32055] __x64_sys_vmsplice+0x97/0xf0 [ 610.968059][T32055] do_syscall_64+0x103/0x610 [ 610.973004][T32055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 610.978937][T32055] RIP: 0033:0x457f29 [ 610.983191][T32055] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 611.007870][T32055] RSP: 002b:00007f975b212c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 611.016585][T32055] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 611.024902][T32055] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000007 [ 611.034220][T32055] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 611.043154][T32055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2136d4 [ 611.051853][T32055] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 611.067825][T32055] memory: usage 307104kB, limit 307200kB, failcnt 4055 [ 611.078605][T32055] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 611.087477][T32055] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 611.109846][T32055] Memory cgroup stats for /syz2: cache:52KB rss:289352KB rss_huge:256000KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277576KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 611.148157][T32055] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31980,uid=0 [ 611.165371][T32055] Memory cgroup out of memory: Killed process 31980 (syz-executor.2) total-vm:72708kB, anon-rss:16556kB, file-rss:35804kB, shmem-rss:0kB 09:00:32 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, 0x0) 09:00:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x300000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:32 executing program 5 (fault-call:0 fault-nth:10): mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:32 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, 0x0, 0x0) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 611.185719][ T1044] oom_reaper: reaped process 31980 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 611.274701][T32077] UBIFS error (pid: 32077): cannot open "ubi!_0x0", error -19 [ 611.275428][T32079] UBIFS error (pid: 32079): cannot open "ubi!_0x0", error -19 09:00:32 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x400000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 611.319127][T32079] UBIFS error (pid: 32079): cannot open "ubi!_0x0", error -19 09:00:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 611.382363][T32096] UBIFS error (pid: 32096): cannot open "ubi!_0x0", error -19 [ 611.428239][T32104] UBIFS error (pid: 32104): cannot open "ubi!_0x0", error -19 09:00:32 executing program 5: mount(&(0x7f0000000100)=@sg0='.bi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0 ', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 611.463590][T32083] XFS (loop0): Invalid superblock magic number [ 611.474680][T32104] UBIFS error (pid: 32104): cannot open "ubi!_0x0", error -19 [ 611.538209][T32112] UBIFS error (pid: 32112): cannot open ".bi!_0x0", error -22 [ 611.544532][T32112] UBIFS error (pid: 32112): cannot open ".bi!_0x0", error -22 [ 611.580847][T32114] UBIFS error (pid: 32114): cannot open "ubi!_0x0 ", error -19 [ 611.616289][T32114] UBIFS error (pid: 32114): cannot open "ubi!_0x0 ", error -19 09:00:32 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4403, 0x0, 0x0, 0x0, 0x0) 09:00:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x500000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:32 executing program 5: mount(&(0x7f0000000100)=@sg0='/bi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 611.956824][T32129] UBIFS error (pid: 32129): cannot open "ubi!_0x0", error -19 [ 611.961815][T32129] UBIFS error (pid: 32129): cannot open "ubi!_0x0", error -19 [ 611.979366][T32135] UBIFS error (pid: 32135): cannot open "/bi!_0x0", error -22 09:00:32 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}], 0x10) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x600000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:32 executing program 5: mount(&(0x7f0000000100)=@sg0='ub%!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 612.026305][T32135] UBIFS error (pid: 32135): cannot open "/bi!_0x0", error -22 09:00:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x700000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 612.143832][T32147] UBIFS error (pid: 32147): cannot open "ubi!_0x0", error -19 [ 612.144382][T32147] UBIFS error (pid: 32147): cannot open "ubi!_0x0", error -19 [ 612.154305][T32145] __nla_parse: 8 callbacks suppressed [ 612.154316][T32145] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:33 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi:_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 612.219737][T32163] UBIFS error (pid: 32163): cannot open "ub%!_0x0", error -22 [ 612.226817][T32163] UBIFS error (pid: 32163): cannot open "ub%!_0x0", error -22 [ 612.250448][T32138] XFS (loop0): Invalid superblock magic number [ 612.294838][T32167] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 612.326627][T32170] UBIFS error (pid: 32170): cannot open "ubi:_0x0", error -19 [ 612.330551][T32170] UBIFS error (pid: 32170): cannot open "ubi:_0x0", error -19 [ 612.333553][T32167] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 612.388842][T32157] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 612.405774][T32157] CPU: 0 PID: 32157 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 612.415998][T32157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.427070][T32157] Call Trace: [ 612.430419][T32157] dump_stack+0x172/0x1f0 [ 612.434752][T32157] dump_header+0x10f/0xb6c [ 612.439196][T32157] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 612.446357][T32157] ? ___ratelimit+0x60/0x595 [ 612.452293][T32157] ? do_raw_spin_unlock+0x57/0x270 [ 612.457429][T32157] oom_kill_process.cold+0x10/0x15 [ 612.462632][T32157] out_of_memory+0x79a/0x1280 [ 612.467490][T32157] ? lock_downgrade+0x880/0x880 [ 612.472338][T32157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.478588][T32157] ? oom_killer_disable+0x280/0x280 [ 612.483782][T32157] ? find_held_lock+0x35/0x130 [ 612.488806][T32157] mem_cgroup_out_of_memory+0x1ca/0x230 [ 612.494360][T32157] ? memcg_event_wake+0x230/0x230 [ 612.499404][T32157] ? do_raw_spin_unlock+0x57/0x270 [ 612.504511][T32157] ? _raw_spin_unlock+0x2d/0x50 [ 612.509394][T32157] try_charge+0x118d/0x1790 [ 612.513903][T32157] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 612.519461][T32157] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 612.525024][T32157] ? find_held_lock+0x35/0x130 [ 612.529958][T32157] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 612.536326][T32157] __memcg_kmem_charge_memcg+0x7c/0x130 [ 612.541885][T32157] ? memcg_kmem_put_cache+0xb0/0xb0 [ 612.548498][T32157] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 612.554316][T32157] __memcg_kmem_charge+0x136/0x300 [ 612.561279][T32157] __alloc_pages_nodemask+0x437/0x7e0 [ 612.569026][T32157] ? __alloc_pages_slowpath+0x2900/0x2900 [ 612.575793][T32157] ? copyin+0xb5/0x100 [ 612.579876][T32157] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 612.586731][T32157] alloc_pages_current+0x107/0x210 [ 612.592382][T32157] pipe_write+0x659/0xf30 [ 612.596805][T32157] new_sync_write+0x4c7/0x760 [ 612.601750][T32157] ? default_llseek+0x2e0/0x2e0 [ 612.606761][T32157] ? common_file_perm+0x238/0x720 [ 612.613083][T32157] ? __fget+0x381/0x550 [ 612.617239][T32157] ? apparmor_file_permission+0x25/0x30 [ 612.622961][T32157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.629214][T32157] ? security_file_permission+0x94/0x380 [ 612.634854][T32157] __vfs_write+0xe4/0x110 [ 612.640828][T32157] vfs_write+0x20c/0x580 [ 612.645073][T32157] ksys_write+0xea/0x1f0 [ 612.649319][T32157] ? __ia32_sys_read+0xb0/0xb0 [ 612.654734][T32157] ? do_syscall_64+0x26/0x610 [ 612.659412][T32157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.665749][T32157] ? do_syscall_64+0x26/0x610 [ 612.670609][T32157] __x64_sys_write+0x73/0xb0 [ 612.676009][T32157] do_syscall_64+0x103/0x610 [ 612.680953][T32157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.687540][T32157] RIP: 0033:0x457f29 [ 612.693877][T32157] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 612.714517][T32157] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 612.723278][T32157] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 612.731256][T32157] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 612.739226][T32157] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 612.747202][T32157] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 612.755165][T32157] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 612.771307][T32157] memory: usage 307200kB, limit 307200kB, failcnt 4131 [ 612.778542][T32157] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.800543][T32157] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.816193][T32157] Memory cgroup stats for /syz2: cache:52KB rss:289080KB rss_huge:253952KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277380KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 612.842392][T32157] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32087,uid=0 [ 612.858502][T32157] Memory cgroup out of memory: Killed process 32087 (syz-executor.2) total-vm:72708kB, anon-rss:14576kB, file-rss:35800kB, shmem-rss:0kB [ 612.879027][ T1044] oom_reaper: reaped process 32087 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 612.928322][T32175] XFS (loop0): Invalid superblock magic number 09:00:33 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4800, 0x0, 0x0, 0x0, 0x0) 09:00:33 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x10', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:33 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x02', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x800000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:33 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}], 0x10) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 613.135890][T32195] UBIFS error (pid: 32195): cannot open "ubi!_0x0", error -19 [ 613.137036][T32188] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 613.137078][T32196] UBIFS error (pid: 32196): cannot open "ubi!_0x0", error -19 [ 613.156160][T32196] UBIFS error (pid: 32196): cannot open "ubi!_0x0", error -19 [ 613.164370][T32195] UBIFS error (pid: 32195): cannot open "ubi!_0x0", error -19 09:00:34 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0u', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xa00000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:34 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x03', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 613.235784][T32204] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 613.250392][T32197] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 613.270886][T32197] CPU: 1 PID: 32197 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 613.279610][T32197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.279616][T32197] Call Trace: [ 613.279644][T32197] dump_stack+0x172/0x1f0 [ 613.279677][T32197] dump_header+0x10f/0xb6c [ 613.298495][T32212] UBIFS error (pid: 32212): cannot open "ubi!_0x0u", error -19 [ 613.299877][T32212] UBIFS error (pid: 32212): cannot open "ubi!_0x0u", error -19 [ 613.302021][T32197] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 613.302038][T32197] ? ___ratelimit+0x60/0x595 [ 613.302055][T32197] ? do_raw_spin_unlock+0x57/0x270 09:00:34 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 613.302072][T32197] oom_kill_process.cold+0x10/0x15 [ 613.302087][T32197] out_of_memory+0x79a/0x1280 [ 613.302106][T32197] ? lock_downgrade+0x880/0x880 [ 613.333248][T32197] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 613.333268][T32197] ? oom_killer_disable+0x280/0x280 [ 613.333280][T32197] ? find_held_lock+0x35/0x130 [ 613.333302][T32197] mem_cgroup_out_of_memory+0x1ca/0x230 [ 613.333327][T32197] ? memcg_event_wake+0x230/0x230 [ 613.354567][T32197] ? do_raw_spin_unlock+0x57/0x270 [ 613.354592][T32197] ? _raw_spin_unlock+0x2d/0x50 [ 613.364566][T32197] try_charge+0x118d/0x1790 [ 613.364585][T32197] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 613.364599][T32197] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 613.364613][T32197] ? find_held_lock+0x35/0x130 [ 613.364629][T32197] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 613.397517][T32218] UBIFS error (pid: 32218): cannot open "ubi!_0x0", error -19 [ 613.398605][T32218] UBIFS error (pid: 32218): cannot open "ubi!_0x0", error -19 [ 613.401183][T32197] __memcg_kmem_charge_memcg+0x7c/0x130 09:00:34 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 613.401200][T32197] ? memcg_kmem_put_cache+0xb0/0xb0 [ 613.401217][T32197] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 613.401232][T32197] __memcg_kmem_charge+0x136/0x300 [ 613.401255][T32197] __alloc_pages_nodemask+0x437/0x7e0 [ 613.422065][T32221] UBIFS error (pid: 32221): cannot open "ubi!_0x0", error -19 [ 613.425625][T32221] UBIFS error (pid: 32221): cannot open "ubi!_0x0", error -19 [ 613.426536][T32197] ? __alloc_pages_slowpath+0x2900/0x2900 [ 613.426557][T32197] ? copyin+0xb5/0x100 [ 613.426576][T32197] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 613.426600][T32197] alloc_pages_current+0x107/0x210 [ 613.476722][T32226] UBIFS error (pid: 32226): cannot open "ubi!_0x0", error -19 [ 613.480152][T32226] UBIFS error (pid: 32226): cannot open "ubi!_0x0", error -19 [ 613.485112][T32197] pipe_write+0x659/0xf30 [ 613.485140][T32197] new_sync_write+0x4c7/0x760 [ 613.485157][T32197] ? default_llseek+0x2e0/0x2e0 [ 613.485179][T32197] ? common_file_perm+0x238/0x720 [ 613.485193][T32197] ? __fget+0x381/0x550 [ 613.485217][T32197] ? apparmor_file_permission+0x25/0x30 [ 613.505534][T32197] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 613.505554][T32197] ? security_file_permission+0x94/0x380 [ 613.505574][T32197] __vfs_write+0xe4/0x110 [ 613.505592][T32197] vfs_write+0x20c/0x580 [ 613.505609][T32197] ksys_write+0xea/0x1f0 [ 613.505626][T32197] ? __ia32_sys_read+0xb0/0xb0 [ 613.505649][T32197] ? do_syscall_64+0x26/0x610 [ 613.514673][T32197] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 613.514687][T32197] ? do_syscall_64+0x26/0x610 [ 613.514707][T32197] __x64_sys_write+0x73/0xb0 [ 613.514721][T32197] do_syscall_64+0x103/0x610 [ 613.514737][T32197] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 613.514748][T32197] RIP: 0033:0x457f29 [ 613.514763][T32197] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 613.557521][T32206] XFS (loop0): Invalid superblock magic number [ 613.559242][T32197] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 613.559258][T32197] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 613.559266][T32197] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 613.559273][T32197] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 613.559280][T32197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 613.559287][T32197] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 613.610509][T32197] memory: usage 307200kB, limit 307200kB, failcnt 4240 [ 613.686177][ C1] net_ratelimit: 20 callbacks suppressed [ 613.686186][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 613.697697][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 613.704490][T32197] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 613.712037][T32197] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 613.718937][T32197] Memory cgroup stats for /syz2: cache:52KB rss:289236KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277372KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 613.741830][T32197] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32157,uid=0 [ 613.757343][T32197] Memory cgroup out of memory: Killed process 32157 (syz-executor.2) total-vm:72708kB, anon-rss:15856kB, file-rss:35808kB, shmem-rss:0kB [ 613.779942][ T1044] oom_reaper: reaped process 32157 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 613.829093][T32189] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 613.848618][T32189] CPU: 0 PID: 32189 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 613.857648][T32189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.868406][T32189] Call Trace: [ 613.871706][T32189] dump_stack+0x172/0x1f0 [ 613.876030][T32189] dump_header+0x10f/0xb6c [ 613.880442][T32189] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 613.887202][T32189] ? ___ratelimit+0x60/0x595 [ 613.891794][T32189] ? do_raw_spin_unlock+0x57/0x270 [ 613.897090][T32189] oom_kill_process.cold+0x10/0x15 [ 613.902195][T32189] out_of_memory+0x79a/0x1280 [ 613.906867][T32189] ? oom_killer_disable+0x280/0x280 [ 613.912066][T32189] ? find_held_lock+0x35/0x130 [ 613.916836][T32189] mem_cgroup_out_of_memory+0x1ca/0x230 [ 613.922367][T32189] ? memcg_event_wake+0x230/0x230 [ 613.927381][T32189] ? do_raw_spin_unlock+0x57/0x270 [ 613.932482][T32189] ? _raw_spin_unlock+0x2d/0x50 [ 613.937352][T32189] try_charge+0xd4d/0x1790 [ 613.941761][T32189] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 613.947314][T32189] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 613.952863][T32189] ? find_held_lock+0x35/0x130 [ 613.957881][T32189] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 613.963619][T32189] __memcg_kmem_charge_memcg+0x7c/0x130 [ 613.969519][T32189] ? memcg_kmem_put_cache+0xb0/0xb0 [ 613.975171][T32189] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 613.980987][T32189] __memcg_kmem_charge+0x136/0x300 [ 613.986131][T32189] __alloc_pages_nodemask+0x437/0x7e0 [ 613.991497][T32189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 613.997825][T32189] ? __alloc_pages_slowpath+0x2900/0x2900 [ 614.004496][T32189] ? vm_mmap_pgoff+0x1d4/0x230 [ 614.009254][T32189] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 614.015059][T32189] ? do_huge_pmd_anonymous_page+0x420/0x1730 [ 614.021133][T32189] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 614.027374][T32189] alloc_pages_current+0x107/0x210 [ 614.032571][T32189] pte_alloc_one+0x1b/0x1a0 [ 614.037082][T32189] __pte_alloc+0x20/0x310 [ 614.044125][T32189] __handle_mm_fault+0x3391/0x3ec0 [ 614.049241][T32189] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 614.054784][T32189] ? find_held_lock+0x35/0x130 [ 614.059805][T32189] ? handle_mm_fault+0x322/0xb30 [ 614.065250][T32189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 614.071481][T32189] ? kasan_check_read+0x11/0x20 [ 614.076320][T32189] handle_mm_fault+0x43f/0xb30 [ 614.081078][T32189] __do_page_fault+0x5ef/0xda0 [ 614.085846][T32189] do_page_fault+0x71/0x581 [ 614.090529][T32189] ? page_fault+0x8/0x30 [ 614.094764][T32189] page_fault+0x1e/0x30 [ 614.098916][T32189] RIP: 0033:0x40fa8f [ 614.102798][T32189] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 614.123170][T32189] RSP: 002b:00007ffcc5c65e60 EFLAGS: 00010206 [ 614.129225][T32189] RAX: 00007f975b1d2000 RBX: 0000000000020000 RCX: 0000000000457f7a [ 614.137212][T32189] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 614.145169][T32189] RBP: 00007ffcc5c65f40 R08: ffffffffffffffff R09: 0000000000000000 [ 614.153212][T32189] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5c66020 [ 614.161173][T32189] R13: 00007f975b1f2700 R14: 0000000000000005 R15: 000000000073c04c [ 614.181811][T32189] memory: usage 303312kB, limit 307200kB, failcnt 4258 [ 614.202163][T32189] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 614.210900][T32189] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 09:00:35 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4a00, 0x0, 0x0, 0x0, 0x0) 09:00:35 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x04', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:35 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xe00000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 614.237791][T32189] Memory cgroup stats for /syz2: cache:52KB rss:287656KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:275840KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 614.282914][T32235] UBIFS error (pid: 32235): cannot open "ubi!_0x0", error -19 [ 614.283894][T32235] UBIFS error (pid: 32235): cannot open "ubi!_0x0", error -19 [ 614.300579][T32240] UBIFS error (pid: 32240): cannot open "ubi!_0x0", error -19 [ 614.313382][T32243] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 614.337707][T32240] UBIFS error (pid: 32240): cannot open "ubi!_0x0", error -19 [ 614.339093][T32189] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null) [ 614.377404][T32189] ,cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26593,uid=0 [ 614.388634][T32189] Memory cgroup out of memory: Killed process 26593 (syz-executor.2) total-vm:72708kB, anon-rss:12460kB, file-rss:35800kB, shmem-rss:0kB [ 614.391265][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 614.408659][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 614.414581][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 614.420385][ C0] protocol 88fb is buggy, dev hsr_slave_1 09:00:35 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}], 0x10) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:35 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x05', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf00000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 614.430875][ T1044] oom_reaper: reaped process 26593 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:00:35 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 614.495205][T32256] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 614.505140][T32259] UBIFS error (pid: 32259): cannot open "ubi!_0x0", error -19 09:00:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:35 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x06', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 614.507442][T32259] UBIFS error (pid: 32259): cannot open "ubi!_0x0", error -19 [ 614.552938][T32265] UBIFS error (pid: 32265): cannot open "ubi!_0x0", error -19 [ 614.589793][T32242] XFS (loop0): Invalid superblock magic number [ 614.591289][T32265] UBIFS error (pid: 32265): cannot open "ubi!_0x0", error -19 [ 614.679909][T32279] UBIFS error (pid: 32279): cannot open "ubi!_0x0", error -19 [ 614.680946][T32279] UBIFS error (pid: 32279): cannot open "ubi!_0x0", error -19 [ 614.848352][T32283] XFS (loop0): Invalid superblock magic number 09:00:35 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4c00, 0x0, 0x0, 0x0, 0x0) 09:00:35 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x1000000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:35 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\a', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 615.039101][T32297] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 615.041700][T32295] UBIFS error (pid: 32295): cannot open "ubi!_0x0", error -19 [ 615.042236][T32295] UBIFS error (pid: 32295): cannot open "ubi!_0x0", error -19 [ 615.077360][T32300] UBIFS error (pid: 32300): cannot open "ubi!_0x0", error -19 [ 615.095298][T32300] UBIFS error (pid: 32300): cannot open "ubi!_0x0", error -19 [ 615.124405][T32262] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 615.138008][T32262] CPU: 1 PID: 32262 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 615.146717][T32262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 615.168256][T32262] Call Trace: [ 615.171625][T32262] dump_stack+0x172/0x1f0 [ 615.175972][T32262] dump_header+0x10f/0xb6c [ 615.180404][T32262] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 615.186222][T32262] ? ___ratelimit+0x60/0x595 [ 615.191011][T32262] ? do_raw_spin_unlock+0x57/0x270 [ 615.196285][T32262] oom_kill_process.cold+0x10/0x15 [ 615.201614][T32262] out_of_memory+0x79a/0x1280 [ 615.201634][T32262] ? lock_downgrade+0x880/0x880 [ 615.201649][T32262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.201666][T32262] ? oom_killer_disable+0x280/0x280 [ 615.201684][T32262] ? find_held_lock+0x35/0x130 [ 615.217706][T32262] mem_cgroup_out_of_memory+0x1ca/0x230 [ 615.217721][T32262] ? memcg_event_wake+0x230/0x230 [ 615.217744][T32262] ? do_raw_spin_unlock+0x57/0x270 [ 615.217769][T32262] ? _raw_spin_unlock+0x2d/0x50 [ 615.228703][T32262] try_charge+0x118d/0x1790 [ 615.228727][T32262] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 615.239534][T32262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.239555][T32262] ? kasan_check_read+0x11/0x20 [ 615.239574][T32262] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 615.239603][T32262] mem_cgroup_try_charge+0x24d/0x5e0 [ 615.281854][T32262] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 615.287617][T32262] wp_page_copy+0x408/0x1740 [ 615.292225][T32262] ? find_held_lock+0x35/0x130 [ 615.297016][T32262] ? pmd_pfn+0x1d0/0x1d0 [ 615.301313][T32262] ? lock_downgrade+0x880/0x880 [ 615.306160][T32262] ? __pte_alloc_kernel+0x220/0x220 [ 615.311361][T32262] ? kasan_check_read+0x11/0x20 [ 615.316199][T32262] ? do_raw_spin_unlock+0x57/0x270 [ 615.321575][T32262] do_wp_page+0x5d8/0x16c0 [ 615.325989][T32262] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 615.331438][T32262] ? __handle_mm_fault+0x22dc/0x3ec0 [ 615.336876][T32262] ? do_wp_page+0xa/0x16c0 [ 615.341308][T32262] __handle_mm_fault+0x22e8/0x3ec0 [ 615.346425][T32262] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 615.351968][T32262] ? find_held_lock+0x35/0x130 [ 615.356730][T32262] ? handle_mm_fault+0x322/0xb30 [ 615.362117][T32262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.362523][T32305] XFS (loop0): Invalid superblock magic number [ 615.368453][T32262] ? kasan_check_read+0x11/0x20 [ 615.368475][T32262] handle_mm_fault+0x43f/0xb30 [ 615.368498][T32262] __do_page_fault+0x5ef/0xda0 [ 615.368527][T32262] do_page_fault+0x71/0x581 [ 615.393760][T32262] page_fault+0x1e/0x30 [ 615.397924][T32262] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 615.404494][T32262] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 615.424169][T32262] RSP: 0018:ffff888056b47ab8 EFLAGS: 00010206 [ 615.430216][T32262] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 615.438184][T32262] RDX: 0000000000001000 RSI: ffff888094cf9b00 RDI: 0000000020bd1000 [ 615.446140][T32262] RBP: ffff888056b47af0 R08: ffffed101299f400 R09: 0000000000000000 [ 615.454184][T32262] R10: ffffed101299f3ff R11: ffff888094cf9fff R12: 0000000020bd0500 [ 615.462231][T32262] R13: ffff888094cf9000 R14: 0000000020bd1500 R15: 00007ffffffff000 [ 615.470213][T32262] ? copyout+0xe2/0x100 [ 615.474449][T32262] copy_page_to_iter+0x3b6/0xd60 [ 615.479385][T32262] ? kill_fasync+0x323/0x4a0 [ 615.483980][T32262] pipe_to_user+0xb4/0x170 [ 615.488384][T32262] __splice_from_pipe+0x395/0x7d0 [ 615.493392][T32262] ? iter_to_pipe+0x560/0x560 [ 615.498079][T32262] do_vmsplice.part.0+0x249/0x2b0 [ 615.503106][T32262] ? do_tee+0x850/0x850 [ 615.507257][T32262] ? import_iovec+0x12e/0x200 [ 615.512003][T32262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.518230][T32262] __do_sys_vmsplice+0x1b9/0x210 [ 615.523158][T32262] ? vmsplice_type.isra.0+0x160/0x160 [ 615.528530][T32262] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 615.534115][T32262] ? retint_kernel+0x2d/0x2d [ 615.538710][T32262] ? trace_hardirqs_on_caller+0x6a/0x220 [ 615.544331][T32262] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 615.549915][T32262] ? retint_kernel+0x2d/0x2d [ 615.554602][T32262] __x64_sys_vmsplice+0x97/0xf0 [ 615.559457][T32262] ? do_syscall_64+0x5b/0x610 [ 615.564121][T32262] do_syscall_64+0x103/0x610 [ 615.568702][T32262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 615.574667][T32262] RIP: 0033:0x457f29 [ 615.578546][T32262] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 615.598238][T32262] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 615.606726][T32262] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 615.614705][T32262] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000007 [ 615.622668][T32262] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 615.630642][T32262] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 615.638606][T32262] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 615.647497][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 615.653433][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 615.659308][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 615.665153][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 615.672912][T32262] memory: usage 307084kB, limit 307200kB, failcnt 4418 [ 615.679825][T32262] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 615.687415][T32262] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 615.694470][T32262] Memory cgroup stats for /syz2: cache:52KB rss:289344KB rss_huge:249856KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277448KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 615.722369][T32262] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32197,uid=0 09:00:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x2000000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:36 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0H', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:36 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x0, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:36 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 615.742749][T32262] Memory cgroup out of memory: Killed process 32197 (syz-executor.2) total-vm:72708kB, anon-rss:16556kB, file-rss:35808kB, shmem-rss:0kB 09:00:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x2800000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:36 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0L', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 615.806409][T32320] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 615.806609][T32319] UBIFS error (pid: 32319): cannot open "ubi!_0x0", error -19 [ 615.813980][T32323] UBIFS error (pid: 32323): cannot open "ubi!_0x0H", error -19 [ 615.823930][T32319] UBIFS error (pid: 32319): cannot open "ubi!_0x0", error -19 [ 615.834444][T32323] UBIFS error (pid: 32323): cannot open "ubi!_0x0H", error -19 [ 615.906961][T32328] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 615.957824][T32341] UBIFS error (pid: 32341): cannot open "ubi!_0x0L", error -19 09:00:36 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x5c01, 0x0, 0x0, 0x0, 0x0) 09:00:36 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0&', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x4800000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:36 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0h', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 615.972438][T32341] UBIFS error (pid: 32341): cannot open "ubi!_0x0L", error -19 [ 616.093172][T32351] UBIFS error (pid: 32351): cannot open "ubi!_0x0h", error -19 [ 616.102523][T32353] UBIFS error (pid: 32353): cannot open "ubi!_0x0&", error -19 09:00:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x4c00000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0l', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 616.102530][T32351] UBIFS error (pid: 32351): cannot open "ubi!_0x0h", error -19 [ 616.145486][T32353] UBIFS error (pid: 32353): cannot open "ubi!_0x0&", error -19 09:00:37 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 616.240951][T32365] UBIFS error (pid: 32365): cannot open "ubi!_0x0l", error -19 [ 616.261924][T32368] UBIFS error (pid: 32368): cannot open "ubi!_0x0", error -19 [ 616.282285][T32365] UBIFS error (pid: 32365): cannot open "ubi!_0x0l", error -19 [ 616.346511][T32368] UBIFS error (pid: 32368): cannot open "ubi!_0x0", error -19 [ 616.456087][T32364] XFS (loop0): Invalid superblock magic number 09:00:37 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x0, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:37 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6000000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:37 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xc0', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0t', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x6000, 0x0, 0x0, 0x0, 0x0) [ 616.751329][T32390] UBIFS error (pid: 32390): cannot open "ubi!_0x0t", error -19 [ 616.755095][T32390] UBIFS error (pid: 32390): cannot open "ubi!_0x0t", error -19 [ 616.767422][T32395] UBIFS error (pid: 32395): cannot open "ubi!_0x0À", error -19 [ 616.782473][T32395] UBIFS error (pid: 32395): cannot open "ubi!_0x0À", error -19 09:00:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0z', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:37 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6800000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:37 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xf0', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 616.906716][T32413] UBIFS error (pid: 32413): cannot open "ubi!_0x0z", error -19 [ 616.913253][T32413] UBIFS error (pid: 32413): cannot open "ubi!_0x0z", error -19 [ 616.937558][T32417] UBIFS error (pid: 32417): cannot open "ubi!_0x0", error -19 [ 616.973381][T32417] UBIFS error (pid: 32417): cannot open "ubi!_0x0", error -19 09:00:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x6c00000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 616.999421][T32427] UBIFS error (pid: 32427): cannot open "ubi!_0x0ð", error -19 [ 617.036249][T32402] XFS (loop0): Invalid superblock magic number [ 617.088918][T32427] UBIFS error (pid: 32427): cannot open "ubi!_0x0ð", error -19 [ 617.261063][T32435] XFS (loop0): Invalid superblock magic number 09:00:38 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x0, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:38 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x7400000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:38 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x6800, 0x0, 0x0, 0x0, 0x0) [ 617.638663][T32452] UBIFS error (pid: 32452): cannot open "ubi!_0x0", error -19 [ 617.639303][T32453] UBIFS error (pid: 32453): cannot open "ubi!_0x0ÿ", error -19 [ 617.651918][T32455] __nla_parse: 5 callbacks suppressed [ 617.651928][T32455] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 617.669019][T32452] UBIFS error (pid: 32452): cannot open "ubi!_0x0", error -19 09:00:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x7a00000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:38 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 617.716236][ T7591] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 09:00:38 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 617.753801][T32453] UBIFS error (pid: 32453): cannot open "ubi!_0x0ÿ", error -19 [ 617.806816][T32464] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 617.824924][T32472] UBIFS error (pid: 32472): cannot open "ubi!_0x0", error -19 [ 617.829705][T32472] UBIFS error (pid: 32472): cannot open "ubi!_0x0", error -19 [ 617.854567][ T7591] CPU: 1 PID: 7591 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 09:00:38 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 617.859188][T32475] UBIFS error (pid: 32475): cannot open "ubi!_0x0", error -19 [ 617.859499][T32475] UBIFS error (pid: 32475): cannot open "ubi!_0x0", error -19 [ 617.875249][ T7591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 617.875407][ T7591] Call Trace: [ 617.875435][ T7591] dump_stack+0x172/0x1f0 [ 617.875453][ T7591] dump_header+0x10f/0xb6c [ 617.875474][ T7591] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 617.926920][ T7591] ? ___ratelimit+0x60/0x595 [ 617.931536][ T7591] ? do_raw_spin_unlock+0x57/0x270 [ 617.937014][ T7591] oom_kill_process.cold+0x10/0x15 [ 617.940849][T32478] UBIFS error (pid: 32478): cannot open "ubi!_0x0", error -19 [ 617.942138][ T7591] out_of_memory+0x79a/0x1280 [ 617.946285][T32478] UBIFS error (pid: 32478): cannot open "ubi!_0x0", error -19 [ 617.954301][ T7591] ? lock_downgrade+0x880/0x880 [ 617.966603][ T7591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 617.972862][ T7591] ? oom_killer_disable+0x280/0x280 [ 617.978074][ T7591] ? find_held_lock+0x35/0x130 [ 617.982861][ T7591] mem_cgroup_out_of_memory+0x1ca/0x230 [ 617.989460][ T7591] ? memcg_event_wake+0x230/0x230 [ 617.994512][ T7591] ? do_raw_spin_unlock+0x57/0x270 [ 617.999723][ T7591] ? _raw_spin_unlock+0x2d/0x50 [ 618.004677][ T7591] try_charge+0x118d/0x1790 [ 618.009298][ T7591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 618.014847][ T7591] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 618.014862][ T7591] ? find_held_lock+0x35/0x130 [ 618.014875][ T7591] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 618.014898][ T7591] __memcg_kmem_charge_memcg+0x7c/0x130 [ 618.014912][ T7591] ? memcg_kmem_put_cache+0xb0/0xb0 [ 618.014926][ T7591] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 618.014943][ T7591] __memcg_kmem_charge+0x136/0x300 [ 618.014968][ T7591] __alloc_pages_nodemask+0x437/0x7e0 [ 618.026253][ T7591] ? __alloc_pages_slowpath+0x2900/0x2900 [ 618.026275][ T7591] ? copy_page_range+0x125a/0x1f90 [ 618.026294][ T7591] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 618.026312][ T7591] alloc_pages_current+0x107/0x210 [ 618.026330][ T7591] pte_alloc_one+0x1b/0x1a0 [ 618.026344][ T7591] __pte_alloc+0x20/0x310 [ 618.026359][ T7591] copy_page_range+0x1529/0x1f90 [ 618.026372][ T7591] ? find_held_lock+0x35/0x130 [ 618.026407][ T7591] ? pmd_alloc+0x180/0x180 [ 618.026420][ T7591] ? vma_compute_subtree_gap+0x158/0x230 [ 618.026438][ T7591] ? validate_mm_rb+0xa3/0xc0 [ 618.124564][ T7591] ? __vma_link_rb+0x279/0x370 [ 618.129412][ T7591] copy_process.part.0+0x5ab7/0x79d0 [ 618.134730][ T7591] ? __cleanup_sighand+0x60/0x60 [ 618.143155][ T7591] _do_fork+0x257/0xfd0 [ 618.147423][ T7591] ? fork_idle+0x1d0/0x1d0 [ 618.151845][ T7591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 618.157938][ T7591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 618.163411][ T7591] ? do_syscall_64+0x26/0x610 [ 618.168590][ T7591] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 618.174668][ T7591] ? do_syscall_64+0x26/0x610 [ 618.179354][ T7591] __x64_sys_clone+0xbf/0x150 [ 618.184030][ T7591] do_syscall_64+0x103/0x610 [ 618.188700][ T7591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 618.194672][ T7591] RIP: 0033:0x4564fa [ 618.198578][ T7591] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 618.219010][ T7591] RSP: 002b:00007ffcc5c660a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 618.227519][ T7591] RAX: ffffffffffffffda RBX: 00007ffcc5c660a0 RCX: 00000000004564fa [ 618.237201][ T7591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 618.245264][ T7591] RBP: 00007ffcc5c660e0 R08: 0000000000000001 R09: 0000000001d79940 [ 618.253228][ T7591] R10: 0000000001d79c10 R11: 0000000000000246 R12: 0000000000000001 [ 618.261202][ T7591] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcc5c66130 [ 618.275172][ T7591] memory: usage 307200kB, limit 307200kB, failcnt 4552 [ 618.282448][ T7591] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 618.290439][ T7591] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 618.293135][T32449] XFS (loop0): Invalid superblock magic number [ 618.297527][ T7591] Memory cgroup stats for /syz2: cache:52KB rss:289352KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277524KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 618.326769][ T7591] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32403,uid=0 [ 618.342926][ T7591] Memory cgroup out of memory: Killed process 32403 (syz-executor.2) total-vm:72708kB, anon-rss:16556kB, file-rss:35800kB, shmem-rss:0kB [ 618.369709][ T1044] oom_reaper: reaped process 32403 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:00:39 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @broadcast}], 0x10) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:39 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:39 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x9effffff00000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:39 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:39 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x6c00, 0x0, 0x0, 0x0, 0x0) [ 618.924375][T32501] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 618.934580][T32505] UBIFS error (pid: 32505): cannot open "ubi!_0x0", error -19 [ 618.935136][T32505] UBIFS error (pid: 32505): cannot open "ubi!_0x0", error -19 [ 618.944621][T32507] UBIFS error (pid: 32507): cannot open "ubi!_0x0", error -19 [ 618.965157][ T7591] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 618.970191][T32507] UBIFS error (pid: 32507): cannot open "ubi!_0x0", error -19 [ 618.983715][ T7591] CPU: 0 PID: 7591 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 618.993894][ T7591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.004133][ T7591] Call Trace: [ 619.007557][ T7591] dump_stack+0x172/0x1f0 [ 619.011913][ T7591] dump_header+0x10f/0xb6c [ 619.016355][ T7591] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 09:00:39 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:39 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 619.022266][ T7591] ? ___ratelimit+0x60/0x595 [ 619.025625][T32513] UBIFS error (pid: 32513): cannot open "ubi!_0x0", error -19 [ 619.026235][T32513] UBIFS error (pid: 32513): cannot open "ubi!_0x0", error -19 [ 619.027233][ T7591] ? do_raw_spin_unlock+0x57/0x270 [ 619.027257][ T7591] oom_kill_process.cold+0x10/0x15 [ 619.027272][ T7591] out_of_memory+0x79a/0x1280 [ 619.027291][ T7591] ? lock_downgrade+0x880/0x880 09:00:39 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 619.070504][ T7591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 619.077916][ T7591] ? oom_killer_disable+0x280/0x280 [ 619.080652][T32518] UBIFS error (pid: 32518): cannot open "ubi!_0x0", error -19 [ 619.081367][T32518] UBIFS error (pid: 32518): cannot open "ubi!_0x0", error -19 [ 619.083128][ T7591] ? find_held_lock+0x35/0x130 [ 619.083157][ T7591] mem_cgroup_out_of_memory+0x1ca/0x230 [ 619.083171][ T7591] ? memcg_event_wake+0x230/0x230 [ 619.083195][ T7591] ? do_raw_spin_unlock+0x57/0x270 09:00:40 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 619.122229][ T7591] ? _raw_spin_unlock+0x2d/0x50 [ 619.127107][ T7591] try_charge+0x118d/0x1790 [ 619.131641][ T7591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 619.137293][ T7591] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 619.140642][T32523] UBIFS error (pid: 32523): cannot open "ubi!_0x0", error -19 [ 619.141109][T32523] UBIFS error (pid: 32523): cannot open "ubi!_0x0", error -19 [ 619.142942][ T7591] ? find_held_lock+0x35/0x130 [ 619.142958][ T7591] ? get_mem_cgroup_from_mm+0x10b/0x2b0 09:00:40 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 619.142985][ T7591] __memcg_kmem_charge_memcg+0x7c/0x130 [ 619.143001][ T7591] ? memcg_kmem_put_cache+0xb0/0xb0 [ 619.143018][ T7591] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 619.143035][ T7591] __memcg_kmem_charge+0x136/0x300 [ 619.143062][ T7591] __alloc_pages_nodemask+0x437/0x7e0 09:00:40 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 619.184189][T32526] UBIFS error (pid: 32526): cannot open "ubi!_0x0", error -19 [ 619.184900][T32526] UBIFS error (pid: 32526): cannot open "ubi!_0x0", error -19 [ 619.187884][ T7591] ? __alloc_pages_slowpath+0x2900/0x2900 [ 619.187909][ T7591] ? copy_page_range+0x125a/0x1f90 [ 619.187926][ T7591] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 619.187949][ T7591] alloc_pages_current+0x107/0x210 [ 619.196590][T32506] XFS (loop0): Invalid superblock magic number [ 619.200451][ T7591] pte_alloc_one+0x1b/0x1a0 [ 619.200471][ T7591] __pte_alloc+0x20/0x310 [ 619.200486][ T7591] copy_page_range+0x1529/0x1f90 [ 619.200509][ T7591] ? find_held_lock+0x35/0x130 [ 619.245706][T32528] UBIFS error (pid: 32528): cannot open "ubi!_0x0", error -19 [ 619.246354][T32528] UBIFS error (pid: 32528): cannot open "ubi!_0x0", error -19 [ 619.246473][ T7591] ? pmd_alloc+0x180/0x180 [ 619.284215][T32530] UBIFS error (pid: 32530): cannot open "ubi!_0x0", error -19 [ 619.284786][T32530] UBIFS error (pid: 32530): cannot open "ubi!_0x0", error -19 [ 619.288886][ T7591] ? __rb_insert_augmented+0x231/0xdf0 [ 619.288907][ T7591] ? validate_mm_rb+0xa3/0xc0 [ 619.288924][ T7591] ? __vma_link_rb+0x279/0x370 [ 619.288947][ T7591] copy_process.part.0+0x5ab7/0x79d0 [ 619.388845][ T7591] ? __cleanup_sighand+0x60/0x60 [ 619.394321][ T7591] _do_fork+0x257/0xfd0 [ 619.398555][ T7591] ? fork_idle+0x1d0/0x1d0 [ 619.404120][ T7591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 619.412046][ T7591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 619.417587][ T7591] ? do_syscall_64+0x26/0x610 [ 619.427875][ T7591] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 619.435705][ T7591] ? do_syscall_64+0x26/0x610 [ 619.441307][ T7591] __x64_sys_clone+0xbf/0x150 [ 619.446063][ T7591] do_syscall_64+0x103/0x610 [ 619.450904][ T7591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 619.457042][ T7591] RIP: 0033:0x4564fa [ 619.461016][ T7591] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 619.481060][ T7591] RSP: 002b:00007ffcc5c660a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 619.491112][ T7591] RAX: ffffffffffffffda RBX: 00007ffcc5c660a0 RCX: 00000000004564fa [ 619.499087][ T7591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 619.510011][ T7591] RBP: 00007ffcc5c660e0 R08: 0000000000000001 R09: 0000000001d79940 [ 619.519020][ T7591] R10: 0000000001d79c10 R11: 0000000000000246 R12: 0000000000000001 [ 619.528020][ T7591] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcc5c66130 [ 619.540650][ T7591] memory: usage 307200kB, limit 307200kB, failcnt 4652 [ 619.561801][ T7591] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 619.575596][ T7591] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 619.588075][ T7591] Memory cgroup stats for /syz2: cache:52KB rss:289344KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277516KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 619.630019][ T7591] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32487,uid=0 [ 619.650938][ T7591] Memory cgroup out of memory: Killed process 32487 (syz-executor.2) total-vm:72576kB, anon-rss:16548kB, file-rss:35796kB, shmem-rss:0kB [ 619.678678][ T1044] oom_reaper: reaped process 32487 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 619.741278][ C1] net_ratelimit: 20 callbacks suppressed [ 619.741285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 619.757229][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 619.821311][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 619.834564][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 619.846904][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 619.862570][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 619.902399][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 619.942675][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 620.000381][T32535] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 620.020706][T32535] CPU: 0 PID: 32535 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 620.035911][T32535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.056522][T32535] Call Trace: [ 620.089781][T32535] dump_stack+0x172/0x1f0 [ 620.094916][T32535] dump_header+0x10f/0xb6c [ 620.099600][T32535] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 620.105848][T32535] ? ___ratelimit+0x60/0x595 [ 620.110443][T32535] ? do_raw_spin_unlock+0x57/0x270 [ 620.115571][T32535] oom_kill_process.cold+0x10/0x15 [ 620.129606][T32535] out_of_memory+0x79a/0x1280 [ 620.138826][T32535] ? lock_downgrade+0x880/0x880 [ 620.158893][T32535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.170718][T32535] ? oom_killer_disable+0x280/0x280 [ 620.175928][T32535] ? find_held_lock+0x35/0x130 [ 620.180966][T32535] mem_cgroup_out_of_memory+0x1ca/0x230 [ 620.186515][T32535] ? memcg_event_wake+0x230/0x230 [ 620.191580][T32535] ? do_raw_spin_unlock+0x57/0x270 [ 620.204087][T32535] ? _raw_spin_unlock+0x2d/0x50 [ 620.212880][T32535] try_charge+0x118d/0x1790 [ 620.218386][T32535] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 620.234729][T32535] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 620.243011][T32535] ? find_held_lock+0x35/0x130 [ 620.248220][T32535] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 620.254138][T32535] __memcg_kmem_charge_memcg+0x7c/0x130 [ 620.260095][T32535] ? memcg_kmem_put_cache+0xb0/0xb0 [ 620.266646][T32535] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 620.274477][T32535] __memcg_kmem_charge+0x136/0x300 [ 620.281031][T32535] __alloc_pages_nodemask+0x437/0x7e0 [ 620.286950][T32535] ? __alloc_pages_slowpath+0x2900/0x2900 [ 620.308795][T32535] ? ___might_sleep+0x163/0x280 [ 620.314192][T32535] ? copyin+0xb5/0x100 [ 620.318450][T32535] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 620.325630][T32535] alloc_pages_current+0x107/0x210 [ 620.330842][T32535] pipe_write+0x659/0xf30 [ 620.336246][T32535] new_sync_write+0x4c7/0x760 [ 620.340931][T32535] ? default_llseek+0x2e0/0x2e0 [ 620.346257][T32535] ? common_file_perm+0x238/0x720 [ 620.351923][T32535] ? __fget+0x381/0x550 [ 620.356811][T32535] ? apparmor_file_permission+0x25/0x30 [ 620.362835][T32535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.369106][T32535] ? security_file_permission+0x94/0x380 [ 620.377318][T32535] __vfs_write+0xe4/0x110 [ 620.382256][T32535] vfs_write+0x20c/0x580 [ 620.388762][T32535] ksys_write+0xea/0x1f0 [ 620.393115][T32535] ? __ia32_sys_read+0xb0/0xb0 [ 620.399341][T32535] ? do_syscall_64+0x26/0x610 [ 620.404262][T32535] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 620.410465][T32535] ? do_syscall_64+0x26/0x610 [ 620.416986][T32535] __x64_sys_write+0x73/0xb0 [ 620.427451][T32535] do_syscall_64+0x103/0x610 [ 620.433299][T32535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 620.442728][T32535] RIP: 0033:0x457f29 [ 620.449951][T32535] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 620.502630][T32535] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 620.566432][T32535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 620.582160][T32535] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 620.640041][T32535] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 620.648714][T32535] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 620.657163][T32535] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 620.666207][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 620.675443][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 620.684188][T32535] memory: usage 307104kB, limit 307200kB, failcnt 4734 [ 620.698209][T32535] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 620.707200][T32535] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 620.715651][T32535] Memory cgroup stats for /syz2: cache:52KB rss:289352KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277448KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 620.754588][T32535] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32533,uid=0 [ 620.771806][T32535] Memory cgroup out of memory: Killed process 32539 (syz-executor.2) total-vm:72708kB, anon-rss:16328kB, file-rss:35800kB, shmem-rss:0kB 09:00:41 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @broadcast}], 0x10) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:41 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:41 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xbf0a000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:41 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x7400, 0x0, 0x0, 0x0, 0x0) [ 620.794554][ T1044] oom_reaper: reaped process 32539 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 620.842919][T32555] UBIFS error (pid: 32555): cannot open "ubi!_0x0", error -19 [ 620.843447][T32555] UBIFS error (pid: 32555): cannot open "ubi!_0x0", error -19 [ 620.861109][T32556] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 620.872896][T32559] UBIFS error (pid: 32559): cannot open "ubi!_0x0", error -19 09:00:41 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 620.873576][T32559] UBIFS error (pid: 32559): cannot open "ubi!_0x0", error -19 09:00:41 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0 ', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xc00e000000000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 621.020964][T32577] UBIFS error (pid: 32577): cannot open "ubi!_0x0", error -19 [ 621.027340][T32577] UBIFS error (pid: 32577): cannot open "ubi!_0x0", error -19 [ 621.036966][T32552] XFS (loop0): Invalid superblock magic number [ 621.058308][T32579] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 621.066698][T32581] UBIFS error (pid: 32581): cannot open "ubi!_0x0 ", error -19 09:00:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 621.067192][T32581] UBIFS error (pid: 32581): cannot open "ubi!_0x0 ", error -19 [ 621.220207][T32589] UBIFS error (pid: 32589): cannot open "ubi!_0x0", error -19 [ 621.220695][T32589] UBIFS error (pid: 32589): cannot open "ubi!_0x0", error -19 [ 621.327445][T32564] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 621.354317][T32564] CPU: 1 PID: 32564 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 621.365067][T32564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.365074][T32564] Call Trace: [ 621.365102][T32564] dump_stack+0x172/0x1f0 [ 621.365122][T32564] dump_header+0x10f/0xb6c [ 621.365140][T32564] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 621.365156][T32564] ? ___ratelimit+0x60/0x595 [ 621.365172][T32564] ? do_raw_spin_unlock+0x57/0x270 [ 621.365188][T32564] oom_kill_process.cold+0x10/0x15 [ 621.365203][T32564] out_of_memory+0x79a/0x1280 [ 621.365218][T32564] ? lock_downgrade+0x880/0x880 [ 621.365232][T32564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 621.365248][T32564] ? oom_killer_disable+0x280/0x280 [ 621.365258][T32564] ? find_held_lock+0x35/0x130 [ 621.365279][T32564] mem_cgroup_out_of_memory+0x1ca/0x230 [ 621.365292][T32564] ? memcg_event_wake+0x230/0x230 [ 621.365310][T32564] ? do_raw_spin_unlock+0x57/0x270 [ 621.365324][T32564] ? _raw_spin_unlock+0x2d/0x50 [ 621.365365][T32564] try_charge+0x118d/0x1790 [ 621.365386][T32564] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 621.365400][T32564] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 621.365413][T32564] ? find_held_lock+0x35/0x130 [ 621.365428][T32564] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 621.365453][T32564] __memcg_kmem_charge_memcg+0x7c/0x130 [ 621.365465][T32564] ? memcg_kmem_put_cache+0xb0/0xb0 [ 621.365485][T32564] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 621.386368][T32564] __memcg_kmem_charge+0x136/0x300 [ 621.386394][T32564] __alloc_pages_nodemask+0x437/0x7e0 [ 621.386416][T32564] ? __alloc_pages_slowpath+0x2900/0x2900 [ 621.386433][T32564] ? ___might_sleep+0x163/0x280 [ 621.386457][T32564] ? copyin+0xb5/0x100 [ 621.406441][T32564] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 621.406464][T32564] alloc_pages_current+0x107/0x210 [ 621.406487][T32564] pipe_write+0x659/0xf30 [ 621.406512][T32564] new_sync_write+0x4c7/0x760 [ 621.406528][T32564] ? default_llseek+0x2e0/0x2e0 [ 621.406548][T32564] ? common_file_perm+0x238/0x720 [ 621.406562][T32564] ? __fget+0x381/0x550 [ 621.406578][T32564] ? apparmor_file_permission+0x25/0x30 [ 621.406591][T32564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 621.406609][T32564] ? security_file_permission+0x94/0x380 [ 621.406628][T32564] __vfs_write+0xe4/0x110 [ 621.406646][T32564] vfs_write+0x20c/0x580 [ 621.406667][T32564] ksys_write+0xea/0x1f0 [ 621.406683][T32564] ? __ia32_sys_read+0xb0/0xb0 [ 621.406700][T32564] ? do_syscall_64+0x26/0x610 [ 621.406721][T32564] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 621.430760][T32564] ? do_syscall_64+0x26/0x610 [ 621.430786][T32564] __x64_sys_write+0x73/0xb0 [ 621.430804][T32564] do_syscall_64+0x103/0x610 [ 621.430822][T32564] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 621.430835][T32564] RIP: 0033:0x457f29 [ 621.430849][T32564] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 621.430855][T32564] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 621.430868][T32564] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 621.430874][T32564] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 621.430887][T32564] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 621.456965][T32564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 621.456974][T32564] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 621.474062][T32564] memory: usage 307200kB, limit 307200kB, failcnt 4804 [ 621.494647][T32564] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.278668][T32564] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.286588][T32564] Memory cgroup stats for /syz2: cache:52KB rss:289208KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277452KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 622.368307][T32564] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32550,uid=0 [ 622.402443][T32564] Memory cgroup out of memory: Killed process 32575 (syz-executor.2) total-vm:72708kB, anon-rss:16328kB, file-rss:35804kB, shmem-rss:0kB 09:00:43 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @broadcast}], 0x10) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xf0ffffff00000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:43 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:43 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:43 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x7a00, 0x0, 0x0, 0x0, 0x0) [ 622.442102][ T1044] oom_reaper: reaped process 32575 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 622.504571][T32599] UBIFS error (pid: 32599): cannot open "ubi!_0x0", error -19 [ 622.514225][T32602] UBIFS error (pid: 32602): cannot open "ubi!_0x0", error -19 [ 622.519258][T32599] UBIFS error (pid: 32599): cannot open "ubi!_0x0", error -19 [ 622.556894][T32602] UBIFS error (pid: 32602): cannot open "ubi!_0x0", error -19 09:00:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xffffff7f00000000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:43 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:43 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 622.572929][T32601] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 622.698495][T32617] UBIFS error (pid: 32617): cannot open "ubi!_0x0", error -19 [ 622.699486][T32617] UBIFS error (pid: 32617): cannot open "ubi!_0x0", error -19 09:00:43 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x10', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 622.703838][T32618] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 622.827215][T32630] UBIFS error (pid: 32630): cannot open "ubi!_0x0", error -19 [ 622.827799][T32630] UBIFS error (pid: 32630): cannot open "ubi!_0x0", error -19 [ 622.891808][T32619] XFS (loop0): Invalid superblock magic number [ 622.914551][T32639] UBIFS error (pid: 32639): cannot open "ubi!_0x0", error -19 [ 622.915109][T32639] UBIFS error (pid: 32639): cannot open "ubi!_0x0", error -19 [ 623.480958][T32620] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 623.516964][T32620] CPU: 0 PID: 32620 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 623.528649][T32620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.549145][T32620] Call Trace: [ 623.553330][T32620] dump_stack+0x172/0x1f0 [ 623.560834][T32620] dump_header+0x10f/0xb6c [ 623.565518][T32620] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 623.572180][T32620] ? ___ratelimit+0x60/0x595 [ 623.576945][T32620] ? do_raw_spin_unlock+0x57/0x270 [ 623.583871][T32620] oom_kill_process.cold+0x10/0x15 [ 623.589232][T32620] out_of_memory+0x79a/0x1280 [ 623.594911][T32620] ? lock_downgrade+0x880/0x880 [ 623.599850][T32620] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 623.606087][T32620] ? oom_killer_disable+0x280/0x280 [ 623.611282][T32620] ? find_held_lock+0x35/0x130 [ 623.618924][T32620] mem_cgroup_out_of_memory+0x1ca/0x230 [ 623.625177][T32620] ? memcg_event_wake+0x230/0x230 [ 623.630640][T32620] ? do_raw_spin_unlock+0x57/0x270 [ 623.641056][T32620] ? _raw_spin_unlock+0x2d/0x50 [ 623.648101][T32620] try_charge+0x118d/0x1790 [ 623.653752][T32620] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 623.661480][T32620] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 623.670059][T32620] ? find_held_lock+0x35/0x130 [ 623.675770][T32620] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 623.686700][T32620] __memcg_kmem_charge_memcg+0x7c/0x130 [ 623.700396][T32620] ? memcg_kmem_put_cache+0xb0/0xb0 [ 623.706952][T32620] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 623.712747][T32620] __memcg_kmem_charge+0x136/0x300 [ 623.717848][T32620] __alloc_pages_nodemask+0x437/0x7e0 [ 623.729074][T32620] ? __alloc_pages_slowpath+0x2900/0x2900 [ 623.737634][T32620] ? ___might_sleep+0x163/0x280 [ 623.744584][T32620] ? copyin+0xb5/0x100 [ 623.750827][T32620] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 623.765327][T32620] alloc_pages_current+0x107/0x210 [ 623.773058][T32620] pipe_write+0x659/0xf30 [ 623.777749][T32620] new_sync_write+0x4c7/0x760 [ 623.784790][T32620] ? default_llseek+0x2e0/0x2e0 [ 623.791040][T32620] ? common_file_perm+0x238/0x720 [ 623.796862][T32620] ? __fget+0x381/0x550 [ 623.808937][T32620] ? apparmor_file_permission+0x25/0x30 [ 623.819810][T32620] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 623.828656][T32620] ? security_file_permission+0x94/0x380 [ 623.834929][T32620] __vfs_write+0xe4/0x110 [ 623.841092][T32620] vfs_write+0x20c/0x580 [ 623.845337][T32620] ksys_write+0xea/0x1f0 [ 623.849569][T32620] ? __ia32_sys_read+0xb0/0xb0 [ 623.856858][T32620] ? do_syscall_64+0x26/0x610 [ 623.861539][T32620] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 623.867596][T32620] ? do_syscall_64+0x26/0x610 [ 623.874275][T32620] __x64_sys_write+0x73/0xb0 [ 623.884172][T32620] do_syscall_64+0x103/0x610 [ 623.894319][T32620] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 623.908645][T32620] RIP: 0033:0x457f29 [ 623.912555][T32620] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 623.940886][T32620] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 623.951911][T32620] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 623.963743][T32620] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000008 [ 623.974492][T32620] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 623.986112][T32620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 623.995625][T32620] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 624.005800][T32620] memory: usage 307104kB, limit 307200kB, failcnt 4878 [ 624.022842][T32620] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.034661][T32620] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.044643][T32620] Memory cgroup stats for /syz2: cache:52KB rss:289220KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:277384KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 624.072203][T32620] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32614,uid=0 09:00:45 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0xfffffffffffff000, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:45 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x8b', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:45 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x8003, 0x0, 0x0, 0x0, 0x0) [ 624.100486][T32620] Memory cgroup out of memory: Killed process 32615 (syz-executor.2) total-vm:72708kB, anon-rss:16320kB, file-rss:35800kB, shmem-rss:0kB [ 624.193138][ T1044] oom_reaper: reaped process 32615 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 624.248111][T32661] UBIFS error (pid: 32661): cannot open "ubi!_0x0‹", error -19 [ 624.249797][T32657] UBIFS error (pid: 32657): cannot open "ubi!_0x0", error -19 09:00:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 624.264835][T32660] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 624.312180][T32661] UBIFS error (pid: 32661): cannot open "ubi!_0x0‹", error -19 09:00:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:45 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 624.319221][T32657] UBIFS error (pid: 32657): cannot open "ubi!_0x0", error -19 [ 624.456797][T32675] UBIFS error (pid: 32675): cannot open "ubi!_0x0", error -19 [ 624.458167][T32675] UBIFS error (pid: 32675): cannot open "ubi!_0x0", error -19 09:00:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 624.489065][T32678] UBIFS error (pid: 32678): cannot open "ubi!_0x0", error -19 [ 624.517449][T32686] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 624.559153][T32686] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 624.590164][T32678] UBIFS error (pid: 32678): cannot open "ubi!_0x0", error -19 [ 624.596270][T32690] UBIFS error (pid: 32690): cannot open "ubi!_0x0", error -19 [ 624.624584][T32690] UBIFS error (pid: 32690): cannot open "ubi!_0x0", error -19 [ 624.641405][T32659] XFS (loop0): Invalid superblock magic number [ 624.781331][ C0] net_ratelimit: 22 callbacks suppressed [ 624.781348][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 624.790287][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 624.836180][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 624.836220][ C0] protocol 88fb is buggy, dev hsr_slave_1 09:00:45 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:45 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x8403, 0x0, 0x0, 0x0, 0x0) 09:00:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:45 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 625.121551][T32706] UBIFS error (pid: 32706): cannot open "ubi!_0x0", error -19 [ 625.123994][T32704] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 625.145466][T32710] UBIFS error (pid: 32710): cannot open "ubi!_0x0", error -19 09:00:46 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 625.146000][T32710] UBIFS error (pid: 32710): cannot open "ubi!_0x0", error -19 09:00:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 625.180784][T32706] UBIFS error (pid: 32706): cannot open "ubi!_0x0", error -19 09:00:46 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 625.354745][T32728] UBIFS error (pid: 32728): cannot open "ubi!_0x0", error -19 09:00:46 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 625.356046][T32728] UBIFS error (pid: 32728): cannot open "ubi!_0x0", error -19 [ 625.409785][T32734] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 625.413188][T32717] XFS (loop0): Invalid superblock magic number 09:00:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 625.458304][T32736] UBIFS error (pid: 32736): cannot open "ubi!_0x0", error -19 [ 625.459548][T32736] UBIFS error (pid: 32736): cannot open "ubi!_0x0", error -19 09:00:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 625.506828][T32740] UBIFS error (pid: 32740): cannot open "ubi!_0x0", error -19 [ 625.533975][T32740] UBIFS error (pid: 32740): cannot open "ubi!_0x0", error -19 [ 625.603800][T32744] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 625.713394][T32748] XFS (loop0): Invalid superblock magic number 09:00:46 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:46 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:46 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:46 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xa000, 0x0, 0x0, 0x0, 0x0) [ 626.061323][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 626.067735][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 626.128941][T32765] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 626.142597][ T303] UBIFS error (pid: 303): cannot open "ubi!_0x0ÿ", error -19 09:00:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 626.148069][ T303] UBIFS error (pid: 303): cannot open "ubi!_0x0ÿ", error -19 [ 626.192604][ T307] UBIFS error (pid: 307): cannot open "ubi!_0x0", error -19 09:00:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:47 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:47 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0&', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 626.193986][ T307] UBIFS error (pid: 307): cannot open "ubi!_0x0", error -19 [ 626.275939][T32762] XFS (loop0): Invalid superblock magic number 09:00:47 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 626.325667][ T319] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 626.381308][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 626.387785][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 626.393794][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 626.399788][ C1] protocol 88fb is buggy, dev hsr_slave_1 09:00:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:47 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xc0', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 626.447679][ T334] UBIFS error (pid: 334): cannot open "ubi!_0x0&", error -19 [ 626.448024][ T333] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 626.448190][ T334] UBIFS error (pid: 334): cannot open "ubi!_0x0&", error -19 [ 626.489735][ T336] UBIFS error (pid: 336): cannot open "ubi!_0x0", error -19 [ 626.505252][ T336] UBIFS error (pid: 336): cannot open "ubi!_0x0", error -19 09:00:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:47 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 626.625675][ T346] UBIFS error (pid: 346): cannot open "ubi!_0x0À", error -19 [ 626.627810][ T346] UBIFS error (pid: 346): cannot open "ubi!_0x0À", error -19 [ 626.647667][ T349] UBIFS error (pid: 349): cannot open "ubi!_0x0ÿ", error -19 [ 626.667986][ T349] UBIFS error (pid: 349): cannot open "ubi!_0x0ÿ", error -19 [ 626.802000][ T353] XFS (loop0): Invalid superblock magic number 09:00:47 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xa400, 0x0, 0x0, 0x0, 0x0) 09:00:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:47 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 626.921124][ T369] UBIFS error (pid: 369): cannot open "ubi!_0x0", error -19 [ 626.921746][ T369] UBIFS error (pid: 369): cannot open "ubi!_0x0", error -19 [ 627.038709][ T373] XFS (loop0): Invalid superblock magic number 09:00:48 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:48 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:48 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 627.175761][ T384] XFS (loop0): Invalid superblock magic number 09:00:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 627.227250][ T404] UBIFS error (pid: 404): cannot open "ubi!_0x0ÿ", error -19 [ 627.227786][ T404] UBIFS error (pid: 404): cannot open "ubi!_0x0ÿ", error -19 [ 627.263917][ T407] UBIFS error (pid: 407): cannot open "ubi!_0x0ÿ", error -19 09:00:48 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 627.266344][ T407] UBIFS error (pid: 407): cannot open "ubi!_0x0ÿ", error -19 09:00:48 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 627.458729][ T421] UBIFS error (pid: 421): cannot open "ubi!_0x0ÿ", error -19 09:00:48 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xc400, 0x0, 0x0, 0x0, 0x0) 09:00:48 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:48 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:48 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 627.459358][ T421] UBIFS error (pid: 421): cannot open "ubi!_0x0ÿ", error -19 09:00:48 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 627.559998][ T432] UBIFS error (pid: 432): cannot open "ubi!_0x0", error -19 [ 627.560513][ T432] UBIFS error (pid: 432): cannot open "ubi!_0x0", error -19 [ 627.570891][ T435] UBIFS error (pid: 435): cannot open "ubi!_0x0", error -19 09:00:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:48 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xf9', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 627.664926][ T435] UBIFS error (pid: 435): cannot open "ubi!_0x0", error -19 [ 627.719401][ T451] __nla_parse: 8 callbacks suppressed [ 627.719412][ T451] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 627.737106][ T458] UBIFS error (pid: 458): cannot open "ubi!_0x0ù", error -19 09:00:48 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 627.737642][ T458] UBIFS error (pid: 458): cannot open "ubi!_0x0ù", error -19 [ 627.782093][ T451] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 627.807210][ T464] UBIFS error (pid: 464): cannot open "ubi!_0x0", error -19 09:00:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 627.809034][ T464] UBIFS error (pid: 464): cannot open "ubi!_0x0", error -19 [ 627.900327][ T440] XFS (loop0): Invalid superblock magic number [ 628.006981][ T462] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 628.049593][ T462] CPU: 0 PID: 462 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 628.069456][ T462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.098854][ T462] Call Trace: [ 628.127450][ T462] dump_stack+0x172/0x1f0 [ 628.132489][ T462] dump_header+0x10f/0xb6c [ 628.147911][ T462] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 628.166297][ T462] ? ___ratelimit+0x60/0x595 [ 628.180997][ T462] ? do_raw_spin_unlock+0x57/0x270 [ 628.186892][ T462] oom_kill_process.cold+0x10/0x15 [ 628.210943][ T462] out_of_memory+0x79a/0x1280 [ 628.233220][ T462] ? lock_downgrade+0x880/0x880 [ 628.244597][ T462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 628.258303][ T462] ? oom_killer_disable+0x280/0x280 [ 628.263861][ T462] ? find_held_lock+0x35/0x130 [ 628.270111][ T462] mem_cgroup_out_of_memory+0x1ca/0x230 [ 628.275996][ T462] ? memcg_event_wake+0x230/0x230 [ 628.285486][ T462] ? do_raw_spin_unlock+0x57/0x270 [ 628.306753][ T462] ? _raw_spin_unlock+0x2d/0x50 [ 628.313719][ T462] try_charge+0x118d/0x1790 [ 628.357958][ T462] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 628.363782][ T462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 628.373404][ T462] ? kasan_check_read+0x11/0x20 [ 628.410379][ T462] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 628.440143][ T462] mem_cgroup_try_charge+0x24d/0x5e0 [ 628.445457][ T462] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 628.456830][ T462] wp_page_copy+0x408/0x1740 [ 628.461407][ T462] ? find_held_lock+0x35/0x130 [ 628.471720][ T462] ? pmd_pfn+0x1d0/0x1d0 [ 628.488998][ T462] ? lock_downgrade+0x880/0x880 [ 628.493843][ T462] ? __pte_alloc_kernel+0x220/0x220 [ 628.499299][ T462] ? kasan_check_read+0x11/0x20 [ 628.504759][ T462] ? do_raw_spin_unlock+0x57/0x270 [ 628.516803][ T462] do_wp_page+0x5d8/0x16c0 [ 628.531682][ T462] ? do_raw_spin_lock+0x12a/0x2e0 [ 628.537916][ T462] ? rwlock_bug.part.0+0x90/0x90 [ 628.544850][ T462] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 628.555432][ T462] ? add_mm_counter_fast.part.0+0x40/0x40 [ 628.601219][ T462] __handle_mm_fault+0x22e8/0x3ec0 [ 628.628390][ T462] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 628.635493][ T462] ? find_held_lock+0x35/0x130 [ 628.685966][ T462] ? handle_mm_fault+0x322/0xb30 [ 628.692039][ T462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 628.709062][ T462] ? kasan_check_read+0x11/0x20 [ 628.714182][ T462] handle_mm_fault+0x43f/0xb30 [ 628.724158][ T462] __do_page_fault+0x5ef/0xda0 [ 628.729027][ T462] do_page_fault+0x71/0x581 [ 628.733533][ T462] page_fault+0x1e/0x30 [ 628.738722][ T462] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 628.745568][ T462] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 628.772929][ T462] RSP: 0018:ffff888086887ab8 EFLAGS: 00010206 [ 628.779170][ T462] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 628.787401][ T462] RDX: 0000000000001000 RSI: ffff88808f043b00 RDI: 0000000020b21000 [ 628.795886][ T462] RBP: ffff888086887af0 R08: ffffed1011e08800 R09: 0000000000000000 [ 628.809597][ T462] R10: ffffed1011e087ff R11: ffff88808f043fff R12: 0000000020b20500 [ 628.819212][ T462] R13: ffff88808f043000 R14: 0000000020b21500 R15: 00007ffffffff000 [ 628.830763][ T462] ? copyout+0xe2/0x100 [ 628.835265][ T462] copy_page_to_iter+0x3b6/0xd60 [ 628.853418][ T462] ? kill_fasync+0x323/0x4a0 [ 628.897502][ T462] pipe_to_user+0xb4/0x170 [ 628.902549][ T462] __splice_from_pipe+0x395/0x7d0 [ 628.919812][ T462] ? iter_to_pipe+0x560/0x560 [ 628.935965][ T462] do_vmsplice.part.0+0x249/0x2b0 [ 628.945262][ T462] ? do_tee+0x850/0x850 [ 628.949413][ T462] ? import_iovec+0x12e/0x200 [ 628.955589][ T462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 628.961840][ T462] __do_sys_vmsplice+0x1b9/0x210 [ 628.967121][ T462] ? vmsplice_type.isra.0+0x160/0x160 [ 628.973046][ T462] ? kasan_check_read+0x11/0x20 [ 628.978397][ T462] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 628.985176][ T462] ? put_timespec64+0xda/0x140 [ 628.990025][ T462] ? nsecs_to_jiffies+0x30/0x30 [ 628.996545][ T462] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 629.002186][ T462] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 629.007651][ T462] ? do_syscall_64+0x26/0x610 [ 629.014763][ T462] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.020836][ T462] ? do_syscall_64+0x26/0x610 [ 629.025618][ T462] __x64_sys_vmsplice+0x97/0xf0 [ 629.032805][ T462] do_syscall_64+0x103/0x610 [ 629.038500][ T462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.049903][ T462] RIP: 0033:0x457f29 [ 629.053879][ T462] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 629.080173][ T462] RSP: 002b:00007f975b212c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 629.108326][ T462] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 629.124745][ T462] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006 [ 629.134123][ T462] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 629.142695][ T462] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2136d4 [ 629.155449][ T462] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 629.191362][ T462] memory: usage 307136kB, limit 307200kB, failcnt 4962 [ 629.198654][ T462] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 629.206953][ T462] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 629.214547][ T462] Memory cgroup stats for /syz2: cache:52KB rss:288640KB rss_huge:251904KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276832KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 629.241565][ T462] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27975,uid=0 [ 629.277128][ T462] Memory cgroup out of memory: Killed process 27975 (syz-executor.2) total-vm:72708kB, anon-rss:12460kB, file-rss:35800kB, shmem-rss:0kB 09:00:50 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xca00, 0x0, 0x0, 0x0, 0x0) 09:00:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x8c', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:50 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:50 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 629.397966][ T485] UBIFS error (pid: 485): cannot open "ubi!_0x0Œ", error -19 [ 629.398030][ T484] UBIFS error (pid: 484): cannot open "ubi!_0x0", error -19 [ 629.411799][ T483] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:50 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 629.428176][ T484] UBIFS error (pid: 484): cannot open "ubi!_0x0", error -19 [ 629.446027][ T485] UBIFS error (pid: 485): cannot open "ubi!_0x0Œ", error -19 [ 629.451024][ T483] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xf6', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 629.557680][ T502] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 629.580578][ T506] UBIFS error (pid: 506): cannot open "ubi!_0x0ö", error -19 09:00:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xfe', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 629.582393][ T506] UBIFS error (pid: 506): cannot open "ubi!_0x0ö", error -19 [ 629.601614][ T489] XFS (loop0): Invalid superblock magic number [ 629.616899][ T510] UBIFS error (pid: 510): cannot open "ubi!_0x0", error -19 09:00:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 629.618403][ T510] UBIFS error (pid: 510): cannot open "ubi!_0x0", error -19 [ 629.672877][ T513] UBIFS error (pid: 513): cannot open "ubi!_0x0þ", error -19 [ 629.718901][ T513] UBIFS error (pid: 513): cannot open "ubi!_0x0þ", error -19 [ 629.754581][ T481] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 629.789938][ T481] CPU: 0 PID: 481 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 629.811433][ T481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.822092][ T481] Call Trace: [ 629.825484][ T481] dump_stack+0x172/0x1f0 [ 629.829925][ T481] dump_header+0x10f/0xb6c [ 629.836706][ T481] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 629.842513][ T481] ? ___ratelimit+0x60/0x595 [ 629.847120][ T481] ? do_raw_spin_unlock+0x57/0x270 [ 629.852322][ T481] oom_kill_process.cold+0x10/0x15 [ 629.857448][ T481] out_of_memory+0x79a/0x1280 [ 629.862701][ T481] ? lock_downgrade+0x880/0x880 [ 629.870154][ T481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 629.877512][ T481] ? oom_killer_disable+0x280/0x280 [ 629.883491][ T481] ? find_held_lock+0x35/0x130 [ 629.888273][ T481] mem_cgroup_out_of_memory+0x1ca/0x230 [ 629.894325][ T481] ? memcg_event_wake+0x230/0x230 [ 629.899380][ T481] ? do_raw_spin_unlock+0x57/0x270 [ 629.906518][ T481] ? _raw_spin_unlock+0x2d/0x50 [ 629.911584][ T481] try_charge+0x118d/0x1790 [ 629.916200][ T481] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 629.921738][ T481] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 629.927512][ T481] ? find_held_lock+0x35/0x130 [ 629.932314][ T481] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 629.938901][ T481] __memcg_kmem_charge_memcg+0x7c/0x130 [ 629.944701][ T481] ? memcg_kmem_put_cache+0xb0/0xb0 [ 629.951854][ T481] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 629.957605][ T481] __memcg_kmem_charge+0x136/0x300 [ 629.964456][ T481] __alloc_pages_nodemask+0x437/0x7e0 [ 629.971850][ T481] ? __alloc_pages_slowpath+0x2900/0x2900 [ 629.977760][ T481] ? ___might_sleep+0x163/0x280 [ 629.989176][ T481] ? copyin+0xb5/0x100 [ 629.994582][ T481] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 630.008923][ T481] alloc_pages_current+0x107/0x210 [ 630.016797][ T481] pipe_write+0x659/0xf30 [ 630.021225][ T481] new_sync_write+0x4c7/0x760 [ 630.025919][ T481] ? default_llseek+0x2e0/0x2e0 [ 630.038299][ T481] ? common_file_perm+0x238/0x720 [ 630.047686][ T481] ? __fget+0x381/0x550 [ 630.052062][ T481] ? apparmor_file_permission+0x25/0x30 [ 630.057641][ T481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 630.063902][ T481] ? security_file_permission+0x94/0x380 [ 630.069541][ T481] __vfs_write+0xe4/0x110 [ 630.074047][ T481] vfs_write+0x20c/0x580 [ 630.078390][ T481] ksys_write+0xea/0x1f0 [ 630.082916][ T481] ? __ia32_sys_read+0xb0/0xb0 [ 630.088804][ T481] ? do_syscall_64+0x26/0x610 [ 630.093566][ T481] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.100243][ T481] ? do_syscall_64+0x26/0x610 [ 630.112822][ T481] __x64_sys_write+0x73/0xb0 [ 630.119050][ T481] do_syscall_64+0x103/0x610 [ 630.124091][ T481] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.130231][ T481] RIP: 0033:0x457f29 [ 630.134122][ T481] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 630.154577][ T481] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 630.163361][ T481] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 630.171855][ T481] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 630.179820][ T481] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 630.188055][ T481] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 630.196411][ T481] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 630.205917][ T481] memory: usage 307200kB, limit 307200kB, failcnt 5026 [ 630.213280][ T481] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 630.220984][ T481] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 630.229942][ T481] Memory cgroup stats for /syz2: cache:52KB rss:288756KB rss_huge:249856KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276836KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 630.266919][ T481] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=28846,uid=0 [ 630.300741][ T481] Memory cgroup out of memory: Killed process 28846 (syz-executor.2) total-vm:72708kB, anon-rss:12460kB, file-rss:35800kB, shmem-rss:0kB 09:00:51 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd000, 0x0, 0x0, 0x0, 0x0) 09:00:51 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:51 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 630.407581][ T529] UBIFS error (pid: 529): cannot open "ubi!_0x0", error -19 [ 630.426178][ T529] UBIFS error (pid: 529): cannot open "ubi!_0x0", error -19 [ 630.426220][ T535] UBIFS error (pid: 535): cannot open "ubi!_0x0", error -19 [ 630.442379][ T528] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:51 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 630.541058][ T535] UBIFS error (pid: 535): cannot open "ubi!_0x0", error -19 [ 630.579189][ T547] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 630.604713][ T552] UBIFS error (pid: 552): cannot open "ubi!_0x0ÿ", error -19 [ 630.626853][ T552] UBIFS error (pid: 552): cannot open "ubi!_0x0ÿ", error -19 [ 630.649745][ T561] UBIFS error (pid: 561): cannot open "ubi!_0x0", error -19 [ 630.658250][ T531] XFS (loop0): Invalid superblock magic number [ 630.710761][ T565] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 630.728357][ T565] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 630.745343][ T568] UBIFS error (pid: 568): cannot open "ubi!_0x0", error -19 [ 630.746070][ T568] UBIFS error (pid: 568): cannot open "ubi!_0x0", error -19 [ 630.756876][ T561] UBIFS error (pid: 561): cannot open "ubi!_0x0", error -19 [ 630.964628][ T571] XFS (loop0): Invalid superblock magic number [ 631.085355][ T534] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 631.098412][ T534] CPU: 1 PID: 534 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 631.107055][ T534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.117100][ T534] Call Trace: [ 631.120408][ T534] dump_stack+0x172/0x1f0 [ 631.128649][ T534] dump_header+0x10f/0xb6c [ 631.133254][ T534] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 631.139163][ T534] ? ___ratelimit+0x60/0x595 [ 631.143753][ T534] ? do_raw_spin_unlock+0x57/0x270 [ 631.148871][ T534] oom_kill_process.cold+0x10/0x15 [ 631.154000][ T534] out_of_memory+0x79a/0x1280 [ 631.158775][ T534] ? lock_downgrade+0x880/0x880 [ 631.163675][ T534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.170025][ T534] ? oom_killer_disable+0x280/0x280 [ 631.175241][ T534] ? find_held_lock+0x35/0x130 [ 631.180022][ T534] mem_cgroup_out_of_memory+0x1ca/0x230 [ 631.181297][ C0] net_ratelimit: 18 callbacks suppressed [ 631.181336][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 631.185750][ T534] ? memcg_event_wake+0x230/0x230 [ 631.185774][ T534] ? do_raw_spin_unlock+0x57/0x270 [ 631.191532][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 631.197196][ T534] ? _raw_spin_unlock+0x2d/0x50 [ 631.202302][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 631.207314][ T534] try_charge+0x118d/0x1790 [ 631.213088][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 631.218750][ T534] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 631.343076][ T534] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 631.356382][ T534] ? find_held_lock+0x35/0x130 [ 631.388688][ T534] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 631.405268][ T534] __memcg_kmem_charge_memcg+0x7c/0x130 [ 631.454776][ T534] ? memcg_kmem_put_cache+0xb0/0xb0 [ 631.542788][ T534] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 631.631944][ T534] __memcg_kmem_charge+0x136/0x300 [ 631.739066][ T534] __alloc_pages_nodemask+0x437/0x7e0 [ 631.761720][ T534] ? __alloc_pages_slowpath+0x2900/0x2900 [ 631.769565][ T534] ? copy_page_from_iter+0x434/0x7d0 [ 631.775793][ T534] ? copy_page_from_iter+0x5b0/0x7d0 [ 631.786186][ T534] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 631.805173][ T534] alloc_pages_current+0x107/0x210 [ 631.811624][ T534] pipe_write+0x659/0xf30 [ 631.825827][ T534] new_sync_write+0x4c7/0x760 [ 631.836797][ T534] ? default_llseek+0x2e0/0x2e0 [ 631.852484][ T534] ? common_file_perm+0x238/0x720 [ 631.862484][ T534] ? __fget+0x381/0x550 [ 631.877569][ T534] ? apparmor_file_permission+0x25/0x30 [ 631.896270][ T534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.915182][ T534] ? security_file_permission+0x94/0x380 [ 631.942677][ T534] __vfs_write+0xe4/0x110 [ 631.956663][ T534] vfs_write+0x20c/0x580 [ 631.968422][ T534] ksys_write+0xea/0x1f0 [ 631.988874][ T534] ? __ia32_sys_read+0xb0/0xb0 [ 632.000596][ T534] ? do_syscall_64+0x26/0x610 [ 632.020359][ T534] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 632.045886][ T534] ? do_syscall_64+0x26/0x610 [ 632.058375][ T534] __x64_sys_write+0x73/0xb0 [ 632.072181][ T534] do_syscall_64+0x103/0x610 [ 632.079254][ T534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 632.094334][ T534] RIP: 0033:0x457f29 [ 632.101269][ T534] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 632.126881][ T534] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 632.153286][ T534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 632.162424][ T534] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 632.170993][ T534] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 632.181127][ T534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 632.193846][ T534] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 632.206598][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 632.215410][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 632.222223][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 632.228220][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 632.238556][ C1] protocol 88fb is buggy, dev hsr_slave_0 09:00:53 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd003, 0x0, 0x0, 0x0, 0x0) 09:00:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:53 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:53 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 632.244377][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 632.252598][ T534] memory: usage 307072kB, limit 307200kB, failcnt 5101 [ 632.275180][ T534] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 632.298315][ T534] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 632.310859][ T587] UBIFS error (pid: 587): cannot open "ubi!_0x0", error -19 [ 632.316440][ T585] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 632.322369][ T589] UBIFS error (pid: 589): cannot open "ubi!_0x0", error -19 [ 632.331424][ T534] Memory cgroup stats for [ 632.333782][ T587] UBIFS error (pid: 587): cannot open "ubi!_0x0", error -19 [ 632.356567][ T534] /syz2: cache:52KB rss:288620KB rss_huge:247808KB shmem:132KB [ 632.366364][ T589] UBIFS error (pid: 589): cannot open "ubi!_0x0", error -19 [ 632.371009][ T534] mapped_file:132KB [ 632.390401][ T534] dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276724KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 632.447561][ T534] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=481,uid=0 [ 632.467954][ T534] Memory cgroup out of memory: Killed process 481 (syz-executor.2) total-vm:72708kB, anon-rss:14508kB, file-rss:35796kB, shmem-rss:0kB [ 632.492483][ T593] XFS (loop0): Invalid superblock magic number 09:00:53 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:53 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:53 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:53 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 632.561844][ T607] UBIFS error (pid: 607): cannot open "ubi!_0x0", error -19 [ 632.563283][ T610] UBIFS error (pid: 610): cannot open "ubi!_0x0", error -19 [ 632.565233][ T607] UBIFS error (pid: 607): cannot open "ubi!_0x0", error -19 09:00:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 632.574682][ T610] UBIFS error (pid: 610): cannot open "ubi!_0x0", error -19 [ 632.651799][ T619] UBIFS error (pid: 619): cannot open "ubi!_0x0", error -19 [ 632.652356][ T619] UBIFS error (pid: 619): cannot open "ubi!_0x0", error -19 09:00:53 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd203, 0x0, 0x0, 0x0, 0x0) 09:00:53 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:53 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 632.783527][ T638] __nla_parse: 3 callbacks suppressed [ 632.783539][ T638] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 632.786032][ T637] UBIFS error (pid: 637): cannot open "ubi!_0x0", error -19 [ 632.788640][ T639] UBIFS error (pid: 639): cannot open "ubi!_0x0", error -19 [ 632.807309][ T637] UBIFS error (pid: 637): cannot open "ubi!_0x0", error -19 09:00:53 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 632.848014][ T639] UBIFS error (pid: 639): cannot open "ubi!_0x0", error -19 [ 632.903009][ T648] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:53 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:53 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 632.942411][ T648] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 632.988385][ T657] UBIFS error (pid: 657): cannot open "ubi!_0x0", error -19 [ 632.990853][ T657] UBIFS error (pid: 657): cannot open "ubi!_0x0", error -19 09:00:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 633.019601][ T664] UBIFS error (pid: 664): cannot open "ubi!_0x0", error -19 [ 633.059233][ T664] UBIFS error (pid: 664): cannot open "ubi!_0x0", error -19 [ 633.074203][ T671] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 633.091794][ T645] XFS (loop0): Invalid superblock magic number [ 633.211026][ T667] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 633.224168][ T667] CPU: 1 PID: 667 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 633.234825][ T667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 633.256520][ T667] Call Trace: [ 633.259830][ T667] dump_stack+0x172/0x1f0 [ 633.264658][ T667] dump_header+0x10f/0xb6c [ 633.277495][ T667] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 633.292317][ T667] ? ___ratelimit+0x60/0x595 [ 633.297747][ T667] ? do_raw_spin_unlock+0x57/0x270 [ 633.302843][ T667] oom_kill_process.cold+0x10/0x15 [ 633.307952][ T667] out_of_memory+0x79a/0x1280 [ 633.312616][ T667] ? lock_downgrade+0x880/0x880 [ 633.317464][ T667] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 633.324096][ T667] ? oom_killer_disable+0x280/0x280 [ 633.329281][ T667] ? find_held_lock+0x35/0x130 [ 633.334056][ T667] mem_cgroup_out_of_memory+0x1ca/0x230 [ 633.339677][ T667] ? memcg_event_wake+0x230/0x230 [ 633.344692][ T667] ? do_raw_spin_unlock+0x57/0x270 [ 633.349791][ T667] ? _raw_spin_unlock+0x2d/0x50 [ 633.354636][ T667] try_charge+0x118d/0x1790 [ 633.359214][ T667] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 633.364746][ T667] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 633.370279][ T667] ? find_held_lock+0x35/0x130 [ 633.375386][ T667] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 633.380935][ T667] __memcg_kmem_charge_memcg+0x7c/0x130 [ 633.386464][ T667] ? memcg_kmem_put_cache+0xb0/0xb0 [ 633.391658][ T667] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 633.397193][ T667] __memcg_kmem_charge+0x136/0x300 [ 633.402307][ T667] __alloc_pages_nodemask+0x437/0x7e0 [ 633.407677][ T667] ? __alloc_pages_slowpath+0x2900/0x2900 [ 633.413469][ T667] ? ___might_sleep+0x163/0x280 [ 633.418309][ T667] ? copyin+0xb5/0x100 [ 633.422369][ T667] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 633.428602][ T667] alloc_pages_current+0x107/0x210 [ 633.433703][ T667] pipe_write+0x659/0xf30 [ 633.438041][ T667] new_sync_write+0x4c7/0x760 [ 633.442704][ T667] ? default_llseek+0x2e0/0x2e0 [ 633.447544][ T667] ? common_file_perm+0x238/0x720 [ 633.452565][ T667] ? __fget+0x381/0x550 [ 633.456719][ T667] ? apparmor_file_permission+0x25/0x30 [ 633.462340][ T667] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 633.468580][ T667] ? security_file_permission+0x94/0x380 [ 633.474204][ T667] __vfs_write+0xe4/0x110 [ 633.478557][ T667] vfs_write+0x20c/0x580 [ 633.482798][ T667] ksys_write+0xea/0x1f0 [ 633.487125][ T667] ? __ia32_sys_read+0xb0/0xb0 [ 633.491875][ T667] ? do_syscall_64+0x26/0x610 [ 633.496544][ T667] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 633.502598][ T667] ? do_syscall_64+0x26/0x610 [ 633.507262][ T667] __x64_sys_write+0x73/0xb0 [ 633.511838][ T667] do_syscall_64+0x103/0x610 [ 633.516500][ T667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 633.522373][ T667] RIP: 0033:0x457f29 [ 633.526252][ T667] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 633.545841][ T667] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 633.554328][ T667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 633.562457][ T667] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 633.570427][ T667] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 633.578382][ T667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 633.586346][ T667] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 633.596158][ T667] memory: usage 307200kB, limit 307200kB, failcnt 5146 [ 633.608821][ T667] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 633.625519][ T667] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 633.633343][ T667] Memory cgroup stats for /syz2: cache:52KB rss:288568KB rss_huge:249856KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276708KB inactive_file:8KB active_file:0KB unevictable:2048KB 09:00:54 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd402, 0x0, 0x0, 0x0, 0x0) 09:00:54 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:54 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:54 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 633.658060][ T667] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=625,uid=0 [ 633.675027][ T667] Memory cgroup out of memory: Killed process 625 (syz-executor.2) total-vm:72708kB, anon-rss:16556kB, file-rss:35800kB, shmem-rss:0kB [ 633.700511][ T1044] oom_reaper: reaped process 625 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 633.756352][ T691] UBIFS error (pid: 691): cannot open "ubi!_0x0", error -19 [ 633.758500][ T691] UBIFS error (pid: 691): cannot open "ubi!_0x0", error -19 [ 633.769768][ T692] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 633.793638][ T693] UBIFS error (pid: 693): cannot open "ubi!_0x0", error -19 09:00:54 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:54 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 633.795547][ T693] UBIFS error (pid: 693): cannot open "ubi!_0x0", error -19 09:00:54 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 633.835307][ T697] UBIFS error (pid: 697): cannot open "ubi!_0x0", error -19 [ 633.835975][ T697] UBIFS error (pid: 697): cannot open "ubi!_0x0", error -19 09:00:54 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:54 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:54 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 633.985632][ T699] XFS (loop0): Invalid superblock magic number [ 634.000031][ T722] UBIFS error (pid: 722): cannot open "ubi!_0x0", error -19 [ 634.006210][ T724] UBIFS error (pid: 724): cannot open "ubi!_0x0", error -19 [ 634.008732][ T722] UBIFS error (pid: 722): cannot open "ubi!_0x0", error -19 [ 634.040461][ T724] UBIFS error (pid: 724): cannot open "ubi!_0x0", error -19 [ 634.048591][ T729] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 634.153138][ T718] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 634.169997][ T718] CPU: 1 PID: 718 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 634.178546][ T718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 634.188653][ T718] Call Trace: [ 634.192037][ T718] dump_stack+0x172/0x1f0 [ 634.196688][ T718] dump_header+0x10f/0xb6c [ 634.201126][ T718] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 634.207011][ T718] ? ___ratelimit+0x60/0x595 [ 634.211598][ T718] ? do_raw_spin_unlock+0x57/0x270 [ 634.216694][ T718] oom_kill_process.cold+0x10/0x15 [ 634.222040][ T718] out_of_memory+0x79a/0x1280 [ 634.226718][ T718] ? lock_downgrade+0x880/0x880 [ 634.231565][ T718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.237964][ T718] ? oom_killer_disable+0x280/0x280 [ 634.243145][ T718] ? find_held_lock+0x35/0x130 [ 634.248342][ T718] mem_cgroup_out_of_memory+0x1ca/0x230 [ 634.253977][ T718] ? memcg_event_wake+0x230/0x230 [ 634.259585][ T718] ? do_raw_spin_unlock+0x57/0x270 [ 634.264771][ T718] ? _raw_spin_unlock+0x2d/0x50 [ 634.269698][ T718] try_charge+0x118d/0x1790 [ 634.274194][ T718] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 634.279758][ T718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.286084][ T718] ? kasan_check_read+0x11/0x20 [ 634.290958][ T718] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 634.296510][ T718] mem_cgroup_try_charge+0x24d/0x5e0 [ 634.301815][ T718] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 634.307441][ T718] wp_page_copy+0x408/0x1740 [ 634.312013][ T718] ? find_held_lock+0x35/0x130 [ 634.316787][ T718] ? pmd_pfn+0x1d0/0x1d0 [ 634.321017][ T718] ? lock_downgrade+0x880/0x880 [ 634.325854][ T718] ? __pte_alloc_kernel+0x220/0x220 [ 634.331064][ T718] ? kasan_check_read+0x11/0x20 [ 634.335908][ T718] ? do_raw_spin_unlock+0x57/0x270 [ 634.341009][ T718] do_wp_page+0x5d8/0x16c0 [ 634.345416][ T718] ? do_raw_spin_lock+0x12a/0x2e0 [ 634.350428][ T718] ? rwlock_bug.part.0+0x90/0x90 [ 634.355481][ T718] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 634.360835][ T718] ? add_mm_counter_fast.part.0+0x40/0x40 [ 634.366662][ T718] __handle_mm_fault+0x22e8/0x3ec0 [ 634.371758][ T718] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 634.377294][ T718] ? find_held_lock+0x35/0x130 [ 634.382037][ T718] ? handle_mm_fault+0x322/0xb30 [ 634.386966][ T718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.393196][ T718] ? kasan_check_read+0x11/0x20 [ 634.398062][ T718] handle_mm_fault+0x43f/0xb30 [ 634.402976][ T718] __do_page_fault+0x5ef/0xda0 [ 634.407730][ T718] do_page_fault+0x71/0x581 [ 634.412218][ T718] page_fault+0x1e/0x30 [ 634.416379][ T718] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 634.422977][ T718] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 634.442663][ T718] RSP: 0018:ffff88805623fab8 EFLAGS: 00010206 [ 634.448749][ T718] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 634.456720][ T718] RDX: 0000000000001000 RSI: ffff888094cdcb00 RDI: 00000000207c2000 [ 634.464698][ T718] RBP: ffff88805623faf0 R08: ffffed101299ba00 R09: 0000000000000000 [ 634.472739][ T718] R10: ffffed101299b9ff R11: ffff888094cdcfff R12: 00000000207c1500 [ 634.480725][ T718] R13: ffff888094cdc000 R14: 00000000207c2500 R15: 00007ffffffff000 [ 634.488830][ T718] ? copyout+0xe2/0x100 [ 634.492994][ T718] copy_page_to_iter+0x3b6/0xd60 [ 634.497916][ T718] ? kill_fasync+0x323/0x4a0 [ 634.502495][ T718] pipe_to_user+0xb4/0x170 [ 634.506909][ T718] ? anon_pipe_buf_release+0x1c6/0x270 [ 634.512385][ T718] __splice_from_pipe+0x395/0x7d0 [ 634.517395][ T718] ? iter_to_pipe+0x560/0x560 [ 634.522409][ T718] do_vmsplice.part.0+0x249/0x2b0 [ 634.527449][ T718] ? do_tee+0x850/0x850 [ 634.531583][ T718] ? import_iovec+0x12e/0x200 [ 634.536273][ T718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.542497][ T718] __do_sys_vmsplice+0x1b9/0x210 [ 634.547864][ T718] ? vmsplice_type.isra.0+0x160/0x160 [ 634.553227][ T718] ? kasan_check_read+0x11/0x20 [ 634.558190][ T718] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 634.564569][ T718] ? put_timespec64+0xda/0x140 [ 634.569449][ T718] ? nsecs_to_jiffies+0x30/0x30 [ 634.574295][ T718] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 634.579746][ T718] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 634.585194][ T718] ? do_syscall_64+0x26/0x610 [ 634.589900][ T718] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 634.595950][ T718] ? do_syscall_64+0x26/0x610 [ 634.600723][ T718] __x64_sys_vmsplice+0x97/0xf0 [ 634.605589][ T718] do_syscall_64+0x103/0x610 [ 634.610182][ T718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 634.616087][ T718] RIP: 0033:0x457f29 [ 634.636485][ T718] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 634.658883][ T718] RSP: 002b:00007f975b212c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 634.658899][ T718] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 634.658906][ T718] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006 [ 634.658914][ T718] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 634.658931][ T718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2136d4 [ 634.678357][ T718] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 634.689285][ T718] memory: usage 307200kB, limit 307200kB, failcnt 5189 [ 634.729128][ T718] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 634.741872][ T718] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 634.749538][ T718] Memory cgroup stats for /syz2: cache:52KB rss:288416KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276648KB inactive_file:0KB active_file:4KB unevictable:2048KB [ 634.776105][ T718] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=667,uid=0 [ 634.791402][ T718] Memory cgroup out of memory: Killed process 667 (syz-executor.2) total-vm:72708kB, anon-rss:16556kB, file-rss:35796kB, shmem-rss:0kB [ 634.813990][ T1044] oom_reaper: reaped process 667 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 09:00:55 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xdc03, 0x0, 0x0, 0x0, 0x0) 09:00:55 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:55 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:55 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 634.888573][ T741] UBIFS error (pid: 741): cannot open "ubi!_0x0", error -19 [ 634.893979][ T743] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 634.918327][ T741] UBIFS error (pid: 741): cannot open "ubi!_0x0", error -19 09:00:55 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 634.924014][ T748] UBIFS error (pid: 748): cannot open "ubi!_0x0", error -19 [ 634.955248][ T748] UBIFS error (pid: 748): cannot open "ubi!_0x0", error -19 [ 634.969848][ T756] UBIFS error (pid: 756): cannot open "ubi!_0x0", error -19 09:00:55 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:55 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 634.972310][ T756] UBIFS error (pid: 756): cannot open "ubi!_0x0", error -19 [ 635.057058][ T768] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:00:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 635.096711][ T750] XFS (loop0): Invalid superblock magic number [ 635.100429][ T775] UBIFS error (pid: 775): cannot open "ubi!_0x0", error -19 [ 635.100910][ T775] UBIFS error (pid: 775): cannot open "ubi!_0x0", error -19 [ 635.111661][ T776] UBIFS error (pid: 776): cannot open "ubi!_0x0", error -19 [ 635.171076][ T776] UBIFS error (pid: 776): cannot open "ubi!_0x0", error -19 09:00:56 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe403, 0x0, 0x0, 0x0, 0x0) 09:00:56 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:56 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 635.539571][ T796] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 635.546416][ T799] UBIFS error (pid: 799): cannot open "ubi!_0x0", error -19 [ 635.546897][ T799] UBIFS error (pid: 799): cannot open "ubi!_0x0", error -19 [ 635.559276][ T800] UBIFS error (pid: 800): cannot open "ubi!_0x0", error -19 [ 635.595488][ T800] UBIFS error (pid: 800): cannot open "ubi!_0x0", error -19 09:00:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:56 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:56 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:56 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 635.716606][ T805] XFS (loop0): Invalid superblock magic number [ 635.772753][ T819] UBIFS error (pid: 819): cannot open "ubi!_0x0", error -19 [ 635.773276][ T819] UBIFS error (pid: 819): cannot open "ubi!_0x0", error -19 [ 635.786035][ T817] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 635.809334][ T823] UBIFS error (pid: 823): cannot open "ubi!_0x0", error -19 09:00:56 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:56 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 635.809876][ T823] UBIFS error (pid: 823): cannot open "ubi!_0x0", error -19 [ 635.901075][ T832] UBIFS error (pid: 832): cannot open "ubi!_0x0", error -19 [ 635.912221][ T832] UBIFS error (pid: 832): cannot open "ubi!_0x0", error -19 [ 635.943934][ T834] UBIFS error (pid: 834): cannot open "ubi!_0x0", error -19 [ 635.945120][ T834] UBIFS error (pid: 834): cannot open "ubi!_0x0", error -19 09:00:56 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe801, 0x0, 0x0, 0x0, 0x0) 09:00:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:56 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:56 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 636.121106][ T853] UBIFS error (pid: 853): cannot open "ubi!_0x0", error -19 [ 636.122549][ T853] UBIFS error (pid: 853): cannot open "ubi!_0x0", error -19 [ 636.129618][ T855] UBIFS error (pid: 855): cannot open "ubi!_0x0ÿ", error -19 [ 636.155175][ T828] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 636.188061][ T828] CPU: 1 PID: 828 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 636.196624][ T828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 636.206862][ T828] Call Trace: [ 636.210346][ T828] dump_stack+0x172/0x1f0 [ 636.214774][ T828] dump_header+0x10f/0xb6c [ 636.214801][ T828] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 636.214821][ T828] ? ___ratelimit+0x60/0x595 [ 636.225044][ T828] ? do_raw_spin_unlock+0x57/0x270 09:00:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 636.225060][ T828] oom_kill_process.cold+0x10/0x15 [ 636.225073][ T828] out_of_memory+0x79a/0x1280 [ 636.225086][ T828] ? lock_downgrade+0x880/0x880 [ 636.225102][ T828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 636.225116][ T828] ? oom_killer_disable+0x280/0x280 [ 636.225132][ T828] ? find_held_lock+0x35/0x130 09:00:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 636.245074][ T855] UBIFS error (pid: 855): cannot open "ubi!_0x0ÿ", error -19 [ 636.285743][ T828] mem_cgroup_out_of_memory+0x1ca/0x230 [ 636.301362][ T828] ? memcg_event_wake+0x230/0x230 [ 636.306619][ T828] ? do_raw_spin_unlock+0x57/0x270 [ 636.315215][ T828] ? _raw_spin_unlock+0x2d/0x50 [ 636.315234][ T828] try_charge+0x118d/0x1790 [ 636.315254][ T828] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 09:00:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 636.315500][ T828] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 636.315522][ T828] ? find_held_lock+0x35/0x130 [ 636.336738][ T828] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 636.336766][ T828] __memcg_kmem_charge_memcg+0x7c/0x130 [ 636.336796][ T828] ? memcg_kmem_put_cache+0xb0/0xb0 [ 636.369215][ T828] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 636.378307][ T828] __memcg_kmem_charge+0x136/0x300 [ 636.383540][ T828] __alloc_pages_nodemask+0x437/0x7e0 [ 636.388942][ T828] ? __alloc_pages_slowpath+0x2900/0x2900 [ 636.394682][ T828] ? ___might_sleep+0x163/0x280 [ 636.399551][ T828] ? copyin+0xb5/0x100 [ 636.403638][ T828] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 636.409904][ T828] alloc_pages_current+0x107/0x210 [ 636.415123][ T828] pipe_write+0x659/0xf30 [ 636.419483][ T828] new_sync_write+0x4c7/0x760 [ 636.424351][ T828] ? default_llseek+0x2e0/0x2e0 [ 636.429220][ T828] ? common_file_perm+0x238/0x720 [ 636.434601][ T828] ? __fget+0x381/0x550 [ 636.438776][ T828] ? apparmor_file_permission+0x25/0x30 [ 636.444345][ T828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 636.450601][ T828] ? security_file_permission+0x94/0x380 [ 636.456242][ T828] __vfs_write+0xe4/0x110 [ 636.460569][ T828] vfs_write+0x20c/0x580 [ 636.465623][ T828] ksys_write+0xea/0x1f0 [ 636.469962][ T828] ? __ia32_sys_read+0xb0/0xb0 [ 636.474731][ T828] ? do_syscall_64+0x26/0x610 [ 636.479588][ T828] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 636.485743][ T828] ? do_syscall_64+0x26/0x610 [ 636.490411][ T828] __x64_sys_write+0x73/0xb0 [ 636.495028][ T828] do_syscall_64+0x103/0x610 [ 636.499619][ T828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 636.505704][ T828] RIP: 0033:0x457f29 [ 636.509693][ T828] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 636.512518][ T864] XFS (loop0): Invalid superblock magic number [ 636.529295][ T828] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 636.529309][ T828] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 636.529316][ T828] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 636.529322][ T828] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 636.529328][ T828] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 636.529334][ T828] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 636.538871][ T828] memory: usage 307200kB, limit 307200kB, failcnt 5258 [ 636.553605][ T828] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 636.577652][ T828] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 636.607234][ T828] Memory cgroup stats for /syz2: cache:52KB rss:288284KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276584KB inactive_file:4KB active_file:0KB unevictable:2048KB 09:00:57 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:57 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:57 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 636.630307][ T828] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=825,uid=0 [ 636.646459][ T828] Memory cgroup out of memory: Killed process 825 (syz-executor.2) total-vm:72708kB, anon-rss:16328kB, file-rss:35796kB, shmem-rss:0kB [ 636.673396][ T1044] oom_reaper: reaped process 825 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 636.701262][ C1] net_ratelimit: 18 callbacks suppressed [ 636.701271][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 636.712972][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 636.721285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 636.727075][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 636.732980][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 636.734318][ T887] UBIFS error (pid: 887): cannot open "ubi!_0x0", error -19 [ 636.734982][ T887] UBIFS error (pid: 887): cannot open "ubi!_0x0", error -19 [ 636.738744][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 636.738847][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 636.765570][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 636.965844][ T890] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 636.978837][ T890] CPU: 0 PID: 890 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 636.987617][ T890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 636.998283][ T890] Call Trace: [ 637.001586][ T890] dump_stack+0x172/0x1f0 [ 637.006009][ T890] dump_header+0x10f/0xb6c [ 637.011226][ T890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 637.017223][ T890] ? ___ratelimit+0x60/0x595 [ 637.022620][ T890] ? do_raw_spin_unlock+0x57/0x270 [ 637.028029][ T890] oom_kill_process.cold+0x10/0x15 [ 637.033159][ T890] out_of_memory+0x79a/0x1280 [ 637.037941][ T890] ? lock_downgrade+0x880/0x880 [ 637.042991][ T890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 637.055017][ T890] ? oom_killer_disable+0x280/0x280 [ 637.060873][ T890] ? find_held_lock+0x35/0x130 [ 637.065664][ T890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 637.071449][ T890] ? memcg_event_wake+0x230/0x230 [ 637.076489][ T890] ? do_raw_spin_unlock+0x57/0x270 [ 637.081708][ T890] ? _raw_spin_unlock+0x2d/0x50 [ 637.087421][ T890] try_charge+0x118d/0x1790 [ 637.092139][ T890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 637.097975][ T890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 637.103513][ T890] ? find_held_lock+0x35/0x130 [ 637.108269][ T890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 637.113822][ T890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 637.119647][ T890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 637.125009][ T890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 637.130630][ T890] __memcg_kmem_charge+0x136/0x300 [ 637.135782][ T890] __alloc_pages_nodemask+0x437/0x7e0 [ 637.141180][ T890] ? __alloc_pages_slowpath+0x2900/0x2900 [ 637.147556][ T890] ? ___might_sleep+0x163/0x280 [ 637.152704][ T890] ? copyin+0xb5/0x100 [ 637.156789][ T890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 637.163042][ T890] alloc_pages_current+0x107/0x210 [ 637.168339][ T890] pipe_write+0x659/0xf30 [ 637.172878][ T890] new_sync_write+0x4c7/0x760 [ 637.177579][ T890] ? default_llseek+0x2e0/0x2e0 [ 637.182456][ T890] ? common_file_perm+0x238/0x720 [ 637.187496][ T890] ? __fget+0x381/0x550 [ 637.191988][ T890] ? apparmor_file_permission+0x25/0x30 [ 637.197531][ T890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 637.203783][ T890] ? security_file_permission+0x94/0x380 [ 637.214780][ T890] __vfs_write+0xe4/0x110 [ 637.219848][ T890] vfs_write+0x20c/0x580 [ 637.224175][ T890] ksys_write+0xea/0x1f0 [ 637.228413][ T890] ? __ia32_sys_read+0xb0/0xb0 [ 637.233182][ T890] ? do_syscall_64+0x26/0x610 [ 637.237857][ T890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 637.243910][ T890] ? do_syscall_64+0x26/0x610 [ 637.248694][ T890] __x64_sys_write+0x73/0xb0 [ 637.253315][ T890] do_syscall_64+0x103/0x610 [ 637.257974][ T890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 637.264091][ T890] RIP: 0033:0x457f29 [ 637.268252][ T890] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 637.288470][ T890] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 637.299174][ T890] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 637.307786][ T890] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 637.315764][ T890] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 637.323837][ T890] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 637.332414][ T890] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 637.344541][ T890] memory: usage 307156kB, limit 307200kB, failcnt 5300 [ 637.351826][ T890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 637.359780][ T890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 637.367300][ T890] Memory cgroup stats for /syz2: cache:52KB rss:288408KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276576KB inactive_file:8KB active_file:0KB unevictable:2048KB [ 637.392465][ T890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=888,uid=0 [ 637.409271][ T890] Memory cgroup out of memory: Killed process 888 (syz-executor.2) total-vm:72576kB, anon-rss:16268kB, file-rss:34816kB, shmem-rss:0kB [ 637.432557][ T1044] oom_reaper: reaped process 888 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 09:00:58 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe803, 0x0, 0x0, 0x0, 0x0) 09:00:58 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:58 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:58 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 637.529271][ T916] UBIFS error (pid: 916): cannot open "ubi!_0x0", error -19 [ 637.531157][ T916] UBIFS error (pid: 916): cannot open "ubi!_0x0", error -19 [ 637.548611][ T920] UBIFS error (pid: 920): cannot open "ubi!_0x0ÿ", error -19 [ 637.549757][ T920] UBIFS error (pid: 920): cannot open "ubi!_0x0ÿ", error -19 09:00:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:58 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:58 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 637.717055][ T940] UBIFS error (pid: 940): cannot open "ubi!_0x0ÿ", error -19 [ 637.728803][ T940] UBIFS error (pid: 940): cannot open "ubi!_0x0ÿ", error -19 [ 637.741284][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 637.755073][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 637.779255][ T947] UBIFS error (pid: 947): cannot open "ubi!_0x0", error -19 [ 637.782966][ T947] UBIFS error (pid: 947): cannot open "ubi!_0x0", error -19 [ 637.800872][ T928] XFS (loop0): Invalid superblock magic number [ 638.030966][ T953] XFS (loop0): Invalid superblock magic number 09:00:59 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xedc0, 0x0, 0x0, 0x0, 0x0) 09:00:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:59 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:59 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 638.181737][ T968] UBIFS error (pid: 968): cannot open "ubi!_0x0", error -19 [ 638.186258][ T968] UBIFS error (pid: 968): cannot open "ubi!_0x0", error -19 [ 638.197662][ T972] UBIFS error (pid: 972): cannot open "ubi!_0x0ÿ", error -19 [ 638.209103][ T973] __nla_parse: 8 callbacks suppressed [ 638.209113][ T973] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 638.222086][ T972] UBIFS error (pid: 972): cannot open "ubi!_0x0ÿ", error -19 09:00:59 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:00:59 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:59 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 638.333827][ T973] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 638.370304][ T988] UBIFS error (pid: 988): cannot open "ubi!_0x0", error -19 09:00:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:59 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xf9', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 638.370778][ T988] UBIFS error (pid: 988): cannot open "ubi!_0x0", error -19 [ 638.406640][ T996] UBIFS error (pid: 996): cannot open "ubi!_0x0", error -19 [ 638.430830][ T976] XFS (loop0): Invalid superblock magic number 09:00:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 638.432745][ T996] UBIFS error (pid: 996): cannot open "ubi!_0x0", error -19 [ 638.533222][ T1007] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 638.557082][ T1008] UBIFS error (pid: 1008): cannot open "ubi!_0x0ù", error -19 [ 638.565067][ T1008] UBIFS error (pid: 1008): cannot open "ubi!_0x0ù", error -19 [ 638.654579][ T998] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 638.698931][ T998] CPU: 1 PID: 998 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 638.708322][ T998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 638.708329][ T998] Call Trace: [ 638.708355][ T998] dump_stack+0x172/0x1f0 [ 638.708375][ T998] dump_header+0x10f/0xb6c [ 638.708389][ T998] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 638.708408][ T998] ? ___ratelimit+0x60/0x595 [ 638.708432][ T998] ? do_raw_spin_unlock+0x57/0x270 [ 638.723127][ T998] oom_kill_process.cold+0x10/0x15 [ 638.723146][ T998] out_of_memory+0x79a/0x1280 [ 638.723164][ T998] ? lock_downgrade+0x880/0x880 [ 638.723178][ T998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 638.723192][ T998] ? oom_killer_disable+0x280/0x280 [ 638.723202][ T998] ? find_held_lock+0x35/0x130 [ 638.723224][ T998] mem_cgroup_out_of_memory+0x1ca/0x230 [ 638.723243][ T998] ? memcg_event_wake+0x230/0x230 [ 638.789820][ T998] ? do_raw_spin_unlock+0x57/0x270 [ 638.794944][ T998] ? _raw_spin_unlock+0x2d/0x50 [ 638.799950][ T998] try_charge+0x118d/0x1790 [ 638.804460][ T998] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 638.810023][ T998] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 638.815567][ T998] ? find_held_lock+0x35/0x130 [ 638.820430][ T998] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 638.825989][ T998] __memcg_kmem_charge_memcg+0x7c/0x130 [ 638.831547][ T998] ? memcg_kmem_put_cache+0xb0/0xb0 [ 638.836834][ T998] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 638.842830][ T998] __memcg_kmem_charge+0x136/0x300 [ 638.848804][ T998] __alloc_pages_nodemask+0x437/0x7e0 [ 638.854273][ T998] ? __alloc_pages_slowpath+0x2900/0x2900 [ 638.860260][ T998] ? copyin+0xb5/0x100 [ 638.866444][ T998] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 638.873057][ T998] alloc_pages_current+0x107/0x210 [ 638.878445][ T998] pipe_write+0x659/0xf30 [ 638.882785][ T998] new_sync_write+0x4c7/0x760 [ 638.887548][ T998] ? default_llseek+0x2e0/0x2e0 [ 638.892391][ T998] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 638.897835][ T998] ? common_file_perm+0x238/0x720 [ 638.902851][ T998] ? trace_hardirqs_on_caller+0x6a/0x220 [ 638.908502][ T998] ? apparmor_file_permission+0x25/0x30 [ 638.914224][ T998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 638.920569][ T998] ? security_file_permission+0x94/0x380 [ 638.926213][ T998] __vfs_write+0xe4/0x110 [ 638.930539][ T998] vfs_write+0x20c/0x580 [ 638.935819][ T998] ksys_write+0xea/0x1f0 [ 638.940271][ T998] ? __ia32_sys_read+0xb0/0xb0 [ 638.946931][ T998] ? do_syscall_64+0x26/0x610 [ 638.952148][ T998] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 638.958536][ T998] ? do_syscall_64+0x26/0x610 [ 638.963226][ T998] __x64_sys_write+0x73/0xb0 [ 638.967824][ T998] do_syscall_64+0x103/0x610 [ 638.972428][ T998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 638.978474][ T998] RIP: 0033:0x457f29 [ 638.982459][ T998] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 639.003275][ T998] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 639.011700][ T998] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 639.019678][ T998] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 639.028717][ T998] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 639.036878][ T998] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 639.044864][ T998] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 639.055837][ T998] memory: usage 307200kB, limit 307200kB, failcnt 5367 [ 639.068349][ T998] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 639.076183][ T998] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 09:00:59 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xf400, 0x0, 0x0, 0x0, 0x0) 09:00:59 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:00:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:00:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:00:59 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x8c', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 639.083626][ T998] Memory cgroup stats for /syz2: cache:52KB rss:288276KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276436KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 639.123828][ T1021] UBIFS error (pid: 1021): cannot open "ubi!_0x0", error -19 [ 639.124325][ T1021] UBIFS error (pid: 1021): cannot open "ubi!_0x0", error -19 [ 639.135067][ T1022] UBIFS error (pid: 1022): cannot open "ubi!_0x0Œ", error -19 [ 639.141448][ T998] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null) [ 639.153861][ T1022] UBIFS error (pid: 1022): cannot open "ubi!_0x0Œ", error -19 [ 639.157551][ T998] ,cpuset= [ 639.171569][ T1023] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 639.181524][ T998] syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=917,uid=0 09:01:00 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, 0x0, &(0x7f0000000200)) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:00 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:00 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xf6', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 639.197996][ T998] Memory cgroup out of memory: Killed process 917 (syz-executor.2) total-vm:72576kB, anon-rss:15144kB, file-rss:35796kB, shmem-rss:0kB [ 639.220415][ T1044] oom_reaper: reaped process 917 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 09:01:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 639.293088][ T1033] UBIFS error (pid: 1033): cannot open "ubi!_0x0", error -19 [ 639.293744][ T1033] UBIFS error (pid: 1033): cannot open "ubi!_0x0", error -19 [ 639.317282][ T1035] UBIFS error (pid: 1035): cannot open "ubi!_0x0ö", error -19 09:01:00 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:00 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xfe', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 639.345700][ T1035] UBIFS error (pid: 1035): cannot open "ubi!_0x0ö", error -19 [ 639.396759][ T1041] UBIFS error (pid: 1041): cannot open "ubi!_0x0", error -19 [ 639.397243][ T1041] UBIFS error (pid: 1041): cannot open "ubi!_0x0", error -19 [ 639.450403][ T1059] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 639.479377][ T1064] UBIFS error (pid: 1064): cannot open "ubi!_0x0þ", error -19 [ 639.479843][ T1064] UBIFS error (pid: 1064): cannot open "ubi!_0x0þ", error -19 [ 639.515038][ T1032] XFS (loop0): Invalid superblock magic number 09:01:00 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xf403, 0x0, 0x0, 0x0, 0x0) 09:01:00 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:00 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 639.892761][ T1088] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 639.899588][ T1091] UBIFS error (pid: 1091): cannot open "ubi!_0x0", error -19 [ 639.900036][ T1091] UBIFS error (pid: 1091): cannot open "ubi!_0x0", error -19 [ 639.903520][ T1090] UBIFS error (pid: 1090): cannot open "ubi!_0x0", error -19 [ 640.010078][ T1090] UBIFS error (pid: 1090): cannot open "ubi!_0x0", error -19 [ 640.018860][ T1037] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 640.042601][ T1037] CPU: 1 PID: 1037 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 640.051863][ T1037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.062119][ T1037] Call Trace: [ 640.065426][ T1037] dump_stack+0x172/0x1f0 [ 640.069771][ T1037] dump_header+0x10f/0xb6c [ 640.074458][ T1037] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 640.083028][ T1037] ? ___ratelimit+0x60/0x595 [ 640.087614][ T1037] ? do_raw_spin_unlock+0x57/0x270 [ 640.092995][ T1037] oom_kill_process.cold+0x10/0x15 [ 640.099655][ T1037] out_of_memory+0x79a/0x1280 [ 640.104459][ T1037] ? lock_downgrade+0x880/0x880 [ 640.109892][ T1037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 640.116234][ T1037] ? oom_killer_disable+0x280/0x280 [ 640.121551][ T1037] ? find_held_lock+0x35/0x130 [ 640.126404][ T1037] mem_cgroup_out_of_memory+0x1ca/0x230 [ 640.132134][ T1037] ? memcg_event_wake+0x230/0x230 [ 640.137790][ T1037] ? do_raw_spin_unlock+0x57/0x270 [ 640.142897][ T1037] ? _raw_spin_unlock+0x2d/0x50 [ 640.148013][ T1037] try_charge+0x118d/0x1790 [ 640.152779][ T1037] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 640.159528][ T1037] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 640.165420][ T1037] ? find_held_lock+0x35/0x130 [ 640.170170][ T1037] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 640.176521][ T1037] __memcg_kmem_charge_memcg+0x7c/0x130 [ 640.184773][ T1037] ? memcg_kmem_put_cache+0xb0/0xb0 [ 640.189960][ T1037] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 640.201675][ T1037] __memcg_kmem_charge+0x136/0x300 [ 640.210040][ T1037] __alloc_pages_nodemask+0x437/0x7e0 [ 640.220496][ T1037] ? __alloc_pages_slowpath+0x2900/0x2900 [ 640.231664][ T1037] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 640.241840][ T1037] alloc_pages_current+0x107/0x210 [ 640.247380][ T1037] pipe_write+0x659/0xf30 [ 640.259362][ T1037] new_sync_write+0x4c7/0x760 [ 640.278344][ T1037] ? default_llseek+0x2e0/0x2e0 [ 640.294055][ T1037] ? common_file_perm+0x73/0x720 [ 640.304051][ T1037] ? common_file_perm+0x238/0x720 [ 640.317380][ T1037] ? __fget+0x381/0x550 [ 640.345586][ T1037] ? apparmor_file_permission+0x25/0x30 [ 640.353823][ T1037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 640.361790][ T1037] ? security_file_permission+0x94/0x380 [ 640.370374][ T1037] __vfs_write+0xe4/0x110 [ 640.375686][ T1037] vfs_write+0x20c/0x580 [ 640.381174][ T1037] ksys_write+0xea/0x1f0 [ 640.386861][ T1037] ? __ia32_sys_read+0xb0/0xb0 [ 640.393209][ T1037] ? do_syscall_64+0x26/0x610 [ 640.397881][ T1037] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.403933][ T1037] ? do_syscall_64+0x26/0x610 [ 640.408775][ T1037] __x64_sys_write+0x73/0xb0 [ 640.413354][ T1037] do_syscall_64+0x103/0x610 [ 640.418021][ T1037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.425225][ T1037] RIP: 0033:0x457f29 [ 640.429374][ T1037] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 640.449621][ T1037] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 640.458288][ T1037] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 640.466245][ T1037] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 640.474291][ T1037] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 640.482698][ T1037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 640.492634][ T1037] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 640.526495][ T1037] memory: usage 307136kB, limit 307200kB, failcnt 5444 [ 640.536151][ T1037] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 640.543354][ T1096] XFS (loop0): Invalid superblock magic number [ 640.548262][ T1037] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 640.559031][ T1037] Memory cgroup stats for /syz2: cache:52KB rss:288180KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276380KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 640.587250][ T1037] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1036,uid=0 [ 640.607904][ T1037] Memory cgroup out of memory: Killed process 1037 (syz-executor.2) total-vm:72708kB, anon-rss:14744kB, file-rss:35672kB, shmem-rss:0kB 09:01:01 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, 0x0, &(0x7f0000000200)) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:01 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='.bifs\x00', 0x0, 0x0) 09:01:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:01 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\xff', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 640.635532][ T1044] oom_reaper: reaped process 1037 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 640.700810][ T1111] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 640.724253][ T1119] UBIFS error (pid: 1119): cannot open "ubi!_0x0ÿ", error -19 09:01:01 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='/bifs\x00', 0x0, 0x0) [ 640.735824][ T1119] UBIFS error (pid: 1119): cannot open "ubi!_0x0ÿ", error -19 [ 640.743920][ T1111] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 640.874053][ T1137] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:01 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xf803, 0x0, 0x0, 0x0, 0x0) 09:01:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:01 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:01 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ub%fs\x00', 0x0, 0x0) 09:01:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 640.979835][ T1127] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 640.993105][ T1127] CPU: 1 PID: 1127 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 641.001751][ T1127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.013042][ T1127] Call Trace: [ 641.016362][ T1127] dump_stack+0x172/0x1f0 [ 641.020985][ T1127] dump_header+0x10f/0xb6c [ 641.025533][ T1127] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 641.026959][ T1147] UBIFS error (pid: 1147): cannot open "ubi!_0x0", error -19 [ 641.028206][ T1147] UBIFS error (pid: 1147): cannot open "ubi!_0x0", error -19 [ 641.031365][ T1127] ? ___ratelimit+0x60/0x595 [ 641.031386][ T1127] ? do_raw_spin_unlock+0x57/0x270 [ 641.031405][ T1127] oom_kill_process.cold+0x10/0x15 [ 641.031421][ T1127] out_of_memory+0x79a/0x1280 [ 641.031436][ T1127] ? lock_downgrade+0x880/0x880 [ 641.031451][ T1127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 641.031471][ T1127] ? oom_killer_disable+0x280/0x280 [ 641.068442][ T1150] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 641.068901][ T1127] ? find_held_lock+0x35/0x130 [ 641.068933][ T1127] mem_cgroup_out_of_memory+0x1ca/0x230 [ 641.106277][ T1127] ? memcg_event_wake+0x230/0x230 [ 641.111318][ T1127] ? do_raw_spin_unlock+0x57/0x270 [ 641.116427][ T1127] ? _raw_spin_unlock+0x2d/0x50 [ 641.121276][ T1127] try_charge+0x118d/0x1790 [ 641.126040][ T1127] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 641.131591][ T1127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 641.139409][ T1127] ? kasan_check_read+0x11/0x20 [ 641.144376][ T1127] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 641.150717][ T1127] mem_cgroup_try_charge+0x24d/0x5e0 [ 641.159344][ T1127] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 641.166289][ T1127] wp_page_copy+0x408/0x1740 [ 641.174963][ T1127] ? find_held_lock+0x35/0x130 [ 641.179724][ T1127] ? pmd_pfn+0x1d0/0x1d0 [ 641.184130][ T1127] ? lock_downgrade+0x880/0x880 [ 641.189204][ T1127] ? __pte_alloc_kernel+0x220/0x220 [ 641.195100][ T1127] ? kasan_check_read+0x11/0x20 [ 641.200133][ T1127] ? do_raw_spin_unlock+0x57/0x270 [ 641.205246][ T1127] do_wp_page+0x5d8/0x16c0 [ 641.210799][ T1127] ? do_raw_spin_lock+0x12a/0x2e0 [ 641.216284][ T1127] ? rwlock_bug.part.0+0x90/0x90 [ 641.222560][ T1127] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 641.228446][ T1127] ? add_mm_counter_fast.part.0+0x40/0x40 [ 641.234168][ T1127] __handle_mm_fault+0x22e8/0x3ec0 [ 641.239420][ T1127] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 641.244967][ T1127] ? find_held_lock+0x35/0x130 [ 641.249804][ T1127] ? handle_mm_fault+0x322/0xb30 [ 641.254735][ T1127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 641.261235][ T1127] ? kasan_check_read+0x11/0x20 [ 641.266074][ T1127] handle_mm_fault+0x43f/0xb30 [ 641.271088][ T1127] __do_page_fault+0x5ef/0xda0 [ 641.275976][ T1127] do_page_fault+0x71/0x581 [ 641.281522][ T1127] page_fault+0x1e/0x30 [ 641.285828][ T1127] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 641.292425][ T1127] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 641.312685][ T1127] RSP: 0018:ffff888053fd7ab8 EFLAGS: 00010206 [ 641.319026][ T1127] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 641.327331][ T1127] RDX: 0000000000001000 RSI: ffff8880455a9b00 RDI: 0000000020e42000 [ 641.335315][ T1127] RBP: ffff888053fd7af0 R08: ffffed1008ab5400 R09: 0000000000000000 [ 641.343300][ T1127] R10: ffffed1008ab53ff R11: ffff8880455a9fff R12: 0000000020e41500 [ 641.351262][ T1127] R13: ffff8880455a9000 R14: 0000000020e42500 R15: 00007ffffffff000 [ 641.360387][ T1127] ? copyout+0xe2/0x100 [ 641.364541][ T1127] copy_page_to_iter+0x3b6/0xd60 [ 641.369495][ T1127] ? kill_fasync+0x323/0x4a0 [ 641.374942][ T1127] pipe_to_user+0xb4/0x170 [ 641.379587][ T1127] ? anon_pipe_buf_release+0x1c6/0x270 [ 641.385062][ T1127] __splice_from_pipe+0x395/0x7d0 [ 641.392475][ T1127] ? iter_to_pipe+0x560/0x560 [ 641.397383][ T1127] do_vmsplice.part.0+0x249/0x2b0 [ 641.403100][ T1127] ? do_tee+0x850/0x850 [ 641.407651][ T1127] ? import_iovec+0x12e/0x200 [ 641.412331][ T1127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 641.418857][ T1127] __do_sys_vmsplice+0x1b9/0x210 [ 641.423803][ T1127] ? vmsplice_type.isra.0+0x160/0x160 [ 641.429190][ T1127] ? kasan_check_read+0x11/0x20 [ 641.434048][ T1127] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 641.440281][ T1127] ? put_timespec64+0xda/0x140 [ 641.445488][ T1127] ? nsecs_to_jiffies+0x30/0x30 [ 641.450946][ T1127] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.456516][ T1127] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.461973][ T1127] ? do_syscall_64+0x26/0x610 [ 641.466685][ T1127] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.473093][ T1127] ? do_syscall_64+0x26/0x610 [ 641.477767][ T1127] __x64_sys_vmsplice+0x97/0xf0 [ 641.482801][ T1127] do_syscall_64+0x103/0x610 [ 641.487388][ T1127] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.493296][ T1127] RIP: 0033:0x457f29 [ 641.497193][ T1127] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 641.517003][ T1127] RSP: 002b:00007f975b212c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 641.527005][ T1127] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 641.536690][ T1127] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006 [ 641.544674][ T1127] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 641.552999][ T1127] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2136d4 [ 641.561053][ T1127] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 641.572121][ T1127] memory: usage 307200kB, limit 307200kB, failcnt 5475 [ 641.592170][ T1127] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 641.603777][ T1127] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 641.619461][ T1127] Memory cgroup stats for /syz2: cache:52KB rss:288284KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276376KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 641.645397][ T1127] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1115,uid=0 [ 641.661877][ T1127] Memory cgroup out of memory: Killed process 1127 (syz-executor.2) total-vm:72576kB, anon-rss:14736kB, file-rss:35800kB, shmem-rss:0kB 09:01:02 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, 0x0, &(0x7f0000000200)) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:02 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:02 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif#\x00', 0x0, 0x0) [ 641.689846][ T1044] oom_reaper: reaped process 1127 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 641.740511][ T1167] UBIFS error (pid: 1167): cannot open "ubi!_0x0", error -19 09:01:02 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 641.741661][ T1167] UBIFS error (pid: 1167): cannot open "ubi!_0x0", error -19 [ 641.784245][ T1154] XFS (loop0): Invalid superblock magic number [ 641.874168][ T1197] UBIFS error (pid: 1197): cannot open "ubi!_0x0", error -19 [ 641.874694][ T1197] UBIFS error (pid: 1197): cannot open "ubi!_0x0", error -19 [ 641.901355][ C0] net_ratelimit: 22 callbacks suppressed [ 641.901364][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 641.920753][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 641.926689][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 641.932515][ C0] protocol 88fb is buggy, dev hsr_slave_1 09:01:03 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif%\x00', 0x0, 0x0) 09:01:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:03 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:03 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xfc03, 0x0, 0x0, 0x0, 0x0) 09:01:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 642.285682][ T1189] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 642.290002][ T1219] UBIFS error (pid: 1219): cannot open "ubi!_0x0", error -19 [ 642.290569][ T1219] UBIFS error (pid: 1219): cannot open "ubi!_0x0", error -19 [ 642.311134][ T1189] CPU: 1 PID: 1189 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 642.320616][ T1189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.320622][ T1189] Call Trace: [ 642.320649][ T1189] dump_stack+0x172/0x1f0 [ 642.320669][ T1189] dump_header+0x10f/0xb6c [ 642.320685][ T1189] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 642.320707][ T1189] ? ___ratelimit+0x60/0x595 [ 642.343840][ T1189] oom_kill_process.cold+0x10/0x15 [ 642.344268][ T1189] out_of_memory+0x79a/0x1280 [ 642.344289][ T1189] ? retint_kernel+0x2d/0x2d [ 642.379748][ T1189] ? oom_killer_disable+0x280/0x280 [ 642.379774][ T1189] mem_cgroup_out_of_memory+0x1ca/0x230 [ 642.379789][ T1189] ? memcg_event_wake+0x230/0x230 [ 642.379813][ T1189] ? do_raw_spin_unlock+0x57/0x270 [ 642.379829][ T1189] ? _raw_spin_unlock+0x2d/0x50 [ 642.379844][ T1189] try_charge+0x118d/0x1790 [ 642.379867][ T1189] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 642.405240][ T1189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.405268][ T1189] ? kasan_check_read+0x11/0x20 [ 642.405287][ T1189] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 642.405304][ T1189] mem_cgroup_try_charge+0x24d/0x5e0 [ 642.405324][ T1189] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 642.405342][ T1189] wp_page_copy+0x408/0x1740 [ 642.405362][ T1189] ? find_held_lock+0x35/0x130 [ 642.468306][ T1189] ? pmd_pfn+0x1d0/0x1d0 [ 642.473138][ T1189] ? lock_downgrade+0x880/0x880 [ 642.478057][ T1189] ? __pte_alloc_kernel+0x220/0x220 [ 642.483458][ T1189] ? kasan_check_read+0x11/0x20 [ 642.488329][ T1189] ? do_raw_spin_unlock+0x57/0x270 [ 642.493711][ T1189] do_wp_page+0x5d8/0x16c0 [ 642.498121][ T1189] ? do_raw_spin_lock+0x12a/0x2e0 [ 642.503146][ T1189] ? rwlock_bug.part.0+0x90/0x90 [ 642.503164][ T1189] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 642.503176][ T1189] ? add_mm_counter_fast.part.0+0x40/0x40 [ 642.503197][ T1189] __handle_mm_fault+0x22e8/0x3ec0 [ 642.503221][ T1189] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 642.513518][ T1189] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 642.513559][ T1189] ? handle_mm_fault+0x34e/0xb30 [ 642.513576][ T1189] handle_mm_fault+0x43f/0xb30 [ 642.513597][ T1189] __do_page_fault+0x5ef/0xda0 [ 642.513621][ T1189] do_page_fault+0x71/0x581 [ 642.513642][ T1189] page_fault+0x1e/0x30 [ 642.561804][ T1189] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 642.568638][ T1189] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 642.588333][ T1189] RSP: 0018:ffff888043cffab8 EFLAGS: 00010206 [ 642.595050][ T1189] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 642.603015][ T1189] RDX: 0000000000001000 RSI: ffff888056790b00 RDI: 0000000020e42000 [ 642.611281][ T1189] RBP: ffff888043cffaf0 R08: ffffed100acf2200 R09: 0000000000000000 [ 642.612810][ T1223] XFS (loop0): Invalid superblock magic number [ 642.619858][ T1189] R10: ffffed100acf21ff R11: ffff888056790fff R12: 0000000020e41500 [ 642.619867][ T1189] R13: ffff888056790000 R14: 0000000020e42500 R15: 00007ffffffff000 [ 642.619904][ T1189] ? copyout+0xe2/0x100 [ 642.619920][ T1189] copy_page_to_iter+0x3b6/0xd60 [ 642.619933][ T1189] ? retint_kernel+0x2d/0x2d [ 642.619957][ T1189] pipe_to_user+0xb4/0x170 [ 642.660221][ T1189] ? anon_pipe_buf_release+0x1c6/0x270 [ 642.665870][ T1189] __splice_from_pipe+0x395/0x7d0 [ 642.672478][ T1189] ? iter_to_pipe+0x560/0x560 [ 642.677189][ T1189] do_vmsplice.part.0+0x249/0x2b0 [ 642.682885][ T1189] ? do_tee+0x850/0x850 [ 642.687730][ T1189] ? import_iovec+0x12e/0x200 [ 642.692525][ T1189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.698979][ T1189] __do_sys_vmsplice+0x1b9/0x210 [ 642.704511][ T1189] ? vmsplice_type.isra.0+0x160/0x160 [ 642.710585][ T1189] ? kasan_check_read+0x11/0x20 [ 642.715805][ T1189] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 642.724994][ T1189] ? put_timespec64+0xda/0x140 [ 642.730968][ T1189] ? nsecs_to_jiffies+0x30/0x30 [ 642.736526][ T1189] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 642.742075][ T1189] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 642.747658][ T1189] ? do_syscall_64+0x26/0x610 [ 642.752523][ T1189] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.758712][ T1189] ? do_syscall_64+0x26/0x610 [ 642.763497][ T1189] __x64_sys_vmsplice+0x97/0xf0 [ 642.769051][ T1189] do_syscall_64+0x103/0x610 [ 642.773835][ T1189] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.780062][ T1189] RIP: 0033:0x457f29 [ 642.783956][ T1189] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.804104][ T1189] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 642.813041][ T1189] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 642.821464][ T1189] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006 [ 642.829797][ T1189] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 642.837994][ T1189] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 642.851621][ T1189] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 642.863464][ T1189] memory: usage 307200kB, limit 307200kB, failcnt 5562 [ 642.871612][ T1189] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 642.880112][ T1189] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 642.887048][ T1189] Memory cgroup stats for /syz2: cache:52KB rss:288140KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276376KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 642.910516][ T1189] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1188,uid=0 09:01:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:03 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:03 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif*\x00', 0x0, 0x0) [ 642.929431][ T1189] Memory cgroup out of memory: Killed process 1189 (syz-executor.2) total-vm:72576kB, anon-rss:14728kB, file-rss:35800kB, shmem-rss:0kB [ 642.948696][ T1044] oom_reaper: reaped process 1189 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:01:03 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 643.031656][ T1237] UBIFS error (pid: 1237): cannot open "ubi!_0x0", error -19 09:01:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:03 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif+\x00', 0x0, 0x0) 09:01:03 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 643.032780][ T1237] UBIFS error (pid: 1237): cannot open "ubi!_0x0", error -19 09:01:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 643.226732][ T1269] UBIFS error (pid: 1269): cannot open "ubi!_0x0", error -19 [ 643.244218][ T1269] UBIFS error (pid: 1269): cannot open "ubi!_0x0", error -19 [ 643.289373][ T1274] __nla_parse: 5 callbacks suppressed [ 643.289383][ T1274] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:04 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xfe01, 0x0, 0x0, 0x0, 0x0) 09:01:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:04 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif-\x00', 0x0, 0x0) 09:01:04 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 643.388495][ T1280] UBIFS error (pid: 1280): cannot open "ubi!_0x0", error -19 [ 643.393966][ T1280] UBIFS error (pid: 1280): cannot open "ubi!_0x0", error -19 [ 643.484163][ T1289] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 643.545455][ T1261] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 643.560998][ T1261] CPU: 1 PID: 1261 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 643.569641][ T1261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.579706][ T1261] Call Trace: [ 643.583025][ T1261] dump_stack+0x172/0x1f0 [ 643.586636][ T1290] XFS (loop0): Invalid superblock magic number [ 643.587371][ T1261] dump_header+0x10f/0xb6c [ 643.597934][ T1261] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 643.603931][ T1261] ? ___ratelimit+0x60/0x595 [ 643.608559][ T1261] ? do_raw_spin_unlock+0x57/0x270 [ 643.613780][ T1261] oom_kill_process.cold+0x10/0x15 [ 643.619163][ T1261] out_of_memory+0x79a/0x1280 [ 643.623853][ T1261] ? lock_downgrade+0x880/0x880 [ 643.628707][ T1261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 643.634961][ T1261] ? oom_killer_disable+0x280/0x280 [ 643.640150][ T1261] ? find_held_lock+0x35/0x130 [ 643.644949][ T1261] mem_cgroup_out_of_memory+0x1ca/0x230 [ 643.650506][ T1261] ? memcg_event_wake+0x230/0x230 [ 643.655577][ T1261] ? do_raw_spin_unlock+0x57/0x270 [ 643.660779][ T1261] ? _raw_spin_unlock+0x2d/0x50 [ 643.665632][ T1261] try_charge+0x118d/0x1790 [ 643.670250][ T1261] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 643.681013][ T1261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 643.687351][ T1261] ? kasan_check_read+0x11/0x20 [ 643.692218][ T1261] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 643.697958][ T1261] mem_cgroup_try_charge+0x24d/0x5e0 [ 643.703807][ T1261] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 643.709450][ T1261] wp_page_copy+0x408/0x1740 [ 643.714298][ T1261] ? find_held_lock+0x35/0x130 [ 643.719076][ T1261] ? pmd_pfn+0x1d0/0x1d0 [ 643.723336][ T1261] ? lock_downgrade+0x880/0x880 [ 643.728207][ T1261] ? __pte_alloc_kernel+0x220/0x220 [ 643.735214][ T1261] ? kasan_check_read+0x11/0x20 [ 643.740058][ T1261] ? do_raw_spin_unlock+0x57/0x270 [ 643.745595][ T1261] do_wp_page+0x5d8/0x16c0 [ 643.750462][ T1261] ? do_raw_spin_lock+0x12a/0x2e0 [ 643.756920][ T1261] ? rwlock_bug.part.0+0x90/0x90 [ 643.762064][ T1261] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 643.767438][ T1261] ? add_mm_counter_fast.part.0+0x40/0x40 [ 643.773276][ T1261] __handle_mm_fault+0x22e8/0x3ec0 [ 643.778384][ T1261] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 643.784095][ T1261] ? find_held_lock+0x35/0x130 [ 643.789112][ T1261] ? handle_mm_fault+0x322/0xb30 [ 643.794044][ T1261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 643.801227][ T1261] ? kasan_check_read+0x11/0x20 [ 643.806827][ T1261] handle_mm_fault+0x43f/0xb30 [ 643.811603][ T1261] __do_page_fault+0x5ef/0xda0 [ 643.816385][ T1261] do_page_fault+0x71/0x581 [ 643.820901][ T1261] page_fault+0x1e/0x30 [ 643.825054][ T1261] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 643.831642][ T1261] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 643.851239][ T1261] RSP: 0018:ffff888057837ab8 EFLAGS: 00010206 [ 643.858926][ T1261] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 643.871066][ T1261] RDX: 0000000000001000 RSI: ffff8880975d4b00 RDI: 0000000020e41000 [ 643.879057][ T1261] RBP: ffff888057837af0 R08: ffffed1012ebaa00 R09: 0000000000000000 [ 643.887315][ T1261] R10: ffffed1012eba9ff R11: ffff8880975d4fff R12: 0000000020e40500 [ 643.895284][ T1261] R13: ffff8880975d4000 R14: 0000000020e41500 R15: 00007ffffffff000 [ 643.903627][ T1261] ? copyout+0xe2/0x100 [ 643.907773][ T1261] copy_page_to_iter+0x3b6/0xd60 [ 643.912715][ T1261] ? kill_fasync+0x323/0x4a0 [ 643.917305][ T1261] pipe_to_user+0xb4/0x170 [ 643.921713][ T1261] __splice_from_pipe+0x395/0x7d0 [ 643.926738][ T1261] ? iter_to_pipe+0x560/0x560 [ 643.931441][ T1261] do_vmsplice.part.0+0x249/0x2b0 [ 643.936453][ T1261] ? do_tee+0x850/0x850 [ 643.940592][ T1261] ? import_iovec+0x12e/0x200 [ 643.945263][ T1261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 643.953147][ T1261] __do_sys_vmsplice+0x1b9/0x210 [ 643.958268][ T1261] ? vmsplice_type.isra.0+0x160/0x160 [ 643.963653][ T1261] ? kasan_check_read+0x11/0x20 [ 643.968613][ T1261] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 643.974855][ T1261] ? put_timespec64+0xda/0x140 [ 643.979604][ T1261] ? nsecs_to_jiffies+0x30/0x30 [ 643.984539][ T1261] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 643.989983][ T1261] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 643.995426][ T1261] ? do_syscall_64+0x26/0x610 [ 644.000088][ T1261] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 644.006142][ T1261] ? do_syscall_64+0x26/0x610 [ 644.010809][ T1261] __x64_sys_vmsplice+0x97/0xf0 [ 644.015649][ T1261] do_syscall_64+0x103/0x610 [ 644.020221][ T1261] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 644.026096][ T1261] RIP: 0033:0x457f29 [ 644.029973][ T1261] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 644.051926][ T1261] RSP: 002b:00007f975b212c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 644.060359][ T1261] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457f29 [ 644.068447][ T1261] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006 [ 644.076432][ T1261] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 644.084402][ T1261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2136d4 [ 644.092398][ T1261] R13: 00000000004c6d73 R14: 00000000004dc5a0 R15: 00000000ffffffff [ 644.100912][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 644.101477][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 644.106722][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 644.112434][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 644.118208][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 644.123911][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 644.131437][ T1261] memory: usage 307136kB, limit 307200kB, failcnt 5648 [ 644.142245][ T1261] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 644.149891][ T1261] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 644.157191][ T1261] Memory cgroup stats for /syz2: cache:52KB rss:288152KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276372KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 644.180147][ T1261] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1248,uid=0 09:01:05 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:05 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif.\x00', 0x0, 0x0) 09:01:05 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 644.195754][ T1261] Memory cgroup out of memory: Killed process 1261 (syz-executor.2) total-vm:72576kB, anon-rss:14736kB, file-rss:35800kB, shmem-rss:0kB [ 644.215057][ T1044] oom_reaper: reaped process 1261 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:01:05 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 644.312245][ T1317] UBIFS error (pid: 1317): cannot open "ubi!_0x0", error -19 [ 644.326786][ T1317] UBIFS error (pid: 1317): cannot open "ubi!_0x0", error -19 [ 644.339100][ T1310] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 644.388718][ T1310] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:05 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xff0f, 0x0, 0x0, 0x0, 0x0) 09:01:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:05 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif0\x00', 0x0, 0x0) 09:01:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 644.486663][ T1333] UBIFS error (pid: 1333): cannot open "ubi!_0x0", error -19 09:01:05 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 644.487786][ T1333] UBIFS error (pid: 1333): cannot open "ubi!_0x0", error -19 [ 644.585699][ T1342] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 644.674567][ T1354] UBIFS error (pid: 1354): cannot open "ubi!_0x0", error -19 [ 644.712942][ T1336] XFS (loop0): Invalid superblock magic number [ 644.718377][ T1354] UBIFS error (pid: 1354): cannot open "ubi!_0x0", error -19 [ 644.972338][ T1320] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 644.986735][ T1320] CPU: 1 PID: 1320 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 644.995345][ T1320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 645.005694][ T1320] Call Trace: [ 645.009068][ T1320] dump_stack+0x172/0x1f0 [ 645.014106][ T1320] dump_header+0x10f/0xb6c [ 645.018627][ T1320] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 645.024421][ T1320] ? ___ratelimit+0x60/0x595 [ 645.029001][ T1320] ? do_raw_spin_unlock+0x57/0x270 [ 645.037580][ T1320] oom_kill_process.cold+0x10/0x15 [ 645.042678][ T1320] out_of_memory+0x79a/0x1280 [ 645.047337][ T1320] ? lock_downgrade+0x880/0x880 [ 645.052203][ T1320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 645.058760][ T1320] ? oom_killer_disable+0x280/0x280 [ 645.064083][ T1320] ? find_held_lock+0x35/0x130 [ 645.069018][ T1320] mem_cgroup_out_of_memory+0x1ca/0x230 [ 645.074601][ T1320] ? memcg_event_wake+0x230/0x230 [ 645.079989][ T1320] ? do_raw_spin_unlock+0x57/0x270 [ 645.085091][ T1320] ? _raw_spin_unlock+0x2d/0x50 [ 645.090025][ T1320] try_charge+0x118d/0x1790 [ 645.103550][ T1320] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 645.110543][ T1320] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 645.116079][ T1320] ? find_held_lock+0x35/0x130 [ 645.121221][ T1320] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 645.126866][ T1320] __memcg_kmem_charge_memcg+0x7c/0x130 [ 645.132393][ T1320] ? memcg_kmem_put_cache+0xb0/0xb0 [ 645.138284][ T1320] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 645.143837][ T1320] __memcg_kmem_charge+0x136/0x300 [ 645.159374][ T1320] __alloc_pages_nodemask+0x437/0x7e0 [ 645.167889][ T1320] ? __alloc_pages_slowpath+0x2900/0x2900 [ 645.173620][ T1320] ? ___might_sleep+0x163/0x280 [ 645.178575][ T1320] ? copyin+0xb5/0x100 [ 645.182634][ T1320] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 645.188876][ T1320] alloc_pages_current+0x107/0x210 [ 645.193979][ T1320] pipe_write+0x659/0xf30 [ 645.198299][ T1320] new_sync_write+0x4c7/0x760 [ 645.202980][ T1320] ? default_llseek+0x2e0/0x2e0 [ 645.207829][ T1320] ? common_file_perm+0x238/0x720 [ 645.213037][ T1320] ? __fget+0x381/0x550 [ 645.217977][ T1320] ? apparmor_file_permission+0x25/0x30 [ 645.223538][ T1320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 645.229767][ T1320] ? security_file_permission+0x94/0x380 [ 645.235388][ T1320] __vfs_write+0xe4/0x110 [ 645.239701][ T1320] vfs_write+0x20c/0x580 [ 645.243930][ T1320] ksys_write+0xea/0x1f0 [ 645.248179][ T1320] ? __ia32_sys_read+0xb0/0xb0 [ 645.252933][ T1320] ? do_syscall_64+0x26/0x610 [ 645.257674][ T1320] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 645.263740][ T1320] ? do_syscall_64+0x26/0x610 [ 645.268415][ T1320] __x64_sys_write+0x73/0xb0 [ 645.273057][ T1320] do_syscall_64+0x103/0x610 [ 645.277671][ T1320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 645.283552][ T1320] RIP: 0033:0x457f29 [ 645.287470][ T1320] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 645.307318][ T1320] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 645.315744][ T1320] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 645.324155][ T1320] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 645.332117][ T1320] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 645.340072][ T1320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 645.348034][ T1320] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 645.361790][ T1320] memory: usage 307136kB, limit 307200kB, failcnt 5725 [ 645.368852][ T1320] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 645.382771][ T1320] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 645.390943][ T1320] Memory cgroup stats for /syz2: cache:52KB rss:288284KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276396KB inactive_file:0KB active_file:0KB unevictable:2048KB 09:01:06 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:06 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifX\x00', 0x0, 0x0) 09:01:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:06 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 645.423516][ T1320] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1315,uid=0 [ 645.445596][ T1320] Memory cgroup out of memory: Killed process 1319 (syz-executor.2) total-vm:72576kB, anon-rss:14728kB, file-rss:35796kB, shmem-rss:0kB 09:01:06 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x20000, 0x0, 0x0, 0x0, 0x0) [ 645.480788][ T1044] oom_reaper: reaped process 1319 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 645.483085][ T1373] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 645.528856][ T1377] UBIFS error (pid: 1377): cannot open "ubi!_0x0", error -19 [ 645.537413][ T1377] UBIFS error (pid: 1377): cannot open "ubi!_0x0", error -19 09:01:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:06 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifc\x00', 0x0, 0x0) 09:01:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:06 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 645.748254][ T1390] XFS (loop0): Invalid superblock magic number [ 645.752452][ T1407] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 645.782396][ T1411] UBIFS error (pid: 1411): cannot open "ubi!_0x0", error -19 09:01:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:06 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifd\x00', 0x0, 0x0) [ 645.797059][ T1411] UBIFS error (pid: 1411): cannot open "ubi!_0x0", error -19 [ 646.136939][ T1384] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 646.149473][ T1384] CPU: 0 PID: 1384 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 646.158303][ T1384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.168443][ T1384] Call Trace: [ 646.171731][ T1384] dump_stack+0x172/0x1f0 [ 646.176051][ T1384] dump_header+0x10f/0xb6c [ 646.180461][ T1384] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 646.186521][ T1384] ? ___ratelimit+0x60/0x595 [ 646.191097][ T1384] ? do_raw_spin_unlock+0x57/0x270 [ 646.196195][ T1384] oom_kill_process.cold+0x10/0x15 [ 646.201296][ T1384] out_of_memory+0x79a/0x1280 [ 646.205964][ T1384] ? lock_downgrade+0x880/0x880 [ 646.211349][ T1384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 646.217677][ T1384] ? oom_killer_disable+0x280/0x280 [ 646.223133][ T1384] ? find_held_lock+0x35/0x130 [ 646.227894][ T1384] mem_cgroup_out_of_memory+0x1ca/0x230 [ 646.233432][ T1384] ? memcg_event_wake+0x230/0x230 [ 646.238449][ T1384] ? do_raw_spin_unlock+0x57/0x270 [ 646.243562][ T1384] ? _raw_spin_unlock+0x2d/0x50 [ 646.248398][ T1384] try_charge+0x118d/0x1790 [ 646.252896][ T1384] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 646.258665][ T1384] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 646.264263][ T1384] ? find_held_lock+0x35/0x130 [ 646.269026][ T1384] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 646.275000][ T1384] __memcg_kmem_charge_memcg+0x7c/0x130 [ 646.280635][ T1384] ? memcg_kmem_put_cache+0xb0/0xb0 [ 646.285843][ T1384] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 646.291401][ T1384] __memcg_kmem_charge+0x136/0x300 [ 646.296547][ T1384] __alloc_pages_nodemask+0x437/0x7e0 [ 646.301916][ T1384] ? __alloc_pages_slowpath+0x2900/0x2900 [ 646.307632][ T1384] ? ___might_sleep+0x163/0x280 [ 646.312582][ T1384] ? copyin+0xb5/0x100 [ 646.316828][ T1384] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 646.323095][ T1384] alloc_pages_current+0x107/0x210 [ 646.328201][ T1384] pipe_write+0x659/0xf30 [ 646.332532][ T1384] new_sync_write+0x4c7/0x760 [ 646.337201][ T1384] ? default_llseek+0x2e0/0x2e0 [ 646.342044][ T1384] ? common_file_perm+0x238/0x720 [ 646.347053][ T1384] ? __fget+0x381/0x550 [ 646.351286][ T1384] ? apparmor_file_permission+0x25/0x30 [ 646.356819][ T1384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 646.363061][ T1384] ? security_file_permission+0x94/0x380 [ 646.368692][ T1384] __vfs_write+0xe4/0x110 [ 646.373024][ T1384] vfs_write+0x20c/0x580 [ 646.377272][ T1384] ksys_write+0xea/0x1f0 [ 646.381522][ T1384] ? __ia32_sys_read+0xb0/0xb0 [ 646.386280][ T1384] ? do_syscall_64+0x26/0x610 [ 646.390945][ T1384] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.397013][ T1384] ? do_syscall_64+0x26/0x610 [ 646.401680][ T1384] __x64_sys_write+0x73/0xb0 [ 646.406519][ T1384] do_syscall_64+0x103/0x610 [ 646.411095][ T1384] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.416973][ T1384] RIP: 0033:0x457f29 [ 646.420858][ T1384] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 646.440464][ T1384] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 646.448867][ T1384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 646.456912][ T1384] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 646.465020][ T1384] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 646.472987][ T1384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 646.481126][ T1384] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 646.502445][ T1384] memory: usage 307200kB, limit 307200kB, failcnt 5818 [ 646.509564][ T1384] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 646.522894][ T1384] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 646.530452][ T1384] Memory cgroup stats for /syz2: cache:52KB rss:288284KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276448KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 646.554189][ T1384] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1382,uid=0 [ 646.569958][ T1384] Memory cgroup out of memory: Killed process 1383 (syz-executor.2) total-vm:72576kB, anon-rss:14728kB, file-rss:35800kB, shmem-rss:0kB 09:01:07 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r3, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:07 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:07 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifi\x00', 0x0, 0x0) 09:01:07 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x30000, 0x0, 0x0, 0x0, 0x0) [ 646.588834][ T1044] oom_reaper: reaped process 1383 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 646.640104][ T1435] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 646.682678][ T1446] UBIFS error (pid: 1446): cannot open "ubi!_0x0", error -19 [ 646.683252][ T1446] UBIFS error (pid: 1446): cannot open "ubi!_0x0", error -19 [ 646.710449][ T1435] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:07 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:07 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifl\x00', 0x0, 0x0) 09:01:07 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r3, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 646.778115][ T1437] XFS (loop0): Invalid superblock magic number [ 646.799347][ T1461] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 646.894074][ T1478] UBIFS error (pid: 1478): cannot open "ubi!_0x0", error -19 09:01:07 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifo\x00', 0x0, 0x0) 09:01:07 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 646.895333][ T1478] UBIFS error (pid: 1478): cannot open "ubi!_0x0", error -19 [ 647.026499][ T1493] UBIFS error (pid: 1493): cannot open "ubi!_0x0", error -19 [ 647.028362][ T1493] UBIFS error (pid: 1493): cannot open "ubi!_0x0", error -19 09:01:08 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x40000, 0x0, 0x0, 0x0, 0x0) 09:01:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:08 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifp\x00', 0x0, 0x0) 09:01:08 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 647.317485][ T1522] UBIFS error (pid: 1522): cannot open "ubi!_0x0", error -19 [ 647.317861][ T1522] UBIFS error (pid: 1522): cannot open "ubi!_0x0", error -19 [ 647.455658][ T1526] XFS (loop0): Invalid superblock magic number [ 647.591658][ T1538] XFS (loop0): Invalid superblock magic number 09:01:08 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r3, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:08 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:08 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifu\x00', 0x0, 0x0) 09:01:08 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe0000, 0x0, 0x0, 0x0, 0x0) 09:01:08 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 647.692978][ T1556] UBIFS error (pid: 1556): cannot open "ubi!_0x0", error -19 [ 647.712703][ T1556] UBIFS error (pid: 1556): cannot open "ubi!_0x0", error -19 09:01:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:08 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifx\x00', 0x0, 0x0) 09:01:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:08 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 647.882099][ T1598] UBIFS error (pid: 1598): cannot open "ubi!_0x0", error -19 [ 647.888664][ T1598] UBIFS error (pid: 1598): cannot open "ubi!_0x0", error -19 [ 647.924207][ T1583] XFS (loop0): Invalid superblock magic number 09:01:08 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x02', 0x0, 0x0) 09:01:08 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 648.113721][ T1627] UBIFS error (pid: 1627): cannot open "ubi!_0x0", error -19 [ 648.115540][ T1627] UBIFS error (pid: 1627): cannot open "ubi!_0x0", error -19 [ 648.221279][ C1] net_ratelimit: 18 callbacks suppressed [ 648.221285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 648.240381][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 648.246452][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 648.252233][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 648.258043][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 648.263949][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 648.273765][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 648.279608][ C1] protocol 88fb is buggy, dev hsr_slave_1 09:01:09 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x989680, 0x0, 0x0, 0x0, 0x0) 09:01:09 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x03', 0x0, 0x0) 09:01:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:09 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 648.476607][ T1645] __nla_parse: 12 callbacks suppressed [ 648.476617][ T1645] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 648.477641][ T1649] UBIFS error (pid: 1649): cannot open "ubi!_0x0", error -19 [ 648.479668][ T1649] UBIFS error (pid: 1649): cannot open "ubi!_0x0", error -19 [ 648.541308][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 648.547200][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 648.606220][ T1661] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 648.663656][ T1658] XFS (loop0): Invalid superblock magic number 09:01:09 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:09 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:09 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x04', 0x0, 0x0) 09:01:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 648.801127][ T1680] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 648.830743][ T1686] UBIFS error (pid: 1686): cannot open "ubi!_0x0", error -19 09:01:09 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 648.833716][ T1686] UBIFS error (pid: 1686): cannot open "ubi!_0x0", error -19 [ 648.854801][ T1680] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:09 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x1000000, 0x0, 0x0, 0x0, 0x0) 09:01:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:09 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:09 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x05', 0x0, 0x0) 09:01:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:09 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 648.965920][ T1699] UBIFS error (pid: 1699): cannot open "ubi!_0x0", error -19 09:01:09 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x06', 0x0, 0x0) [ 648.990365][ T1699] UBIFS error (pid: 1699): cannot open "ubi!_0x0", error -19 [ 649.059050][ T1707] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 649.118491][ T1707] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:10 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000), 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 649.173694][ T1720] UBIFS error (pid: 1720): cannot open "ubi!_0x0", error -19 [ 649.192940][ T1720] UBIFS error (pid: 1720): cannot open "ubi!_0x0", error -19 09:01:10 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='.bifs\x00', 0x0, 0x0) [ 649.285582][ T1733] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:10 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\a', 0x0, 0x0) [ 649.363263][ T1723] XFS (loop0): Invalid superblock magic number [ 649.599752][ T1757] XFS (loop0): Invalid superblock magic number 09:01:10 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, 0x0) 09:01:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:10 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000), 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:10 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsH', 0x0, 0x0) 09:01:10 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='/bifs\x00', 0x0, 0x0) [ 649.767910][ T1780] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:10 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ub%fs\x00', 0x0, 0x0) 09:01:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:10 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000), 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 649.833760][ T1780] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:10 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsL', 0x0, 0x0) 09:01:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 649.897639][ T1787] XFS (loop0): Invalid superblock magic number 09:01:10 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 650.016280][ T1814] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 650.209950][ T1830] XFS (loop0): Invalid superblock magic number 09:01:11 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3000000, 0x0, 0x0, 0x0, 0x0) 09:01:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:11 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif#\x00', 0x0, 0x0) 09:01:11 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsh', 0x0, 0x0) 09:01:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:11 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:11 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsl', 0x0, 0x0) 09:01:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:11 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif%\x00', 0x0, 0x0) 09:01:11 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 650.560216][ T1862] XFS (loop0): Invalid superblock magic number [ 650.796301][ T1898] XFS (loop0): Invalid superblock magic number 09:01:11 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4000000, 0x0, 0x0, 0x0, 0x0) 09:01:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:11 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifst', 0x0, 0x0) 09:01:11 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif*\x00', 0x0, 0x0) 09:01:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:11 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsz', 0x0, 0x0) 09:01:11 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif+\x00', 0x0, 0x0) 09:01:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 651.103940][ T1924] XFS (loop0): Invalid superblock magic number 09:01:12 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:12 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x5000000, 0x0, 0x0, 0x0, 0x0) 09:01:12 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif-\x00', 0x0, 0x0) 09:01:12 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xf0', 0x0, 0x0) 09:01:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:12 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:12 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif.\x00', 0x0, 0x0) 09:01:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 651.664279][ T1982] XFS (loop0): Invalid superblock magic number [ 651.670748][ T2002] UBIFS error (pid: 2002): cannot open "ubi!_0x0", error -19 [ 651.688680][ T2002] UBIFS error (pid: 2002): cannot open "ubi!_0x0", error -19 09:01:12 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 651.816852][ T2015] UBIFS error (pid: 2015): cannot open "ubi!_0x0", error -19 [ 651.817399][ T2015] UBIFS error (pid: 2015): cannot open "ubi!_0x0", error -19 [ 652.109541][ T1974] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 652.122438][ T1974] CPU: 1 PID: 1974 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 652.131199][ T1974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 652.141338][ T1974] Call Trace: [ 652.144620][ T1974] dump_stack+0x172/0x1f0 [ 652.149022][ T1974] dump_header+0x10f/0xb6c [ 652.153423][ T1974] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 652.159222][ T1974] ? ___ratelimit+0x60/0x595 [ 652.163799][ T1974] ? do_raw_spin_unlock+0x57/0x270 [ 652.168907][ T1974] oom_kill_process.cold+0x10/0x15 [ 652.174005][ T1974] out_of_memory+0x79a/0x1280 [ 652.179017][ T1974] ? lock_downgrade+0x880/0x880 [ 652.183861][ T1974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 652.190100][ T1974] ? oom_killer_disable+0x280/0x280 [ 652.195281][ T1974] ? find_held_lock+0x35/0x130 [ 652.200043][ T1974] mem_cgroup_out_of_memory+0x1ca/0x230 [ 652.205779][ T1974] ? memcg_event_wake+0x230/0x230 [ 652.210793][ T1974] ? do_raw_spin_unlock+0x57/0x270 [ 652.215916][ T1974] ? _raw_spin_unlock+0x2d/0x50 [ 652.221119][ T1974] try_charge+0x118d/0x1790 [ 652.227051][ T1974] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 652.232770][ T1974] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 652.238302][ T1974] ? find_held_lock+0x35/0x130 [ 652.243058][ T1974] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 652.248597][ T1974] __memcg_kmem_charge_memcg+0x7c/0x130 [ 652.255438][ T1974] ? memcg_kmem_put_cache+0xb0/0xb0 [ 652.260623][ T1974] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 652.266252][ T1974] __memcg_kmem_charge+0x136/0x300 [ 652.271383][ T1974] __alloc_pages_nodemask+0x437/0x7e0 [ 652.276752][ T1974] ? __alloc_pages_slowpath+0x2900/0x2900 [ 652.282526][ T1974] ? ___might_sleep+0x163/0x280 [ 652.287382][ T1974] ? copyin+0xb5/0x100 [ 652.291564][ T1974] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 652.297819][ T1974] alloc_pages_current+0x107/0x210 [ 652.303007][ T1974] pipe_write+0x659/0xf30 [ 652.307422][ T1974] new_sync_write+0x4c7/0x760 [ 652.312092][ T1974] ? default_llseek+0x2e0/0x2e0 [ 652.317058][ T1974] ? common_file_perm+0x238/0x720 [ 652.322149][ T1974] ? __fget+0x381/0x550 [ 652.326329][ T1974] ? apparmor_file_permission+0x25/0x30 [ 652.331861][ T1974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 652.338209][ T1974] ? security_file_permission+0x94/0x380 [ 652.343829][ T1974] __vfs_write+0xe4/0x110 [ 652.348141][ T1974] vfs_write+0x20c/0x580 [ 652.352399][ T1974] ksys_write+0xea/0x1f0 [ 652.356750][ T1974] ? __ia32_sys_read+0xb0/0xb0 [ 652.361523][ T1974] ? do_syscall_64+0x26/0x610 [ 652.366268][ T1974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 652.372317][ T1974] ? do_syscall_64+0x26/0x610 [ 652.376982][ T1974] __x64_sys_write+0x73/0xb0 [ 652.381813][ T1974] do_syscall_64+0x103/0x610 [ 652.386392][ T1974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 652.392264][ T1974] RIP: 0033:0x457f29 [ 652.396164][ T1974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 652.415757][ T1974] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 652.424154][ T1974] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 652.432119][ T1974] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 652.440110][ T1974] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 652.448167][ T1974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 652.456138][ T1974] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 652.465842][ T1974] memory: usage 307136kB, limit 307200kB, failcnt 6058 [ 652.477281][ T1974] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 652.489378][ T1974] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 652.489386][ T1974] Memory cgroup stats for /syz2: cache:52KB rss:288132KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276356KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 652.530280][ T1974] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32263,uid=0 09:01:13 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:13 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubif0\x00', 0x0, 0x0) 09:01:13 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:13 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x6000000, 0x0, 0x0, 0x0, 0x0) [ 652.550983][ T1974] Memory cgroup out of memory: Killed process 32263 (syz-executor.2) total-vm:72708kB, anon-rss:12336kB, file-rss:35800kB, shmem-rss:0kB [ 652.571048][ T1044] oom_reaper: reaped process 32263 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:01:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 652.616148][ T2034] UBIFS error (pid: 2034): cannot open "ubi!_0x0", error -19 [ 652.619824][ T2034] UBIFS error (pid: 2034): cannot open "ubi!_0x0", error -19 09:01:13 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 652.714426][ T2031] XFS (loop0): Invalid superblock magic number [ 652.750834][ T2056] UBIFS error (pid: 2056): cannot open "ubi!_0x0", error -19 09:01:13 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifX\x00', 0x0, 0x0) [ 652.752790][ T2056] UBIFS error (pid: 2056): cannot open "ubi!_0x0", error -19 09:01:13 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs ', 0x0, 0x0) 09:01:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 653.317508][ T2052] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 653.334137][ T2052] CPU: 0 PID: 2052 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 653.342780][ T2052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.353128][ T2052] Call Trace: [ 653.356445][ T2052] dump_stack+0x172/0x1f0 [ 653.360767][ T2052] dump_header+0x10f/0xb6c [ 653.365181][ T2052] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 653.371090][ T2052] ? ___ratelimit+0x60/0x595 [ 653.375676][ T2052] ? do_raw_spin_unlock+0x57/0x270 [ 653.380808][ T2052] oom_kill_process.cold+0x10/0x15 [ 653.386693][ T2052] out_of_memory+0x79a/0x1280 [ 653.391375][ T2052] ? lock_downgrade+0x880/0x880 [ 653.396211][ T2052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 653.402457][ T2052] ? oom_killer_disable+0x280/0x280 [ 653.407651][ T2052] ? find_held_lock+0x35/0x130 [ 653.412857][ T2052] mem_cgroup_out_of_memory+0x1ca/0x230 [ 653.418480][ T2052] ? memcg_event_wake+0x230/0x230 [ 653.423501][ T2052] ? do_raw_spin_unlock+0x57/0x270 [ 653.428618][ T2052] ? _raw_spin_unlock+0x2d/0x50 [ 653.433546][ T2052] try_charge+0x118d/0x1790 [ 653.438041][ T2052] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 653.443589][ T2052] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 653.449125][ T2052] ? find_held_lock+0x35/0x130 [ 653.453968][ T2052] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 653.459537][ T2052] __memcg_kmem_charge_memcg+0x7c/0x130 [ 653.465084][ T2052] ? memcg_kmem_put_cache+0xb0/0xb0 [ 653.470268][ T2052] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 653.475803][ T2052] __memcg_kmem_charge+0x136/0x300 [ 653.482913][ T2052] __alloc_pages_nodemask+0x437/0x7e0 [ 653.488275][ T2052] ? __alloc_pages_slowpath+0x2900/0x2900 [ 653.493986][ T2052] ? ___might_sleep+0x163/0x280 [ 653.498838][ T2052] ? copyin+0xb5/0x100 [ 653.502992][ T2052] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 653.509394][ T2052] alloc_pages_current+0x107/0x210 [ 653.514516][ T2052] pipe_write+0x659/0xf30 [ 653.519373][ T2052] new_sync_write+0x4c7/0x760 [ 653.524218][ T2052] ? default_llseek+0x2e0/0x2e0 [ 653.529057][ T2052] ? common_file_perm+0x238/0x720 [ 653.534063][ T2052] ? __fget+0x381/0x550 [ 653.538201][ T2052] ? apparmor_file_permission+0x25/0x30 [ 653.543733][ T2052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 653.549985][ T2052] ? security_file_permission+0x94/0x380 [ 653.555624][ T2052] __vfs_write+0xe4/0x110 [ 653.559973][ T2052] vfs_write+0x20c/0x580 [ 653.564290][ T2052] ksys_write+0xea/0x1f0 [ 653.568676][ T2052] ? __ia32_sys_read+0xb0/0xb0 [ 653.573436][ T2052] ? do_syscall_64+0x26/0x610 [ 653.578103][ T2052] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 653.584166][ T2052] ? do_syscall_64+0x26/0x610 [ 653.588835][ T2052] __x64_sys_write+0x73/0xb0 [ 653.593436][ T2052] do_syscall_64+0x103/0x610 [ 653.598283][ T2052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 653.604198][ T2052] RIP: 0033:0x457f29 [ 653.608079][ T2052] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 653.627675][ T2052] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 653.636087][ T2052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 653.645593][ T2052] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 653.654999][ T2052] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 653.663260][ T2052] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 653.671395][ T2052] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 653.683695][ T2052] memory: usage 307136kB, limit 307200kB, failcnt 6126 [ 653.690616][ T2052] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 653.698418][ T2052] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 653.706142][ T2052] Memory cgroup stats for /syz2: cache:52KB rss:288112KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276348KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 653.729383][ T2052] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1974,uid=0 [ 653.745496][ T2052] Memory cgroup out of memory: Killed process 1974 (syz-executor.2) total-vm:72576kB, anon-rss:12648kB, file-rss:35800kB, shmem-rss:0kB 09:01:14 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x5, 0x8000) getpgrp(0xffffffffffffffff) 09:01:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:14 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifc\x00', 0x0, 0x0) 09:01:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:14 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:14 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x7000000, 0x0, 0x0, 0x0, 0x0) [ 653.762800][ T1044] oom_reaper: reaped process 1974 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:01:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:14 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 653.793660][ T2090] UBIFS error (pid: 2090): cannot open "ubi!_0x0", error -19 [ 653.804380][ T2090] UBIFS error (pid: 2090): cannot open "ubi!_0x0", error -19 [ 653.812510][ T2094] __nla_parse: 11 callbacks suppressed [ 653.812520][ T2094] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 653.908145][ T2111] UBIFS error (pid: 2111): cannot open "ubi!_0x0", error -19 [ 653.912481][ T2111] UBIFS error (pid: 2111): cannot open "ubi!_0x0", error -19 [ 653.937026][ T2094] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:14 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifd\x00', 0x0, 0x0) 09:01:14 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x10', 0x0, 0x0) [ 654.005792][ T2091] XFS (loop0): Invalid superblock magic number 09:01:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 654.387896][ T2106] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 654.400414][ T2106] CPU: 0 PID: 2106 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 654.409008][ T2106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.419056][ T2106] Call Trace: [ 654.422370][ T2106] dump_stack+0x172/0x1f0 [ 654.426713][ T2106] dump_header+0x10f/0xb6c [ 654.431127][ T2106] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 654.436920][ T2106] ? ___ratelimit+0x60/0x595 [ 654.441501][ T2106] ? do_raw_spin_unlock+0x57/0x270 [ 654.446605][ T2106] oom_kill_process.cold+0x10/0x15 [ 654.451784][ T2106] out_of_memory+0x79a/0x1280 [ 654.456440][ T2106] ? lock_downgrade+0x880/0x880 [ 654.461277][ T2106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 654.467692][ T2106] ? oom_killer_disable+0x280/0x280 [ 654.472885][ T2106] ? find_held_lock+0x35/0x130 [ 654.477632][ T2106] mem_cgroup_out_of_memory+0x1ca/0x230 [ 654.484208][ T2106] ? memcg_event_wake+0x230/0x230 [ 654.489663][ T2106] ? do_raw_spin_unlock+0x57/0x270 [ 654.494985][ T2106] ? _raw_spin_unlock+0x2d/0x50 [ 654.500194][ T2106] try_charge+0x118d/0x1790 [ 654.504700][ T2106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 654.510253][ T2106] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 654.515851][ T2106] ? find_held_lock+0x35/0x130 [ 654.520600][ T2106] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 654.526162][ T2106] __memcg_kmem_charge_memcg+0x7c/0x130 [ 654.531895][ T2106] ? memcg_kmem_put_cache+0xb0/0xb0 [ 654.537164][ T2106] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 654.541315][ C1] net_ratelimit: 26 callbacks suppressed [ 654.541323][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 654.542702][ T2106] __memcg_kmem_charge+0x136/0x300 [ 654.548350][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 654.554015][ T2106] __alloc_pages_nodemask+0x437/0x7e0 [ 654.554032][ T2106] ? __alloc_pages_slowpath+0x2900/0x2900 [ 654.554046][ T2106] ? ___might_sleep+0x163/0x280 [ 654.554068][ T2106] ? copyin+0xb5/0x100 [ 654.559212][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 654.564935][ T2106] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 654.564952][ T2106] alloc_pages_current+0x107/0x210 [ 654.564971][ T2106] pipe_write+0x659/0xf30 [ 654.570341][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 654.576037][ T2106] new_sync_write+0x4c7/0x760 [ 654.576054][ T2106] ? default_llseek+0x2e0/0x2e0 [ 654.580964][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 654.584931][ T2106] ? common_file_perm+0x238/0x720 [ 654.584951][ T2106] ? __fget+0x381/0x550 [ 654.590674][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 654.596869][ T2106] ? apparmor_file_permission+0x25/0x30 [ 654.596883][ T2106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 654.596902][ T2106] ? security_file_permission+0x94/0x380 [ 654.602074][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 654.606302][ T2106] __vfs_write+0xe4/0x110 [ 654.612038][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 654.616649][ T2106] vfs_write+0x20c/0x580 [ 654.684226][ T2106] ksys_write+0xea/0x1f0 [ 654.688475][ T2106] ? __ia32_sys_read+0xb0/0xb0 [ 654.693224][ T2106] ? do_syscall_64+0x26/0x610 [ 654.697883][ T2106] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.703945][ T2106] ? do_syscall_64+0x26/0x610 [ 654.708625][ T2106] __x64_sys_write+0x73/0xb0 [ 654.713512][ T2106] do_syscall_64+0x103/0x610 [ 654.718109][ T2106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.724006][ T2106] RIP: 0033:0x457f29 [ 654.727982][ T2106] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 654.748352][ T2106] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 654.756760][ T2106] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 654.764897][ T2106] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 654.772874][ T2106] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 654.780849][ T2106] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 654.788812][ T2106] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 654.797181][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 654.803015][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 654.810485][ T2106] memory: usage 307136kB, limit 307200kB, failcnt 6180 [ 654.818871][ T2106] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 654.826412][ T2106] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 09:01:15 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x0, 0x8000) getpgrp(0xffffffffffffffff) 09:01:15 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifi\x00', 0x0, 0x0) 09:01:15 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsu', 0x0, 0x0) 09:01:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 654.833553][ T2106] Memory cgroup stats for /syz2: cache:52KB rss:288244KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276348KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 654.856568][ T2106] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2052,uid=0 [ 654.872133][ T2106] Memory cgroup out of memory: Killed process 2052 (syz-executor.2) total-vm:72576kB, anon-rss:12328kB, file-rss:35800kB, shmem-rss:0kB [ 654.949107][ T2154] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:15 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:15 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x8000000, 0x0, 0x0, 0x0, 0x0) 09:01:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:15 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifl\x00', 0x0, 0x0) [ 655.028128][ T2164] UBIFS error (pid: 2164): cannot open "ubi!_0x0", error -19 [ 655.028606][ T2164] UBIFS error (pid: 2164): cannot open "ubi!_0x0", error -19 [ 655.067812][ T2170] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:15 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:16 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifo\x00', 0x0, 0x0) [ 655.213469][ T2189] UBIFS error (pid: 2189): cannot open "ubi!_0x0", error -19 [ 655.214021][ T2189] UBIFS error (pid: 2189): cannot open "ubi!_0x0", error -19 [ 655.226547][ T2178] XFS (loop0): Invalid superblock magic number [ 655.527874][ T2161] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 655.540381][ T2161] CPU: 1 PID: 2161 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 655.548992][ T2161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 655.559046][ T2161] Call Trace: [ 655.562333][ T2161] dump_stack+0x172/0x1f0 [ 655.566704][ T2161] dump_header+0x10f/0xb6c [ 655.571196][ T2161] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 655.576985][ T2161] ? ___ratelimit+0x60/0x595 [ 655.581572][ T2161] ? do_raw_spin_unlock+0x57/0x270 [ 655.586664][ T2161] oom_kill_process.cold+0x10/0x15 [ 655.591761][ T2161] out_of_memory+0x79a/0x1280 [ 655.596417][ T2161] ? lock_downgrade+0x880/0x880 [ 655.601535][ T2161] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 655.607765][ T2161] ? oom_killer_disable+0x280/0x280 [ 655.612940][ T2161] ? find_held_lock+0x35/0x130 [ 655.617708][ T2161] mem_cgroup_out_of_memory+0x1ca/0x230 [ 655.623322][ T2161] ? memcg_event_wake+0x230/0x230 [ 655.628327][ T2161] ? do_raw_spin_unlock+0x57/0x270 [ 655.633425][ T2161] ? _raw_spin_unlock+0x2d/0x50 [ 655.638264][ T2161] try_charge+0x118d/0x1790 [ 655.643137][ T2161] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 655.648929][ T2161] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 655.654453][ T2161] ? find_held_lock+0x35/0x130 [ 655.659223][ T2161] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 655.664859][ T2161] __memcg_kmem_charge_memcg+0x7c/0x130 [ 655.670382][ T2161] ? memcg_kmem_put_cache+0xb0/0xb0 [ 655.675561][ T2161] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 655.681096][ T2161] __memcg_kmem_charge+0x136/0x300 [ 655.686195][ T2161] __alloc_pages_nodemask+0x437/0x7e0 [ 655.691550][ T2161] ? __alloc_pages_slowpath+0x2900/0x2900 [ 655.697253][ T2161] ? ___might_sleep+0x163/0x280 [ 655.709182][ T2161] ? copyin+0xb5/0x100 [ 655.713263][ T2161] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 655.719588][ T2161] alloc_pages_current+0x107/0x210 [ 655.724682][ T2161] pipe_write+0x659/0xf30 [ 655.729008][ T2161] new_sync_write+0x4c7/0x760 [ 655.733671][ T2161] ? default_llseek+0x2e0/0x2e0 [ 655.738509][ T2161] ? common_file_perm+0x238/0x720 [ 655.743509][ T2161] ? __fget+0x381/0x550 [ 655.747648][ T2161] ? apparmor_file_permission+0x25/0x30 [ 655.753171][ T2161] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 655.759393][ T2161] ? security_file_permission+0x94/0x380 [ 655.765007][ T2161] __vfs_write+0xe4/0x110 [ 655.769680][ T2161] vfs_write+0x20c/0x580 [ 655.773907][ T2161] ksys_write+0xea/0x1f0 [ 655.778151][ T2161] ? __ia32_sys_read+0xb0/0xb0 [ 655.782900][ T2161] ? do_syscall_64+0x26/0x610 [ 655.787554][ T2161] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 655.793599][ T2161] ? do_syscall_64+0x26/0x610 [ 655.798259][ T2161] __x64_sys_write+0x73/0xb0 [ 655.803027][ T2161] do_syscall_64+0x103/0x610 [ 655.807609][ T2161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 655.813739][ T2161] RIP: 0033:0x457f29 [ 655.817635][ T2161] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 655.837299][ T2161] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 655.845784][ T2161] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 655.861499][ T2161] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 655.869461][ T2161] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 655.877418][ T2161] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 655.886412][ T2161] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 655.896962][ T2161] memory: usage 307136kB, limit 307200kB, failcnt 6234 [ 655.916628][ T2161] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.929304][ T2161] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.936790][ T2161] Memory cgroup stats for /syz2: cache:52KB rss:288144KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276348KB inactive_file:4KB active_file:0KB unevictable:2048KB 09:01:16 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x0, 0x8000) getpgrp(0xffffffffffffffff) 09:01:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:16 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:16 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifp\x00', 0x0, 0x0) [ 655.964943][ T2161] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2106,uid=0 [ 655.980501][ T2161] Memory cgroup out of memory: Killed process 2106 (syz-executor.2) total-vm:72576kB, anon-rss:12648kB, file-rss:35800kB, shmem-rss:0kB [ 655.997317][ T1044] oom_reaper: reaped process 2106 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:01:16 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x9000000, 0x0, 0x0, 0x0, 0x0) 09:01:16 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 656.027374][ T2210] UBIFS error (pid: 2210): cannot open "ubi!_0x0", error -19 [ 656.027906][ T2210] UBIFS error (pid: 2210): cannot open "ubi!_0x0", error -19 [ 656.036533][ T2211] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:17 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifu\x00', 0x0, 0x0) [ 656.123224][ T2223] UBIFS error (pid: 2223): cannot open "ubi!_0x0", error -19 [ 656.132660][ T2223] UBIFS error (pid: 2223): cannot open "ubi!_0x0", error -19 09:01:17 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 656.210015][ T2211] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 656.300279][ T2226] XFS (loop0): Invalid superblock magic number 09:01:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 656.344516][ T2247] UBIFS error (pid: 2247): cannot open "ubi!_0x0", error -19 [ 656.354826][ T2247] UBIFS error (pid: 2247): cannot open "ubi!_0x0", error -19 [ 656.463510][ T2253] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 656.692150][ T2219] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 656.706360][ T2219] CPU: 0 PID: 2219 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 656.715053][ T2219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 656.725092][ T2219] Call Trace: [ 656.728384][ T2219] dump_stack+0x172/0x1f0 [ 656.732698][ T2219] dump_header+0x10f/0xb6c [ 656.737094][ T2219] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 656.742881][ T2219] ? ___ratelimit+0x60/0x595 [ 656.747464][ T2219] ? do_raw_spin_unlock+0x57/0x270 [ 656.752556][ T2219] oom_kill_process.cold+0x10/0x15 [ 656.757652][ T2219] out_of_memory+0x79a/0x1280 [ 656.762313][ T2219] ? lock_downgrade+0x880/0x880 [ 656.767147][ T2219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 656.773374][ T2219] ? oom_killer_disable+0x280/0x280 [ 656.778552][ T2219] ? find_held_lock+0x35/0x130 [ 656.783317][ T2219] mem_cgroup_out_of_memory+0x1ca/0x230 [ 656.788845][ T2219] ? memcg_event_wake+0x230/0x230 [ 656.793863][ T2219] ? do_raw_spin_unlock+0x57/0x270 [ 656.798955][ T2219] ? _raw_spin_unlock+0x2d/0x50 [ 656.803789][ T2219] try_charge+0x118d/0x1790 [ 656.808379][ T2219] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 656.813910][ T2219] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 656.819447][ T2219] ? find_held_lock+0x35/0x130 [ 656.824190][ T2219] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 656.829728][ T2219] __memcg_kmem_charge_memcg+0x7c/0x130 [ 656.835255][ T2219] ? memcg_kmem_put_cache+0xb0/0xb0 [ 656.840434][ T2219] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 656.845976][ T2219] __memcg_kmem_charge+0x136/0x300 [ 656.851162][ T2219] __alloc_pages_nodemask+0x437/0x7e0 [ 656.856526][ T2219] ? __alloc_pages_slowpath+0x2900/0x2900 [ 656.862234][ T2219] ? ___might_sleep+0x163/0x280 [ 656.867076][ T2219] ? copyin+0xb5/0x100 [ 656.871131][ T2219] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 656.878227][ T2219] alloc_pages_current+0x107/0x210 [ 656.883352][ T2219] pipe_write+0x659/0xf30 [ 656.887681][ T2219] new_sync_write+0x4c7/0x760 [ 656.892346][ T2219] ? default_llseek+0x2e0/0x2e0 [ 656.897276][ T2219] ? common_file_perm+0x238/0x720 [ 656.902284][ T2219] ? __fget+0x381/0x550 [ 656.906425][ T2219] ? apparmor_file_permission+0x25/0x30 [ 656.911956][ T2219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 656.918180][ T2219] ? security_file_permission+0x94/0x380 [ 656.923800][ T2219] __vfs_write+0xe4/0x110 [ 656.928117][ T2219] vfs_write+0x20c/0x580 [ 656.932356][ T2219] ksys_write+0xea/0x1f0 [ 656.936595][ T2219] ? __ia32_sys_read+0xb0/0xb0 [ 656.941354][ T2219] ? do_syscall_64+0x26/0x610 [ 656.946032][ T2219] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 656.952081][ T2219] ? do_syscall_64+0x26/0x610 [ 656.956833][ T2219] __x64_sys_write+0x73/0xb0 [ 656.961440][ T2219] do_syscall_64+0x103/0x610 [ 656.966034][ T2219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 656.971904][ T2219] RIP: 0033:0x457f29 [ 656.975780][ T2219] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 656.995449][ T2219] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 657.003840][ T2219] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 657.011808][ T2219] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 657.019766][ T2219] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 657.027719][ T2219] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 657.035673][ T2219] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 657.059344][ T2219] memory: usage 307200kB, limit 307200kB, failcnt 6286 [ 657.066471][ T2219] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 657.086362][ T2219] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 09:01:18 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x0, 0x8000) getpgrp(0xffffffffffffffff) 09:01:18 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifx\x00', 0x0, 0x0) 09:01:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:18 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:18 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xa000000, 0x0, 0x0, 0x0, 0x0) [ 657.093963][ T2219] Memory cgroup stats for /syz2: cache:52KB rss:288256KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276412KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 657.117298][ T2219] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2161,uid=0 [ 657.132721][ T2219] Memory cgroup out of memory: Killed process 2161 (syz-executor.2) total-vm:72576kB, anon-rss:12328kB, file-rss:35800kB, shmem-rss:0kB [ 657.171838][ T2271] UBIFS error (pid: 2271): cannot open "ubi!_0x0", error -19 [ 657.181281][ T1044] oom_reaper: reaped process 2161 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 657.181552][ T2271] UBIFS error (pid: 2271): cannot open "ubi!_0x0", error -19 [ 657.203092][ T2274] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:18 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs&', 0x0, 0x0) [ 657.229824][ T2274] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:18 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x02', 0x0, 0x0) [ 657.397511][ T2276] XFS (loop0): Invalid superblock magic number [ 657.405088][ T2293] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 657.976300][ T2304] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 657.988820][ T2304] CPU: 0 PID: 2304 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 657.997398][ T2304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.007443][ T2304] Call Trace: [ 658.010727][ T2304] dump_stack+0x172/0x1f0 [ 658.015068][ T2304] dump_header+0x10f/0xb6c [ 658.019527][ T2304] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 658.025414][ T2304] ? ___ratelimit+0x60/0x595 [ 658.030000][ T2304] ? do_raw_spin_unlock+0x57/0x270 [ 658.035113][ T2304] oom_kill_process.cold+0x10/0x15 [ 658.040251][ T2304] out_of_memory+0x79a/0x1280 [ 658.046920][ T2304] ? lock_downgrade+0x880/0x880 [ 658.051778][ T2304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.058021][ T2304] ? oom_killer_disable+0x280/0x280 [ 658.063202][ T2304] ? find_held_lock+0x35/0x130 [ 658.067952][ T2304] mem_cgroup_out_of_memory+0x1ca/0x230 [ 658.073501][ T2304] ? memcg_event_wake+0x230/0x230 [ 658.079384][ T2304] ? do_raw_spin_unlock+0x57/0x270 [ 658.084482][ T2304] ? _raw_spin_unlock+0x2d/0x50 [ 658.089319][ T2304] try_charge+0x118d/0x1790 [ 658.093826][ T2304] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 658.099367][ T2304] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 658.104901][ T2304] ? find_held_lock+0x35/0x130 [ 658.109653][ T2304] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 658.115210][ T2304] __memcg_kmem_charge_memcg+0x7c/0x130 [ 658.120840][ T2304] ? memcg_kmem_put_cache+0xb0/0xb0 [ 658.126022][ T2304] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 658.131649][ T2304] __memcg_kmem_charge+0x136/0x300 [ 658.136753][ T2304] __alloc_pages_nodemask+0x437/0x7e0 [ 658.142107][ T2304] ? __alloc_pages_slowpath+0x2900/0x2900 [ 658.148116][ T2304] ? ___might_sleep+0x163/0x280 [ 658.152972][ T2304] ? copyin+0xb5/0x100 [ 658.157049][ T2304] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 658.163283][ T2304] alloc_pages_current+0x107/0x210 [ 658.168393][ T2304] pipe_write+0x659/0xf30 [ 658.172737][ T2304] new_sync_write+0x4c7/0x760 [ 658.177410][ T2304] ? default_llseek+0x2e0/0x2e0 [ 658.182269][ T2304] ? common_file_perm+0x238/0x720 [ 658.187278][ T2304] ? __fget+0x381/0x550 [ 658.191449][ T2304] ? apparmor_file_permission+0x25/0x30 [ 658.196991][ T2304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.203217][ T2304] ? security_file_permission+0x94/0x380 [ 658.208841][ T2304] __vfs_write+0xe4/0x110 [ 658.213172][ T2304] vfs_write+0x20c/0x580 [ 658.217413][ T2304] ksys_write+0xea/0x1f0 [ 658.221637][ T2304] ? __ia32_sys_read+0xb0/0xb0 [ 658.226403][ T2304] ? do_syscall_64+0x26/0x610 [ 658.231071][ T2304] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.237142][ T2304] ? do_syscall_64+0x26/0x610 [ 658.241833][ T2304] __x64_sys_write+0x73/0xb0 [ 658.246418][ T2304] do_syscall_64+0x103/0x610 [ 658.250996][ T2304] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.256971][ T2304] RIP: 0033:0x457f29 [ 658.260849][ T2304] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 658.280444][ T2304] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 658.288851][ T2304] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 658.296814][ T2304] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 658.304800][ T2304] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 658.312767][ T2304] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 658.320754][ T2304] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 658.329205][ T2304] memory: usage 307136kB, limit 307200kB, failcnt 6365 [ 658.336262][ T2304] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.343841][ T2304] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.350840][ T2304] Memory cgroup stats for /syz2: cache:52KB rss:288176KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276476KB inactive_file:0KB active_file:0KB unevictable:2048KB 09:01:19 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x0) getpgrp(0xffffffffffffffff) 09:01:19 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:19 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x03', 0x0, 0x0) 09:01:19 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:19 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xc000000, 0x0, 0x0, 0x0, 0x0) [ 658.374788][ T2304] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2219,uid=0 [ 658.390530][ T2304] Memory cgroup out of memory: Killed process 2219 (syz-executor.2) total-vm:72576kB, anon-rss:12712kB, file-rss:35800kB, shmem-rss:0kB [ 658.408579][ T1044] oom_reaper: reaped process 2219 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 658.437498][ T2333] UBIFS error (pid: 2333): cannot open "ubi!_0x0", error -19 [ 658.439107][ T2333] UBIFS error (pid: 2333): cannot open "ubi!_0x0", error -19 09:01:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:19 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xc0', 0x0, 0x0) 09:01:19 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x04', 0x0, 0x0) 09:01:19 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 658.571321][ T2336] XFS (loop0): Invalid superblock magic number 09:01:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:19 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 658.750533][ T2378] UBIFS error (pid: 2378): cannot open "ubi!_0x0", error -19 [ 658.757704][ T2378] UBIFS error (pid: 2378): cannot open "ubi!_0x0", error -19 [ 659.083832][ T2354] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 659.096288][ T2354] CPU: 0 PID: 2354 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 659.104888][ T2354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.114955][ T2354] Call Trace: [ 659.118260][ T2354] dump_stack+0x172/0x1f0 [ 659.122593][ T2354] dump_header+0x10f/0xb6c [ 659.127009][ T2354] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 659.132833][ T2354] ? ___ratelimit+0x60/0x595 [ 659.137435][ T2354] ? do_raw_spin_unlock+0x57/0x270 [ 659.142560][ T2354] oom_kill_process.cold+0x10/0x15 [ 659.147688][ T2354] out_of_memory+0x79a/0x1280 [ 659.152363][ T2354] ? lock_downgrade+0x880/0x880 [ 659.157206][ T2354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.163440][ T2354] ? oom_killer_disable+0x280/0x280 [ 659.168636][ T2354] ? find_held_lock+0x35/0x130 [ 659.173392][ T2354] mem_cgroup_out_of_memory+0x1ca/0x230 [ 659.178935][ T2354] ? memcg_event_wake+0x230/0x230 [ 659.183969][ T2354] ? do_raw_spin_unlock+0x57/0x270 [ 659.189095][ T2354] ? _raw_spin_unlock+0x2d/0x50 [ 659.193951][ T2354] try_charge+0x118d/0x1790 [ 659.198440][ T2354] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 659.203984][ T2354] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 659.209697][ T2354] ? find_held_lock+0x35/0x130 [ 659.214444][ T2354] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 659.220731][ T2354] __memcg_kmem_charge_memcg+0x7c/0x130 [ 659.226295][ T2354] ? memcg_kmem_put_cache+0xb0/0xb0 [ 659.231588][ T2354] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 659.237131][ T2354] __memcg_kmem_charge+0x136/0x300 [ 659.243462][ T2354] __alloc_pages_nodemask+0x437/0x7e0 [ 659.248841][ T2354] ? __alloc_pages_slowpath+0x2900/0x2900 [ 659.254554][ T2354] ? ___might_sleep+0x163/0x280 [ 659.259388][ T2354] ? copyin+0xb5/0x100 [ 659.263461][ T2354] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 659.269697][ T2354] alloc_pages_current+0x107/0x210 [ 659.274804][ T2354] pipe_write+0x659/0xf30 [ 659.279152][ T2354] new_sync_write+0x4c7/0x760 [ 659.283851][ T2354] ? default_llseek+0x2e0/0x2e0 [ 659.288722][ T2354] ? common_file_perm+0x238/0x720 [ 659.293839][ T2354] ? __fget+0x381/0x550 [ 659.297991][ T2354] ? apparmor_file_permission+0x25/0x30 [ 659.303637][ T2354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.309880][ T2354] ? security_file_permission+0x94/0x380 [ 659.315519][ T2354] __vfs_write+0xe4/0x110 [ 659.319871][ T2354] vfs_write+0x20c/0x580 [ 659.324118][ T2354] ksys_write+0xea/0x1f0 [ 659.328433][ T2354] ? __ia32_sys_read+0xb0/0xb0 [ 659.333190][ T2354] ? do_syscall_64+0x26/0x610 [ 659.337878][ T2354] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.343957][ T2354] ? do_syscall_64+0x26/0x610 [ 659.348658][ T2354] __x64_sys_write+0x73/0xb0 [ 659.353258][ T2354] do_syscall_64+0x103/0x610 [ 659.357880][ T2354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.363757][ T2354] RIP: 0033:0x457f29 [ 659.367643][ T2354] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 659.387252][ T2354] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 659.395660][ T2354] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 659.403634][ T2354] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 659.411593][ T2354] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 659.419559][ T2354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 659.427512][ T2354] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 659.436425][ T2354] memory: usage 307136kB, limit 307200kB, failcnt 6419 [ 659.443511][ T2354] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 659.450962][ T2354] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 659.457947][ T2354] Memory cgroup stats for /syz2: cache:52KB rss:288188KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276476KB inactive_file:0KB active_file:0KB unevictable:2048KB 09:01:20 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x0) getpgrp(0xffffffffffffffff) 09:01:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:20 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x05', 0x0, 0x0) 09:01:20 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:20 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd000000, 0x0, 0x0, 0x0, 0x0) [ 659.480599][ T2354] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2304,uid=0 [ 659.497113][ T2354] Memory cgroup out of memory: Killed process 2304 (syz-executor.2) total-vm:72576kB, anon-rss:12392kB, file-rss:35800kB, shmem-rss:0kB [ 659.516717][ T1044] oom_reaper: reaped process 2304 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 659.547900][ T2395] __nla_parse: 4 callbacks suppressed [ 659.547923][ T2395] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:20 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x06', 0x0, 0x0) 09:01:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:20 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 659.710726][ T2424] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 659.721007][ T2428] UBIFS error (pid: 2428): cannot open "ubi!_0x0", error -19 [ 659.721288][ T2403] XFS (loop0): Invalid superblock magic number 09:01:20 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 659.721604][ T2428] UBIFS error (pid: 2428): cannot open "ubi!_0x0", error -19 [ 659.818395][ T2440] UBIFS error (pid: 2440): cannot open "ubi!_0x0", error -19 [ 659.831072][ T2439] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 659.875050][ T2440] UBIFS error (pid: 2440): cannot open "ubi!_0x0", error -19 [ 659.938011][ T2422] syz-executor.2 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 659.958225][ T2422] CPU: 1 PID: 2422 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 659.966815][ T2422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.966821][ T2422] Call Trace: [ 659.966845][ T2422] dump_stack+0x172/0x1f0 [ 659.966866][ T2422] dump_header+0x10f/0xb6c [ 659.980195][ T2422] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 659.980211][ T2422] ? ___ratelimit+0x60/0x595 [ 659.980229][ T2422] ? do_raw_spin_unlock+0x57/0x270 [ 659.980247][ T2422] oom_kill_process.cold+0x10/0x15 [ 659.980265][ T2422] out_of_memory+0x79a/0x1280 [ 660.014293][ T2422] ? lock_downgrade+0x880/0x880 [ 660.019146][ T2422] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.019165][ T2422] ? oom_killer_disable+0x280/0x280 [ 660.019179][ T2422] ? find_held_lock+0x35/0x130 [ 660.019200][ T2422] mem_cgroup_out_of_memory+0x1ca/0x230 [ 660.019217][ T2422] ? memcg_event_wake+0x230/0x230 [ 660.030744][ T2422] ? do_raw_spin_unlock+0x57/0x270 [ 660.030761][ T2422] ? _raw_spin_unlock+0x2d/0x50 [ 660.030779][ T2422] try_charge+0x118d/0x1790 [ 660.030798][ T2422] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 660.030815][ T2422] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 660.072104][ T2422] ? find_held_lock+0x35/0x130 [ 660.076864][ T2422] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 660.082414][ T2422] __memcg_kmem_charge_memcg+0x7c/0x130 [ 660.087942][ T2422] ? memcg_kmem_put_cache+0xb0/0xb0 [ 660.093140][ T2422] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 660.098686][ T2422] __memcg_kmem_charge+0x136/0x300 [ 660.103791][ T2422] __alloc_pages_nodemask+0x437/0x7e0 [ 660.109147][ T2422] ? __alloc_pages_slowpath+0x2900/0x2900 [ 660.114851][ T2422] ? ___might_sleep+0x163/0x280 [ 660.119698][ T2422] ? copyin+0xb5/0x100 [ 660.123750][ T2422] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 660.129975][ T2422] alloc_pages_current+0x107/0x210 [ 660.135079][ T2422] pipe_write+0x659/0xf30 [ 660.139404][ T2422] new_sync_write+0x4c7/0x760 [ 660.144062][ T2422] ? default_llseek+0x2e0/0x2e0 [ 660.148905][ T2422] ? common_file_perm+0x238/0x720 [ 660.153931][ T2422] ? __fget+0x381/0x550 [ 660.158079][ T2422] ? apparmor_file_permission+0x25/0x30 [ 660.163609][ T2422] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.169835][ T2422] ? security_file_permission+0x94/0x380 [ 660.175452][ T2422] __vfs_write+0xe4/0x110 [ 660.179766][ T2422] vfs_write+0x20c/0x580 [ 660.184004][ T2422] ksys_write+0xea/0x1f0 [ 660.188242][ T2422] ? __ia32_sys_read+0xb0/0xb0 [ 660.192997][ T2422] ? do_syscall_64+0x26/0x610 [ 660.197655][ T2422] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.203700][ T2422] ? do_syscall_64+0x26/0x610 [ 660.208360][ T2422] __x64_sys_write+0x73/0xb0 [ 660.212965][ T2422] do_syscall_64+0x103/0x610 [ 660.217548][ T2422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.223442][ T2422] RIP: 0033:0x457f29 [ 660.232890][ T2422] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 660.252482][ T2422] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 660.260890][ T2422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 660.268855][ T2422] RDX: 000000010000014c RSI: 0000000020000340 RDI: 0000000000000007 [ 660.276818][ T2422] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 660.284786][ T2422] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 660.292737][ T2422] R13: 00000000004c3cdf R14: 00000000004dc5e8 R15: 00000000ffffffff [ 660.302121][ T2422] memory: usage 307200kB, limit 307200kB, failcnt 6479 [ 660.309263][ T2422] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.316919][ T2422] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.323800][ T2422] Memory cgroup stats for /syz2: cache:52KB rss:288264KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:276476KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 660.346448][ T2422] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2354,uid=0 [ 660.362091][ T2422] Memory cgroup out of memory: Killed process 2354 (syz-executor.2) total-vm:72576kB, anon-rss:12712kB, file-rss:35800kB, shmem-rss:0kB [ 660.385327][ T1044] oom_reaper: reaped process 2354 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 09:01:21 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x0) getpgrp(0xffffffffffffffff) 09:01:21 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\a', 0x0, 0x0) 09:01:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:21 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:21 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x1e020000, 0x0, 0x0, 0x0, 0x0) 09:01:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:21 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 660.478980][ T2454] UBIFS error (pid: 2454): cannot open "ubi!_0x0", error -19 [ 660.487429][ T2454] UBIFS error (pid: 2454): cannot open "ubi!_0x0", error -19 [ 660.496209][ T2453] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:21 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsH', 0x0, 0x0) [ 660.577061][ T2461] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 660.631786][ T2472] UBIFS error (pid: 2472): cannot open "ubi!_0x0", error -19 09:01:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:21 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 660.632330][ T2472] UBIFS error (pid: 2472): cannot open "ubi!_0x0", error -19 [ 660.767777][ T2492] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 660.781286][ C1] net_ratelimit: 26 callbacks suppressed [ 660.781296][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 660.792810][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 660.798666][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 660.804480][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 660.810299][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 660.816131][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 660.825453][ T2495] UBIFS error (pid: 2495): cannot open "ubi!_0x0", error -19 [ 660.826077][ T2495] UBIFS error (pid: 2495): cannot open "ubi!_0x0", error -19 [ 660.855974][ T2474] XFS (loop0): Invalid superblock magic number [ 660.871290][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 660.877107][ C1] protocol 88fb is buggy, dev hsr_slave_1 09:01:22 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsL', 0x0, 0x0) 09:01:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:22 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x20000000, 0x0, 0x0, 0x0, 0x0) 09:01:22 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x10100, 0x0, 0xfffffffffffffd51) [ 661.271606][ T2518] UBIFS error (pid: 2518): cannot open "ubi!_0x0", error -19 [ 661.272105][ T2518] UBIFS error (pid: 2518): cannot open "ubi!_0x0", error -19 [ 661.304746][ T2523] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:22 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsh', 0x0, 0x0) [ 661.330336][ T2523] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:22 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 661.384184][ T2516] XFS (loop0): Invalid superblock magic number 09:01:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 661.464216][ T2551] UBIFS error (pid: 2551): cannot open "ubi!_0x0", error -19 [ 661.471604][ T2551] UBIFS error (pid: 2551): cannot open "ubi!_0x0", error -19 [ 661.501320][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 661.514636][ C0] protocol 88fb is buggy, dev hsr_slave_1 09:01:22 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:22 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsl', 0x0, 0x0) [ 661.548885][ T2541] syz-executor.2 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=0, oom_score_adj=1000 [ 661.567930][ T2554] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 661.594229][ T2541] CPU: 1 PID: 2541 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 661.602868][ T2541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.612936][ T2541] Call Trace: [ 661.616276][ T2541] dump_stack+0x172/0x1f0 [ 661.620627][ T2541] dump_header+0x10f/0xb6c [ 661.625073][ T2541] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 661.630896][ T2541] ? ___ratelimit+0x60/0x595 [ 661.635506][ T2541] ? do_raw_spin_unlock+0x57/0x270 [ 661.640645][ T2541] oom_kill_process.cold+0x10/0x15 [ 661.645781][ T2541] out_of_memory+0x79a/0x1280 [ 661.650473][ T2541] ? lock_downgrade+0x880/0x880 [ 661.655337][ T2541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.661594][ T2541] ? oom_killer_disable+0x280/0x280 [ 661.666810][ T2541] ? find_held_lock+0x35/0x130 [ 661.671617][ T2541] mem_cgroup_out_of_memory+0x1ca/0x230 [ 661.677175][ T2541] ? memcg_event_wake+0x230/0x230 [ 661.682226][ T2541] ? do_raw_spin_unlock+0x57/0x270 [ 661.687351][ T2541] ? _raw_spin_unlock+0x2d/0x50 [ 661.692201][ T2541] try_charge+0x118d/0x1790 [ 661.696690][ T2541] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 661.702219][ T2541] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 661.707748][ T2541] ? find_held_lock+0x35/0x130 [ 661.712498][ T2541] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 661.718236][ T2541] __memcg_kmem_charge_memcg+0x7c/0x130 [ 661.723791][ T2541] ? memcg_kmem_put_cache+0xb0/0xb0 [ 661.728994][ T2541] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 661.734535][ T2541] __memcg_kmem_charge+0x136/0x300 [ 661.739639][ T2541] __alloc_pages_nodemask+0x437/0x7e0 [ 661.745012][ T2541] ? kasan_kmalloc+0x9/0x10 [ 661.749538][ T2541] ? __alloc_pages_slowpath+0x2900/0x2900 [ 661.755337][ T2541] ? __alloc_skb+0x3cd/0x5e0 [ 661.759931][ T2541] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 661.766158][ T2541] alloc_pages_current+0x107/0x210 [ 661.771257][ T2541] alloc_skb_with_frags+0x1a5/0x580 [ 661.776448][ T2541] sock_alloc_send_pskb+0x72d/0x8a0 [ 661.781643][ T2541] ? sock_wmalloc+0x120/0x120 [ 661.786316][ T2541] ? lock_downgrade+0x880/0x880 [ 661.791186][ T2541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.797435][ T2541] ? kasan_check_read+0x11/0x20 [ 661.805412][ T2541] unix_stream_sendmsg+0x5f7/0x990 [ 661.810541][ T2541] ? unix_bind+0xac0/0xac0 [ 661.810563][ T2541] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 661.820484][ T2541] ? apparmor_socket_sendmsg+0x2a/0x30 [ 661.820503][ T2541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.820525][ T2541] ? security_socket_sendmsg+0x93/0xc0 [ 661.820540][ T2541] ? unix_bind+0xac0/0xac0 [ 661.820605][ T2541] sock_sendmsg+0xdd/0x130 [ 661.820623][ T2541] sock_write_iter+0x27c/0x3e0 [ 661.852948][ T2541] ? sock_sendmsg+0x130/0x130 [ 661.857650][ T2541] ? aa_path_link+0x460/0x460 [ 661.862337][ T2541] ? find_held_lock+0x35/0x130 [ 661.867111][ T2541] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 661.873363][ T2541] ? iov_iter_init+0xea/0x220 [ 661.878056][ T2541] new_sync_write+0x4c7/0x760 [ 661.882747][ T2541] ? default_llseek+0x2e0/0x2e0 [ 661.887613][ T2541] ? common_file_perm+0x238/0x720 [ 661.892644][ T2541] ? __fget+0x381/0x550 09:01:22 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifst', 0x0, 0x0) 09:01:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="0f000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="4c000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 661.896827][ T2541] ? apparmor_file_permission+0x25/0x30 [ 661.902384][ T2541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.908646][ T2541] ? security_file_permission+0x94/0x380 [ 661.914298][ T2541] __vfs_write+0xe4/0x110 [ 661.918653][ T2541] vfs_write+0x20c/0x580 [ 661.922919][ T2541] ksys_write+0xea/0x1f0 [ 661.927185][ T2541] ? __ia32_sys_read+0xb0/0xb0 [ 661.931966][ T2541] ? do_syscall_64+0x26/0x610 [ 661.936659][ T2541] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.942743][ T2541] ? do_syscall_64+0x26/0x610 [ 661.947435][ T2541] __x64_sys_write+0x73/0xb0 [ 661.952045][ T2541] do_syscall_64+0x103/0x610 [ 661.956647][ T2541] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.962542][ T2541] RIP: 0033:0x457f29 [ 661.966450][ T2541] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 661.986045][ T2541] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 661.994446][ T2541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 662.002411][ T2541] RDX: 000000007fffffff RSI: 00000000200000c0 RDI: 0000000000000003 [ 662.010378][ T2541] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 662.018336][ T2541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 662.026640][ T2541] R13: 00000000004c7360 R14: 00000000004dcee8 R15: 00000000ffffffff [ 662.035399][ T2565] UBIFS error (pid: 2565): cannot open "ubi!_0x0", error -19 [ 662.036784][ T2541] memory: usage 307108kB, limit 307200kB, failcnt 6555 [ 662.054578][ T2565] UBIFS error (pid: 2565): cannot open "ubi!_0x0", error -19 [ 662.067021][ T2541] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 662.082178][ T2541] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 662.090267][ T2541] Memory cgroup stats for /syz2: cache:52KB rss:286640KB rss_huge:247808KB shmem:132KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:9860KB active_anon:274944KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 662.114371][ T2541] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2475,uid=0 [ 662.131011][ T2541] Memory cgroup out of memory: Killed process 2475 (syz-executor.2) total-vm:72576kB, anon-rss:16548kB, file-rss:35796kB, shmem-rss:0kB [ 662.150836][ T1044] oom_reaper: reaped process 2475 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 09:01:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x20030000, 0x0, 0x0, 0x0, 0x0) 09:01:23 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) 09:01:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="68000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:23 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:23 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifsz', 0x0, 0x0) [ 662.322558][ T2597] UBIFS error (pid: 2597): cannot open "ubi!_0x0", error -19 [ 662.325534][ T2597] UBIFS error (pid: 2597): cannot open "ubi!_0x0", error -19 09:01:23 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240000000f0007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 662.413755][ T2587] XFS (loop0): Invalid superblock magic number [ 662.445819][ T2617] UBIFS error (pid: 2617): cannot open "ubi!_0x0", error -19 [ 662.446344][ T2617] UBIFS error (pid: 2617): cannot open "ubi!_0x0", error -19 09:01:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:23 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xf0', 0x0, 0x0) [ 662.450141][ T2616] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 09:01:23 executing program 2: syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x40, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') preadv(r1, &(0x7f00000017c0), 0x1a4, 0xfa4) 09:01:23 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 662.605378][ T2631] UBIFS error (pid: 2631): cannot open "ubi!_0x0", error -19 [ 662.607188][ T2631] UBIFS error (pid: 2631): cannot open "ubi!_0x0", error -19 09:01:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x20100000, 0x0, 0x0, 0x0, 0x0) 09:01:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24020000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:23 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:23 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) clone(0x100002102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) accept$unix(0xffffffffffffffff, 0x0, 0x0) times(0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_open_dev$vcsn(0x0, 0x30000000000000, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x0, 0x0, 0xfffffffffffffd51) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) shmdt(0x0) 09:01:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24030000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:23 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 662.862371][ T2654] UBIFS error (pid: 2654): cannot open "ubi!_0x0", error -19 [ 662.863045][ T2654] UBIFS error (pid: 2654): cannot open "ubi!_0x0", error -19 [ 662.868879][ T2656] UBIFS error (pid: 2656): cannot open "ubi!_0x0", error -19 [ 662.897833][ T2656] UBIFS error (pid: 2656): cannot open "ubi!_0x0", error -19 09:01:23 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24040000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 663.023925][ T2680] UBIFS error (pid: 2680): cannot open "ubi!_0x0", error -19 [ 663.033141][ T2682] UBIFS error (pid: 2682): cannot open "ubi!_0x0", error -19 [ 663.048358][ T2680] UBIFS error (pid: 2680): cannot open "ubi!_0x0", error -19 [ 663.084300][ T2668] XFS (loop0): Invalid superblock magic number [ 663.094024][ T2682] UBIFS error (pid: 2682): cannot open "ubi!_0x0", error -19 [ 663.260263][ T2698] XFS (loop0): Invalid superblock magic number 09:01:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x23000000, 0x0, 0x0, 0x0, 0x0) 09:01:24 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:24 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24050000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 663.392095][ T2715] UBIFS error (pid: 2715): cannot open "ubi!_0x0", error -19 [ 663.392426][ T2715] UBIFS error (pid: 2715): cannot open "ubi!_0x0", error -19 [ 663.417870][ T2719] UBIFS error (pid: 2719): cannot open "ubi!_0x0", error -19 [ 663.480457][ T2719] UBIFS error (pid: 2719): cannot open "ubi!_0x0", error -19 [ 663.544486][ T2724] XFS (loop0): Invalid superblock magic number 09:01:24 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) times(&(0x7f0000000240)) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) 09:01:24 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:24 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24060000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 663.680503][ T2744] UBIFS error (pid: 2744): cannot open "ubi!_0x0", error -19 [ 663.691167][ T2744] UBIFS error (pid: 2744): cannot open "ubi!_0x0", error -19 09:01:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24070000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 663.728655][ T2752] UBIFS error (pid: 2752): cannot open "ubi!_0x0", error -19 09:01:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x24030000, 0x0, 0x0, 0x0, 0x0) 09:01:24 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24080000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:24 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs ', 0x0, 0x0) 09:01:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 663.793216][ T2752] UBIFS error (pid: 2752): cannot open "ubi!_0x0", error -19 [ 663.899130][ T2765] UBIFS error (pid: 2765): cannot open "ubi!_0x0", error -19 [ 663.902402][ T2765] UBIFS error (pid: 2765): cannot open "ubi!_0x0", error -19 [ 664.021465][ T2769] XFS (loop0): Invalid superblock magic number 09:01:25 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:25 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:25 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240a0000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2c000000, 0x0, 0x0, 0x0, 0x0) 09:01:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240e0000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 664.678410][ T2806] UBIFS error (pid: 2806): cannot open "ubi!_0x0", error -19 [ 664.680309][ T2806] UBIFS error (pid: 2806): cannot open "ubi!_0x0", error -19 [ 664.703349][ T2808] UBIFS error (pid: 2808): cannot open "ubi!_0x0", error -19 [ 664.703982][ T2808] UBIFS error (pid: 2808): cannot open "ubi!_0x0", error -19 09:01:25 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:25 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240f0000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:25 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:25 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) [ 664.858254][ T2824] UBIFS error (pid: 2824): cannot open "ubi!_0x0", error -19 [ 664.883257][ T2824] UBIFS error (pid: 2824): cannot open "ubi!_0x0", error -19 [ 664.903588][ T2801] XFS (loop0): Invalid superblock magic number [ 664.917243][ T2833] UBIFS error (pid: 2833): cannot open "ubi!_0x0", error -19 09:01:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:25 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:25 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x10', 0x0, 0x0) [ 664.918263][ T2833] UBIFS error (pid: 2833): cannot open "ubi!_0x0", error -19 09:01:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24100000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 665.236210][ T2856] XFS (loop0): Invalid superblock magic number 09:01:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x2c010000, 0x0, 0x0, 0x0, 0x0) 09:01:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:26 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:26 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:26 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x8b', 0x0, 0x0) 09:01:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24280000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24480000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 665.369606][ T2875] UBIFS error (pid: 2875): cannot open "ubi!_0x0", error -19 [ 665.370232][ T2875] UBIFS error (pid: 2875): cannot open "ubi!_0x0", error -19 09:01:26 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:26 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="244c0000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:26 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 665.637404][ T2910] UBIFS error (pid: 2910): cannot open "ubi!_0x0", error -19 [ 665.640102][ T2910] UBIFS error (pid: 2910): cannot open "ubi!_0x0", error -19 [ 665.654961][ T2884] XFS (loop0): Invalid superblock magic number [ 665.836739][ T2915] XFS (loop0): Invalid superblock magic number 09:01:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3c000000, 0x0, 0x0, 0x0, 0x0) 09:01:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24600000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:26 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:26 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:26 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24680000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:26 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 665.982425][ T2938] UBIFS error (pid: 2938): cannot open "ubi!_0x0", error -19 [ 665.991923][ T2938] UBIFS error (pid: 2938): cannot open "ubi!_0x0", error -19 09:01:26 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:27 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="246c0000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 666.168502][ T2959] UBIFS error (pid: 2959): cannot open "ubi!_0x0", error -19 [ 666.169010][ T2959] UBIFS error (pid: 2959): cannot open "ubi!_0x0", error -19 [ 666.208783][ T2941] XFS (loop0): Invalid superblock magic number 09:01:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3c030000, 0x0, 0x0, 0x0, 0x0) 09:01:27 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:27 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24740000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:27 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="247a0000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 666.580369][ T2995] UBIFS error (pid: 2995): cannot open "ubi!_0x0", error -19 [ 666.580920][ T2995] UBIFS error (pid: 2995): cannot open "ubi!_0x0", error -19 [ 666.600206][ T2997] UBIFS error (pid: 2997): cannot open "ubi!_0x0", error -19 09:01:27 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xf9', 0x0, 0x0) 09:01:27 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:27 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 666.625617][ T2997] UBIFS error (pid: 2997): cannot open "ubi!_0x0", error -19 09:01:27 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x8c', 0x0, 0x0) [ 666.758583][ T3015] UBIFS error (pid: 3015): cannot open "ubi!_0x0", error -19 [ 666.759668][ T3015] UBIFS error (pid: 3015): cannot open "ubi!_0x0", error -19 [ 666.913664][ T3013] XFS (loop0): Invalid superblock magic number [ 667.021270][ C1] net_ratelimit: 26 callbacks suppressed [ 667.021278][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 667.033198][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 667.039011][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 667.044804][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 667.050606][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 667.056420][ C1] protocol 88fb is buggy, dev hsr_slave_1 09:01:28 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3e030000, 0x0, 0x0, 0x0, 0x0) 09:01:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24f00000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:28 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:28 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:28 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:28 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xf6', 0x0, 0x0) [ 667.101255][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 667.107040][ C1] protocol 88fb is buggy, dev hsr_slave_1 09:01:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000300150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:28 executing program 2: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 667.213050][ T3056] UBIFS error (pid: 3056): cannot open "ubi!_0x0", error -19 [ 667.213954][ T3056] UBIFS error (pid: 3056): cannot open "ubi!_0x0", error -19 09:01:28 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs&', 0x0, 0x0) 09:01:28 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xfe', 0x0, 0x0) 09:01:28 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:28 executing program 2: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 667.468328][ T3066] XFS (loop0): Invalid superblock magic number [ 667.648516][ T3106] XFS (loop0): Invalid superblock magic number 09:01:28 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x3f000000, 0x0, 0x0, 0x0, 0x0) 09:01:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000500150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:28 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xc0', 0x0, 0x0) 09:01:28 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:28 executing program 2: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:28 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 667.741413][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 667.747279][ C0] protocol 88fb is buggy, dev hsr_slave_1 09:01:28 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:28 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) [ 667.771547][ T3122] UBIFS error (pid: 3122): cannot open "ubi!_0x0", error -19 [ 667.786068][ T3122] UBIFS error (pid: 3122): cannot open "ubi!_0x0", error -19 09:01:28 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000600150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:28 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:28 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 667.996822][ T3140] XFS (loop0): Invalid superblock magic number [ 667.996898][ T3171] UBIFS error (pid: 3171): cannot open "ubi!_0x0", error -19 [ 667.997440][ T3171] UBIFS error (pid: 3171): cannot open "ubi!_0x0", error -19 09:01:29 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x40000000, 0x0, 0x0, 0x0, 0x0) 09:01:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000700150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:29 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:29 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:29 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 668.333522][ T3208] UBIFS error (pid: 3208): cannot open "ubi!_0x0", error -19 09:01:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000a00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:29 executing program 2: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:29 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 668.334036][ T3208] UBIFS error (pid: 3208): cannot open "ubi!_0x0", error -19 09:01:29 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 668.470732][ T3228] UBIFS error (pid: 3228): cannot open "ubi!_0x0", error -19 [ 668.499894][ T3228] UBIFS error (pid: 3228): cannot open "ubi!_0x0", error -19 [ 668.573626][ T3245] UBIFS error (pid: 3245): cannot open "ubi!_0x0", error -19 [ 668.581098][ T3245] UBIFS error (pid: 3245): cannot open "ubi!_0x0", error -19 [ 668.589255][ T3216] XFS (loop0): Invalid superblock magic number [ 668.729343][ T3254] XFS (loop0): Invalid superblock magic number 09:01:29 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x42534658, 0x0, 0x0, 0x0, 0x0) 09:01:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24bf0a00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:29 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:29 executing program 2: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:29 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 668.847845][ T3271] UBIFS error (pid: 3271): cannot open "ubi!_0x0", error -19 [ 668.848305][ T3271] UBIFS error (pid: 3271): cannot open "ubi!_0x0", error -19 [ 668.868040][ T3275] UBIFS error (pid: 3275): cannot open "ubi!_0x0", error -19 09:01:29 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000e00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:29 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 668.886539][ T3275] UBIFS error (pid: 3275): cannot open "ubi!_0x0", error -19 09:01:29 executing program 2: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 668.991557][ T3285] UBIFS error (pid: 3285): cannot open "ubi!_0x0", error -19 [ 668.992074][ T3285] UBIFS error (pid: 3285): cannot open "ubi!_0x0", error -19 09:01:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24c00e00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 669.059236][ T3304] UBIFS error (pid: 3304): cannot open "ubi!_0x0", error -19 [ 669.059675][ T3304] UBIFS error (pid: 3304): cannot open "ubi!_0x0", error -19 [ 669.169783][ T3288] XFS (loop0): Invalid superblock magic number [ 669.289340][ T3323] XFS (loop0): Invalid superblock magic number 09:01:30 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:30 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:30 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:30 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x44030000, 0x0, 0x0, 0x0, 0x0) 09:01:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000f00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:30 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 669.442657][ T3349] UBIFS error (pid: 3349): cannot open "ubi!_0x0", error -19 [ 669.443244][ T3349] UBIFS error (pid: 3349): cannot open "ubi!_0x0", error -19 [ 669.443252][ T3347] UBIFS error (pid: 3347): cannot open "ubi!_0x0", error -19 09:01:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24002000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:30 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 669.444580][ T3347] UBIFS error (pid: 3347): cannot open "ubi!_0x0", error -19 09:01:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:30 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 669.537498][ T3357] UBIFS error (pid: 3357): cannot open "ubi!_0x0", error -19 09:01:30 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24002800150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 669.566397][ T3357] UBIFS error (pid: 3357): cannot open "ubi!_0x0", error -19 [ 669.664335][ T3375] UBIFS error (pid: 3375): cannot open "ubi!_0x0", error -19 [ 669.666785][ T3375] UBIFS error (pid: 3375): cannot open "ubi!_0x0", error -19 [ 669.675987][ T3345] XFS (loop0): Invalid superblock magic number 09:01:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:30 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 669.717009][ T3379] UBIFS error (pid: 3379): cannot open "ubi!_0x0", error -19 09:01:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24004800150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 669.718213][ T3379] UBIFS error (pid: 3379): cannot open "ubi!_0x0", error -19 09:01:30 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:30 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24004c00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:30 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x48000000, 0x0, 0x0, 0x0, 0x0) 09:01:30 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 670.081475][ T3406] UBIFS error (pid: 3406): cannot open "ubi!_0x0", error -19 [ 670.082075][ T3406] UBIFS error (pid: 3406): cannot open "ubi!_0x0", error -19 09:01:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24006000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:31 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:31 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 670.111137][ T3415] UBIFS error (pid: 3415): cannot open "ubi!_0x0", error -19 [ 670.138343][ T3415] UBIFS error (pid: 3415): cannot open "ubi!_0x0", error -19 [ 670.171564][ T3419] UBIFS error (pid: 3419): cannot open "ubi!_0x0", error -19 09:01:31 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24006800150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 670.172086][ T3419] UBIFS error (pid: 3419): cannot open "ubi!_0x0", error -19 09:01:31 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 670.259714][ T3426] UBIFS error (pid: 3426): cannot open "ubi!_0x0", error -19 [ 670.260871][ T3426] UBIFS error (pid: 3426): cannot open "ubi!_0x0", error -19 09:01:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:31 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 670.356405][ T3442] UBIFS error (pid: 3442): cannot open "ubi!_0x0", error -19 09:01:31 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 670.357268][ T3442] UBIFS error (pid: 3442): cannot open "ubi!_0x0", error -19 [ 670.443709][ T3424] XFS (loop0): Invalid superblock magic number [ 670.484364][ T3457] UBIFS error (pid: 3457): cannot open "ubi!_0x0", error -19 [ 670.495617][ T3457] UBIFS error (pid: 3457): cannot open "ubi!_0x0", error -19 [ 670.522800][ T3460] UBIFS error (pid: 3460): cannot open "ubi!_0x0", error -19 [ 670.533103][ T3460] UBIFS error (pid: 3460): cannot open "ubi!_0x0", error -19 09:01:31 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4a000000, 0x0, 0x0, 0x0, 0x0) 09:01:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24006c00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:31 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:31 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:31 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24007400150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:31 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 670.826534][ T3477] UBIFS error (pid: 3477): cannot open "ubi!_0x0", error -19 [ 670.833213][ T3477] UBIFS error (pid: 3477): cannot open "ubi!_0x0", error -19 [ 670.837300][ T3480] UBIFS error (pid: 3480): cannot open "ubi!_0x0", error -19 [ 670.853640][ T3480] UBIFS error (pid: 3480): cannot open "ubi!_0x0", error -19 09:01:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:31 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:31 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 670.991651][ T3499] UBIFS error (pid: 3499): cannot open "ubi!_0x0", error -19 [ 671.013121][ T3506] UBIFS error (pid: 3506): cannot open "ubi!_0x0", error -19 [ 671.020838][ T3499] UBIFS error (pid: 3499): cannot open "ubi!_0x0", error -19 [ 671.030576][ T3489] XFS (loop0): Invalid superblock magic number 09:01:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 671.094985][ T3506] UBIFS error (pid: 3506): cannot open "ubi!_0x0", error -19 09:01:32 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x0, 0x0) 09:01:32 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24007a00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:32 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 671.424718][ T3535] UBIFS error (pid: 3535): cannot open "ubi!_0x0", error -19 [ 671.425211][ T3535] UBIFS error (pid: 3535): cannot open "ubi!_0x0", error -19 [ 671.443336][ T3538] UBIFS error (pid: 3538): cannot open "ubi!_0x0", error -19 09:01:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240abf00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:32 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:32 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 671.460042][ T3538] UBIFS error (pid: 3538): cannot open "ubi!_0x0", error -19 09:01:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 671.588484][ T3551] UBIFS error (pid: 3551): cannot open "ubi!_0x0", error -19 09:01:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240ec000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 671.588927][ T3551] UBIFS error (pid: 3551): cannot open "ubi!_0x0", error -19 [ 671.647937][ T3563] UBIFS error (pid: 3563): cannot open "ubi!_0x0", error -19 [ 671.674224][ T3563] UBIFS error (pid: 3563): cannot open "ubi!_0x0", error -19 [ 671.713992][ T3544] XFS (loop0): Invalid superblock magic number 09:01:32 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x58465342, 0x0, 0x0, 0x0, 0x0) 09:01:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:32 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:32 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400f000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000260007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 672.021739][ T3591] UBIFS error (pid: 3591): cannot open "ubi!_0x0", error -19 [ 672.035992][ T3591] UBIFS error (pid: 3591): cannot open "ubi!_0x0", error -19 [ 672.038377][ T3596] UBIFS error (pid: 3596): cannot open "ubi!_0x0", error -19 09:01:32 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:32 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 672.104640][ T3599] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 672.122564][ T3596] UBIFS error (pid: 3596): cannot open "ubi!_0x0", error -19 09:01:33 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:33 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 672.180818][ T3599] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 672.197000][ T3611] UBIFS error (pid: 3611): cannot open "ubi!_0x0", error -19 [ 672.197492][ T3611] UBIFS error (pid: 3611): cannot open "ubi!_0x0", error -19 [ 672.281072][ T3620] UBIFS error (pid: 3620): cannot open "ubi!_0x0", error -19 [ 672.287039][ T3620] UBIFS error (pid: 3620): cannot open "ubi!_0x0", error -19 [ 672.336332][ T3601] XFS (loop0): Invalid superblock magic number 09:01:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000680007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:33 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:33 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:33 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:33 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x5c010000, 0x0, 0x0, 0x0, 0x0) 09:01:33 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 672.637927][ T3648] UBIFS error (pid: 3648): cannot open "ubi!_0x0", error -19 [ 672.638483][ T3648] UBIFS error (pid: 3648): cannot open "ubi!_0x0", error -19 [ 672.646143][ T3647] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 672.663543][ T3649] UBIFS error (pid: 3649): cannot open "ubi!_0x0", error -19 09:01:33 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:33 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 672.671919][ T3649] UBIFS error (pid: 3649): cannot open "ubi!_0x0", error -19 [ 672.693373][ T3651] UBIFS error (pid: 3651): cannot open "ubi!_0x0", error -19 09:01:33 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000200150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 672.702295][ T3651] UBIFS error (pid: 3651): cannot open "ubi!_0x0", error -19 [ 672.811083][ T3666] UBIFS error (pid: 3666): cannot open "ubi!_0x0", error -19 [ 672.813084][ T3666] UBIFS error (pid: 3666): cannot open "ubi!_0x0", error -19 09:01:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000300150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 672.852874][ T3670] UBIFS error (pid: 3670): cannot open "ubi!_0x0", error -19 [ 672.879464][ T3670] UBIFS error (pid: 3670): cannot open "ubi!_0x0", error -19 [ 672.903819][ T3657] XFS (loop0): Invalid superblock magic number 09:01:33 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) 09:01:33 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:34 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x0) 09:01:34 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000400150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:34 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:34 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x60000000, 0x0, 0x0, 0x0, 0x0) [ 673.261298][ C1] net_ratelimit: 26 callbacks suppressed [ 673.261306][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 673.272888][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 673.278758][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 673.284558][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 673.290462][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 673.296369][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 673.341282][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 673.347124][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 673.367773][ T3723] UBIFS error (pid: 3723): cannot open "ubi!_0x0", error -19 [ 673.368442][ T3723] UBIFS error (pid: 3723): cannot open "ubi!_0x0", error -19 [ 673.383637][ T3722] UBIFS error (pid: 3722): cannot open "ubi!_0x0", error -19 [ 673.384392][ T3722] UBIFS error (pid: 3722): cannot open "ubi!_0x0", error -19 09:01:34 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x0) 09:01:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000500150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:34 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:34 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000600150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 673.515536][ T3735] UBIFS error (pid: 3735): cannot open "ubi!_0x0", error -19 [ 673.531919][ T3735] UBIFS error (pid: 3735): cannot open "ubi!_0x0", error -19 09:01:34 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:34 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x0) 09:01:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:34 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000700150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 673.686847][ T3729] XFS (loop0): Invalid superblock magic number [ 673.696061][ T3761] UBIFS error (pid: 3761): cannot open "ubi!_0x0", error -19 [ 673.696647][ T3761] UBIFS error (pid: 3761): cannot open "ubi!_0x0", error -19 [ 673.990750][ T3779] XFS (loop0): Invalid superblock magic number [ 673.991331][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 674.002775][ C0] protocol 88fb is buggy, dev hsr_slave_1 09:01:34 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x68000000, 0x0, 0x0, 0x0, 0x0) 09:01:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000800150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:34 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:34 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:34 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 09:01:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000a00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:35 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 674.142870][ T3796] UBIFS error (pid: 3796): cannot open "ubi!_0x0", error -19 [ 674.144117][ T3796] UBIFS error (pid: 3796): cannot open "ubi!_0x0", error -19 09:01:35 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 09:01:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:35 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:35 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x2, 0x0) [ 674.266652][ T3812] UBIFS error (pid: 3812): cannot open "ubi!_0x0", error -19 [ 674.271928][ T3812] UBIFS error (pid: 3812): cannot open "ubi!_0x0", error -19 [ 674.371002][ T3822] UBIFS error (pid: 3822): cannot open "ubi!_0x0", error -19 [ 674.388026][ T3822] UBIFS error (pid: 3822): cannot open "ubi!_0x0", error -19 [ 674.436015][ T3828] UBIFS error (pid: 3828): cannot open "ubi!_0x0", error -19 [ 674.450416][ T3828] UBIFS error (pid: 3828): cannot open "ubi!_0x0", error -19 [ 674.491306][ T3809] XFS (loop0): Invalid superblock magic number 09:01:35 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x6c000000, 0x0, 0x0, 0x0, 0x0) 09:01:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000e00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:35 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 09:01:35 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xf9', 0x0, 0x0) 09:01:35 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x3, 0x0) [ 674.711132][ T3849] UBIFS error (pid: 3849): cannot open "ubi!_0x0", error -19 09:01:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000f00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:35 executing program 2: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:35 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x8c', 0x0, 0x0) [ 674.714694][ T3849] UBIFS error (pid: 3849): cannot open "ubi!_0x0", error -19 09:01:35 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4, 0x0) 09:01:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 674.887051][ T3872] UBIFS error (pid: 3872): cannot open "ubi!_0x0", error -19 [ 674.888054][ T3871] UBIFS error (pid: 3871): cannot open "ubi!_0x0", error -19 [ 674.902752][ T3872] UBIFS error (pid: 3872): cannot open "ubi!_0x0", error -19 [ 675.057521][ T3867] XFS (loop0): Invalid superblock magic number 09:01:36 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x74000000, 0x0, 0x0, 0x0, 0x0) 09:01:36 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xf6', 0x0, 0x0) 09:01:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24001000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:36 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x5, 0x0) 09:01:36 executing program 2: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:36 executing program 2: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 675.338629][ T3907] UBIFS error (pid: 3907): cannot open "ubi!_0x0", error -19 [ 675.363398][ T3911] UBIFS error (pid: 3911): cannot open "ubi!_0x0", error -19 09:01:36 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xfe', 0x0, 0x0) 09:01:36 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6, 0x0) [ 675.403445][ T3911] UBIFS error (pid: 3911): cannot open "ubi!_0x0", error -19 09:01:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24002800150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 675.470169][ T3923] UBIFS error (pid: 3923): cannot open "ubi!_0x0", error -19 [ 675.530404][ T3929] UBIFS error (pid: 3929): cannot open "ubi!_0x0", error -19 09:01:36 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, &(0x7f0000000340), 0x10000014c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x0) getpgrp(0xffffffffffffffff) 09:01:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 675.532130][ T3929] UBIFS error (pid: 3929): cannot open "ubi!_0x0", error -19 [ 675.663178][ T3918] XFS (loop0): Invalid superblock magic number [ 675.858878][ T3953] XFS (loop0): Invalid superblock magic number 09:01:36 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x7a000000, 0x0, 0x0, 0x0, 0x0) 09:01:36 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:36 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7, 0x0) 09:01:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24004800150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 676.015259][ T3967] UBIFS error (pid: 3967): cannot open "ubi!_0x0", error -19 [ 676.015745][ T3967] UBIFS error (pid: 3967): cannot open "ubi!_0x0", error -19 [ 676.030684][ T3970] UBIFS error (pid: 3970): cannot open "ubi!_0x0", error -19 09:01:36 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x48, 0x0) 09:01:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24004c00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 676.068335][ T3970] UBIFS error (pid: 3970): cannot open "ubi!_0x0", error -19 09:01:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\xff', 0x0, 0x0) 09:01:37 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4c, 0x0) [ 676.184060][ T3981] UBIFS error (pid: 3981): cannot open "ubi!_0x0", error -19 [ 676.188329][ T3981] UBIFS error (pid: 3981): cannot open "ubi!_0x0", error -19 09:01:37 executing program 2: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 676.306663][ T3995] UBIFS error (pid: 3995): cannot open "ubi!_0x0", error -19 [ 676.307353][ T3995] UBIFS error (pid: 3995): cannot open "ubi!_0x0", error -19 [ 676.401708][ T4004] UBIFS error (pid: 4004): cannot open "ubi!_0x0", error -19 [ 676.402881][ T4004] UBIFS error (pid: 4004): cannot open "ubi!_0x0", error -19 [ 676.425129][ T3983] XFS (loop0): Invalid superblock magic number [ 676.436022][ T4006] UBIFS error (pid: 4006): cannot open "ubi!_0x0", error -19 [ 676.591947][ T4010] XFS (loop0): Invalid superblock magic number 09:01:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x80030000, 0x0, 0x0, 0x0, 0x0) 09:01:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24006000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:37 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:37 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x68, 0x0) 09:01:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:37 executing program 2: setregid(0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x5, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r1, 0x7002) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e20, @broadcast}], 0x20) write(r4, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getpeername$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x5, 0x8000) getpgrp(0xffffffffffffffff) [ 676.734487][ T4030] UBIFS error (pid: 4030): cannot open "ubi!_0x0", error -19 [ 676.735034][ T4030] UBIFS error (pid: 4030): cannot open "ubi!_0x0", error -19 09:01:37 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6c, 0x0) 09:01:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:37 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24006800150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:37 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x74, 0x0) 09:01:37 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 676.904465][ T4056] UBIFS error (pid: 4056): cannot open "ubi!_0x0", error -19 [ 676.910527][ T4056] UBIFS error (pid: 4056): cannot open "ubi!_0x0", error -19 [ 676.946914][ T4037] XFS (loop0): Invalid superblock magic number [ 677.006326][ T4064] UBIFS error (pid: 4064): cannot open "ubi!_0x0", error -19 [ 677.006883][ T4064] UBIFS error (pid: 4064): cannot open "ubi!_0x0", error -19 [ 677.146686][ T4067] XFS (loop0): Invalid superblock magic number 09:01:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x80969800, 0x0, 0x0, 0x0, 0x0) 09:01:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24006c00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:38 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7a, 0x0) 09:01:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:38 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) [ 677.261615][ T4082] UBIFS error (pid: 4082): cannot open "ubi!_0x0", error -19 [ 677.263697][ T4082] UBIFS error (pid: 4082): cannot open "ubi!_0x0", error -19 [ 677.401956][ T4090] XFS (loop0): Invalid superblock magic number 09:01:38 executing program 2: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1ed) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000080)="68bd0000d7ebd3") ioctl$KVM_RUN(r2, 0xae80, 0x0) accept4$llc(0xffffffffffffffff, 0x0, &(0x7f0000000180), 0x80800) socket(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 09:01:38 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:38 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xf0, 0x0) 09:01:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24007400150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:38 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x300, 0x0) 09:01:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24007a00150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 677.550959][ T4114] UBIFS error (pid: 4114): cannot open "ubi!_0x0", error -19 [ 677.568192][ T4114] UBIFS error (pid: 4114): cannot open "ubi!_0x0", error -19 [ 677.626887][ T4122] UBIFS error (pid: 4122): cannot open "ubi!_0x0", error -19 09:01:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x84030000, 0x0, 0x0, 0x0, 0x0) 09:01:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:38 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:38 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x500, 0x0) 09:01:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400f000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 677.643056][ T4122] UBIFS error (pid: 4122): cannot open "ubi!_0x0", error -19 [ 677.721935][ T4130] UBIFS error (pid: 4130): cannot open "ubi!_0x0", error -19 [ 677.723897][ T4130] UBIFS error (pid: 4130): cannot open "ubi!_0x0", error -19 [ 677.795124][ T4136] UBIFS error (pid: 4136): cannot open "ubi!_0x0", error -19 [ 677.796207][ T4136] UBIFS error (pid: 4136): cannot open "ubi!_0x0", error -19 [ 677.870373][ T4120] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 677.885583][ T4120] CPU: 0 PID: 4120 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 677.894319][ T4120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.904388][ T4120] Call Trace: [ 677.907672][ T4120] dump_stack+0x172/0x1f0 [ 677.912029][ T4120] dump_header+0x10f/0xb6c [ 677.916466][ T4120] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 677.922268][ T4120] ? ___ratelimit+0x60/0x595 [ 677.926853][ T4120] ? do_raw_spin_unlock+0x57/0x270 [ 677.932059][ T4120] oom_kill_process.cold+0x10/0x15 [ 677.937171][ T4120] out_of_memory+0x79a/0x1280 [ 677.942102][ T4120] ? lock_downgrade+0x880/0x880 [ 677.946934][ T4120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.952464][ T4139] XFS (loop0): Invalid superblock magic number [ 677.953185][ T4120] ? oom_killer_disable+0x280/0x280 [ 677.964576][ T4120] ? find_held_lock+0x35/0x130 [ 677.969360][ T4120] mem_cgroup_out_of_memory+0x1ca/0x230 [ 677.974892][ T4120] ? memcg_event_wake+0x230/0x230 [ 677.979911][ T4120] ? do_raw_spin_unlock+0x57/0x270 [ 677.985010][ T4120] ? _raw_spin_unlock+0x2d/0x50 [ 677.989844][ T4120] try_charge+0x118d/0x1790 [ 677.994331][ T4120] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 677.999874][ T4120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.006099][ T4120] ? kasan_check_read+0x11/0x20 [ 678.011020][ T4120] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 678.016563][ T4120] mem_cgroup_try_charge+0x24d/0x5e0 [ 678.021834][ T4120] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 678.027448][ T4120] shmem_getpage_gfp+0x69e/0x2500 [ 678.032459][ T4120] ? shmem_unuse_inode.constprop.0+0xfd0/0xfd0 [ 678.038594][ T4120] ? lock_downgrade+0x880/0x880 [ 678.043428][ T4120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.052814][ T4120] shmem_fault+0x22d/0x760 [ 678.057233][ T4120] ? __handle_mm_fault+0x344a/0x3ec0 [ 678.062500][ T4120] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 678.068475][ T4120] ? lock_downgrade+0x880/0x880 [ 678.073334][ T4120] __do_fault+0x116/0x4e0 [ 678.077655][ T4120] __handle_mm_fault+0x2c6c/0x3ec0 [ 678.082938][ T4120] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 678.088472][ T4120] ? find_held_lock+0x35/0x130 [ 678.093226][ T4120] ? handle_mm_fault+0x322/0xb30 [ 678.098151][ T4120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.104376][ T4120] ? kasan_check_read+0x11/0x20 [ 678.109434][ T4120] handle_mm_fault+0x43f/0xb30 [ 678.114214][ T4120] __get_user_pages+0x7b6/0x1a40 [ 678.119140][ T4120] ? follow_page_mask+0x19a0/0x19a0 [ 678.124321][ T4120] ? vma_set_page_prot+0x18c/0x240 [ 678.129429][ T4120] ? memset+0x32/0x40 [ 678.133400][ T4120] populate_vma_page_range+0x20d/0x2a0 [ 678.138844][ T4120] __mm_populate+0x204/0x380 [ 678.143443][ T4120] ? populate_vma_page_range+0x2a0/0x2a0 [ 678.149083][ T4120] vm_mmap_pgoff+0x213/0x230 [ 678.153664][ T4120] ? vma_is_stack_for_current+0xd0/0xd0 [ 678.159193][ T4120] ? kasan_check_read+0x11/0x20 [ 678.164046][ T4120] ? _copy_to_user+0xc9/0x120 [ 678.168708][ T4120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 678.174935][ T4120] ksys_mmap_pgoff+0xf7/0x630 [ 678.179616][ T4120] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 678.185237][ T4120] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 678.190676][ T4120] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 678.196136][ T4120] ? do_syscall_64+0x26/0x610 [ 678.200799][ T4120] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.206897][ T4120] __x64_sys_mmap+0xe9/0x1b0 [ 678.211477][ T4120] do_syscall_64+0x103/0x610 [ 678.221507][ T4120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.227385][ T4120] RIP: 0033:0x457f29 [ 678.231270][ T4120] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 678.250971][ T4120] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 678.259367][ T4120] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29 [ 678.267344][ T4120] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 678.275309][ T4120] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 678.283266][ T4120] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f975b2346d4 [ 678.291227][ T4120] R13: 00000000004c3c88 R14: 00000000004d6e40 R15: 00000000ffffffff [ 678.299625][ C0] net_ratelimit: 22 callbacks suppressed [ 678.299635][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 678.311108][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 678.317113][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 678.322980][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 678.329694][ T4120] memory: usage 307200kB, limit 307200kB, failcnt 6578 [ 678.336685][ T4120] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 678.344368][ T4120] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 678.351310][ T4120] Memory cgroup stats for /syz2: cache:3088KB rss:282340KB rss_huge:243712KB shmem:3168KB mapped_file:3168KB dirty:132KB writeback:0KB swap:0KB inactive_anon:12956KB active_anon:270412KB inactive_file:4KB active_file:0KB unevictable:2048KB [ 678.374421][ T4120] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=3942,uid=0 [ 678.389824][ T4120] Memory cgroup out of memory: Killed process 3942 (syz-executor.2) total-vm:72576kB, anon-rss:16548kB, file-rss:35820kB, shmem-rss:0kB [ 678.409543][ T1044] oom_reaper: reaped process 3942 (syz-executor.2), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 678.920459][ T4163] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 678.931967][ T4163] CPU: 1 PID: 4163 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 678.940565][ T4163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.950615][ T4163] Call Trace: [ 678.953918][ T4163] dump_stack+0x172/0x1f0 [ 678.958242][ T4163] dump_header+0x10f/0xb6c [ 678.962649][ T4163] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 678.968445][ T4163] ? ___ratelimit+0x60/0x595 [ 678.973025][ T4163] ? do_raw_spin_unlock+0x57/0x270 [ 678.978241][ T4163] oom_kill_process.cold+0x10/0x15 [ 678.983351][ T4163] out_of_memory+0x79a/0x1280 [ 678.988023][ T4163] ? lock_downgrade+0x880/0x880 [ 678.992884][ T4163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.999123][ T4163] ? oom_killer_disable+0x280/0x280 [ 679.004313][ T4163] ? find_held_lock+0x35/0x130 [ 679.009207][ T4163] mem_cgroup_out_of_memory+0x1ca/0x230 [ 679.014743][ T4163] ? memcg_event_wake+0x230/0x230 [ 679.019763][ T4163] ? do_raw_spin_unlock+0x57/0x270 [ 679.024865][ T4163] ? _raw_spin_unlock+0x2d/0x50 [ 679.029733][ T4163] try_charge+0x118d/0x1790 [ 679.034250][ T4163] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 679.041989][ T4163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.048238][ T4163] ? kasan_check_read+0x11/0x20 [ 679.053076][ T4163] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 679.058633][ T4163] mem_cgroup_try_charge+0x24d/0x5e0 [ 679.063932][ T4163] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 679.069572][ T4163] shmem_getpage_gfp+0x69e/0x2500 [ 679.074593][ T4163] ? shmem_unuse_inode.constprop.0+0xfd0/0xfd0 [ 679.080751][ T4163] ? lock_downgrade+0x880/0x880 [ 679.087264][ T4163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.093502][ T4163] shmem_fault+0x22d/0x760 [ 679.097913][ T4163] ? __handle_mm_fault+0x344a/0x3ec0 [ 679.103201][ T4163] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 679.109189][ T4163] ? lock_downgrade+0x880/0x880 [ 679.114029][ T4163] __do_fault+0x116/0x4e0 [ 679.118357][ T4163] __handle_mm_fault+0x2c6c/0x3ec0 [ 679.123495][ T4163] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 679.129038][ T4163] ? find_held_lock+0x35/0x130 [ 679.133788][ T4163] ? handle_mm_fault+0x322/0xb30 [ 679.138731][ T4163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.144969][ T4163] ? kasan_check_read+0x11/0x20 [ 679.149820][ T4163] handle_mm_fault+0x43f/0xb30 [ 679.154781][ T4163] __get_user_pages+0x7b6/0x1a40 [ 679.159800][ T4163] ? follow_page_mask+0x19a0/0x19a0 [ 679.164998][ T4163] ? vma_set_page_prot+0x18c/0x240 [ 679.170099][ T4163] ? memset+0x32/0x40 [ 679.174070][ T4163] populate_vma_page_range+0x20d/0x2a0 [ 679.179521][ T4163] __mm_populate+0x204/0x380 [ 679.184126][ T4163] ? populate_vma_page_range+0x2a0/0x2a0 [ 679.189760][ T4163] vm_mmap_pgoff+0x213/0x230 [ 679.194339][ T4163] ? vma_is_stack_for_current+0xd0/0xd0 [ 679.199878][ T4163] ? kasan_check_read+0x11/0x20 [ 679.204733][ T4163] ? _copy_to_user+0xc9/0x120 [ 679.209411][ T4163] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 679.215651][ T4163] ksys_mmap_pgoff+0xf7/0x630 [ 679.220318][ T4163] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 679.225942][ T4163] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 679.231411][ T4163] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 679.236869][ T4163] ? do_syscall_64+0x26/0x610 [ 679.248799][ T4163] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.254984][ T4163] __x64_sys_mmap+0xe9/0x1b0 [ 679.259574][ T4163] do_syscall_64+0x103/0x610 [ 679.264301][ T4163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.270189][ T4163] RIP: 0033:0x457f29 [ 679.281166][ T4163] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 679.307982][ T4163] RSP: 002b:00007f975b1f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 679.316417][ T4163] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29 [ 679.324376][ T4163] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 679.332364][ T4163] RBP: 000000000073c040 R08: ffffffffffffffff R09: 0000000000000000 [ 679.340321][ T4163] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f975b1f26d4 [ 679.348311][ T4163] R13: 00000000004c3c88 R14: 00000000004d6e40 R15: 00000000ffffffff [ 679.357643][ T4163] memory: usage 307200kB, limit 307200kB, failcnt 6604 [ 679.364674][ T4163] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.374256][ T4163] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.381284][ T4163] Memory cgroup stats for /syz2: cache:15476KB rss:265952KB rss_huge:227328KB shmem:15448KB mapped_file:10164KB dirty:132KB writeback:0KB swap:0KB inactive_anon:20044KB active_anon:259328KB inactive_file:0KB active_file:0KB unevictable:2048KB [ 679.405076][ T4163] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=448,uid=0 [ 679.420326][ T4163] Memory cgroup out of memory: Killed process 448 (syz-executor.2) total-vm:72708kB, anon-rss:11632kB, file-rss:35800kB, shmem-rss:0kB [ 679.446065][ T1044] oom_reaper: reaped process 448 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 679.501325][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 679.507177][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 679.513419][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 679.519195][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 679.525065][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 679.531761][ C1] protocol 88fb is buggy, dev hsr_slave_1 09:01:40 executing program 2: creat(&(0x7f0000000700)='./bus\x00', 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x5c0d) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x9) 09:01:40 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x600, 0x0) 09:01:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:40 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000003150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:40 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x8cffffff, 0x0, 0x0, 0x0, 0x0) 09:01:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000005150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 679.650453][ T4180] UBIFS error (pid: 4180): cannot open "ubi!_0x0", error -19 [ 679.652775][ T4180] UBIFS error (pid: 4180): cannot open "ubi!_0x0", error -19 [ 679.671612][ T4181] UBIFS error (pid: 4181): cannot open "ubi!_0x0", error -19 09:01:40 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x700, 0x0) 09:01:40 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x3, &(0x7f0000c91000)=ANY=[@ANYBLOB="850000002f0000005f000000000000009500000000000000"], 0x0, 0x1, 0x99, &(0x7f0000000180)=""/153}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x0, 0xe, 0x0, &(0x7f00000000c0)="a3375f83dd2586651779c2b1dc11", 0x0, 0x3dc}, 0x28) [ 679.695497][ T4181] UBIFS error (pid: 4181): cannot open "ubi!_0x0", error -19 [ 679.775209][ T4195] UBIFS error (pid: 4195): cannot open "ubi!_0x0", error -19 09:01:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000006150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 679.834366][ T4171] XFS (loop0): Invalid superblock magic number [ 679.848167][ T4202] UBIFS error (pid: 4202): cannot open "ubi!_0x0", error -19 [ 679.849150][ T4202] UBIFS error (pid: 4202): cannot open "ubi!_0x0", error -19 09:01:40 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x1020, 0x0) 09:01:40 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000007150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 679.865619][ T4195] UBIFS error (pid: 4195): cannot open "ubi!_0x0", error -19 [ 680.038892][ T4216] UBIFS error (pid: 4216): cannot open "ubi!_0x0", error -19 [ 680.039381][ T4216] UBIFS error (pid: 4216): cannot open "ubi!_0x0", error -19 09:01:41 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xa0000000, 0x0, 0x0, 0x0, 0x0) 09:01:41 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x0, 0x4, 0x0, 0x0, 0x7ff}, &(0x7f0000000180)=0x14) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, 0x0, &(0x7f0000000240)) exit_group(0x0) r1 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r1, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) rt_sigtimedwait(&(0x7f00000000c0)={0xffff}, 0x0, &(0x7f0000000100)={0x77359400}, 0x8) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x40040, 0x0) 09:01:41 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x1f00, 0x0) 09:01:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400000a150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:41 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400bf0a150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:41 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x2000, 0x0) [ 680.444837][ T4244] UBIFS error (pid: 4244): cannot open "ubi!_0x0", error -19 [ 680.451035][ T4244] UBIFS error (pid: 4244): cannot open "ubi!_0x0", error -19 09:01:41 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400000e150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 680.648252][ T4247] XFS (loop0): Invalid superblock magic number [ 680.672323][ T4268] UBIFS error (pid: 4268): cannot open "ubi!_0x0", error -19 [ 680.680828][ T4268] UBIFS error (pid: 4268): cannot open "ubi!_0x0", error -19 09:01:41 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xa4000000, 0x0, 0x0, 0x0, 0x0) 09:01:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x2010, 0x0) 09:01:42 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:42 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0='bpq0\x00', 0x10) 09:01:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400c00e150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 681.170835][ T4286] XFS (loop0): Invalid superblock magic number 09:01:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x2675, 0x0) 09:01:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400000f150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 681.275113][ T4309] UBIFS error (pid: 4309): cannot open "ubi!_0x0", error -19 09:01:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x3f00, 0x0) 09:01:42 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000780)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) memfd_create(0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r0, r1, 0x0, 0x1) [ 681.275909][ T4309] UBIFS error (pid: 4309): cannot open "ubi!_0x0", error -19 09:01:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4800, 0x0) [ 681.518596][ T4339] UBIFS error (pid: 4339): cannot open "ubi!_0x0", error -19 [ 681.520599][ T4339] UBIFS error (pid: 4339): cannot open "ubi!_0x0", error -19 09:01:42 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xc0ed0000, 0x0, 0x0, 0x0, 0x0) 09:01:42 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000020150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4c00, 0x0) 09:01:42 executing program 2: capget(0x0, &(0x7f0000000200)) 09:01:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6800, 0x0) 09:01:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffe4f, 0x68, 0x0, 0xa2) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x0, 0x119000}) ioctl$PPPIOCSFLAGS(0xffffffffffffffff, 0x40047459, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, 0x0) [ 681.676428][ T4346] UBIFS error (pid: 4346): cannot open "ubi!_0x0", error -19 [ 681.681431][ T4346] UBIFS error (pid: 4346): cannot open "ubi!_0x0", error -19 [ 681.699280][ T4353] UBIFS error (pid: 4353): cannot open "ubi!_0x0", error -19 09:01:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000028150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:42 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6c00, 0x0) 09:01:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 681.813990][ T4353] UBIFS error (pid: 4353): cannot open "ubi!_0x0", error -19 [ 682.002585][ T4363] XFS (loop0): Invalid superblock magic number 09:01:43 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xc4000000, 0x0, 0x0, 0x0, 0x0) 09:01:43 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000048150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:43 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7400, 0x0) 09:01:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffe4f, 0x68, 0x0, 0xa2) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x0, 0x119000}) ioctl$PPPIOCSFLAGS(0xffffffffffffffff, 0x40047459, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, 0x0) 09:01:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400004c150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:43 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7526, 0x0) 09:01:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 682.263424][ T4406] UBIFS error (pid: 4406): cannot open "ubi!_0x0", error -19 [ 682.272303][ T4406] UBIFS error (pid: 4406): cannot open "ubi!_0x0", error -19 09:01:43 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000060150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:43 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7a00, 0x0) [ 682.425179][ T4421] UBIFS error (pid: 4421): cannot open "ubi!_0x0", error -19 [ 682.429254][ T4421] UBIFS error (pid: 4421): cannot open "ubi!_0x0", error -19 [ 682.507540][ T4413] XFS (loop0): Invalid superblock magic number 09:01:43 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xca000000, 0x0, 0x0, 0x0, 0x0) 09:01:43 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000068150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:43 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xedc0, 0x0) 09:01:43 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r1, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") recvmmsg(r1, &(0x7f00000044c0)=[{{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:01:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400006c150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 682.880007][ T4458] UBIFS error (pid: 4458): cannot open "ubi!_0x0", error -19 [ 682.880514][ T4458] UBIFS error (pid: 4458): cannot open "ubi!_0x0", error -19 09:01:43 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xf000, 0x0) 09:01:43 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) close(r0) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000180)={0x81, 0x2e, 0xd00, 0x9, 0x0, 0x20}) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x1, 0x0) ioctl$RTC_EPOCH_SET(r2, 0x4008700e, 0xfffffffffffffff7) openat$cgroup_int(r0, &(0x7f0000000100)='rdma.max\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000680)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001b, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x100) renameat(r3, &(0x7f00000003c0)='./bus\x00', r3, &(0x7f0000000200)='./file0\x00') write$UHID_INPUT(r4, &(0x7f0000000980)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0xfffffffffffffd14}, 0x10a9) sendfile(r4, r4, &(0x7f00000000c0)=0x500, 0x8080fffffffe) socket(0x0, 0x0, 0x0) 09:01:43 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000074150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 683.082593][ T4485] UBIFS error (pid: 4485): cannot open "ubi!_0x0", error -19 [ 683.086395][ T4485] UBIFS error (pid: 4485): cannot open "ubi!_0x0", error -19 [ 683.107880][ T4464] XFS (loop0): Invalid superblock magic number [ 683.309242][ T4496] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 683.310541][ T26] audit: type=1804 audit(1552122104.167:18046): pid=4487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir448260644/syzkaller.KHuH82/825/file0/file0" dev="loop2" ino=140 res=1 [ 683.319758][ T4496] FAT-fs (loop2): Filesystem has been set read-only [ 683.399055][ T4496] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) 09:01:44 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:44 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xf0ffff, 0x0) 09:01:44 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400007a150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:44 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd0000000, 0x0, 0x0, 0x0, 0x0) 09:01:44 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) [ 683.426862][ T4497] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF 09:01:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000abf150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 683.512342][ T4511] UBIFS error (pid: 4511): cannot open "ubi!_0x0", error -19 [ 683.512907][ T4511] UBIFS error (pid: 4511): cannot open "ubi!_0x0", error -19 09:01:44 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:44 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x1000000, 0x0) 09:01:44 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000ec0150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 683.661275][ C1] net_ratelimit: 18 callbacks suppressed [ 683.661283][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 683.672909][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 683.678755][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 683.684621][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 683.685908][ T4533] UBIFS error (pid: 4533): cannot open "ubi!_0x0", error -19 [ 683.686473][ T4533] UBIFS error (pid: 4533): cannot open "ubi!_0x0", error -19 [ 683.690466][ C1] protocol 88fb is buggy, dev hsr_slave_0 09:01:44 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 683.711078][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 683.721941][ T4536] UBIFS error (pid: 4536): cannot open "ubi!_0x0", error -19 [ 683.722501][ T4536] UBIFS error (pid: 4536): cannot open "ubi!_0x0", error -19 [ 683.741262][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 683.754650][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 683.856447][ T4529] XFS (loop0): Invalid superblock magic number 09:01:44 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd0030000, 0x0, 0x0, 0x0, 0x0) 09:01:44 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:44 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240000f0150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:44 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x2000000, 0x0) 09:01:44 executing program 2: r0 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='sit0\x00', 0x10) sendfile(r0, r1, 0x0, 0x88001) [ 684.124173][ T4567] UBIFS error (pid: 4567): cannot open "ubi!_0x0", error -19 [ 684.125280][ T4567] UBIFS error (pid: 4567): cannot open "ubi!_0x0", error -19 09:01:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="240000000f0007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:45 executing program 2: [ 684.160806][ T4576] UBIFS error (pid: 4576): cannot open "ubi!_0x0", error -19 09:01:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 684.211437][ T4576] UBIFS error (pid: 4576): cannot open "ubi!_0x0", error -19 09:01:45 executing program 2: [ 684.275840][ T4585] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 684.312922][ T4588] UBIFS error (pid: 4588): cannot open "ubi!_0x0", error -19 09:01:45 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x3000000, 0x0) [ 684.314715][ T4588] UBIFS error (pid: 4588): cannot open "ubi!_0x0", error -19 [ 684.405209][ T4580] XFS (loop0): Invalid superblock magic number [ 684.483598][ T4604] UBIFS error (pid: 4604): cannot open "ubi!_0x0", error -19 [ 684.484484][ T4604] UBIFS error (pid: 4604): cannot open "ubi!_0x0", error -19 [ 684.541426][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 684.555089][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 684.618060][ T4606] XFS (loop0): Invalid superblock magic number 09:01:45 executing program 2: 09:01:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x0, 0x0) 09:01:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000002150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:45 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd2030000, 0x0, 0x0, 0x0, 0x0) 09:01:45 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4000000, 0x0) 09:01:45 executing program 2: 09:01:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x2, 0x0) 09:01:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 684.766037][ T4623] UBIFS error (pid: 4623): cannot open "ubi!_0x0", error -19 [ 684.766934][ T4624] UBIFS error (pid: 4624): cannot open "ubi!_0x0", error -19 [ 684.772611][ T4623] UBIFS error (pid: 4623): cannot open "ubi!_0x0", error -19 [ 684.787885][ T4624] UBIFS error (pid: 4624): cannot open "ubi!_0x0", error -19 09:01:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000003150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:45 executing program 2: 09:01:45 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x5000000, 0x0) [ 684.878872][ T4634] UBIFS error (pid: 4634): cannot open "ubi!_0x0", error -19 [ 684.908619][ T4634] UBIFS error (pid: 4634): cannot open "ubi!_0x0", error -19 09:01:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000004150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:45 executing program 2: 09:01:45 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x3, 0x0) 09:01:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 685.021976][ T4651] UBIFS error (pid: 4651): cannot open "ubi!_0x0", error -19 [ 685.022633][ T4651] UBIFS error (pid: 4651): cannot open "ubi!_0x0", error -19 [ 685.093127][ T4637] XFS (loop0): Invalid superblock magic number [ 685.125879][ T4664] UBIFS error (pid: 4664): cannot open "ubi!_0x0", error -19 [ 685.132046][ T4664] UBIFS error (pid: 4664): cannot open "ubi!_0x0", error -19 09:01:46 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xd4020000, 0x0, 0x0, 0x0, 0x0) 09:01:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:46 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6000000, 0x0) 09:01:46 executing program 2: 09:01:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000005150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:46 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4, 0x0) 09:01:46 executing program 2: [ 685.436676][ T4685] UBIFS error (pid: 4685): cannot open "ubi!_0x0", error -19 [ 685.439037][ T4686] UBIFS error (pid: 4686): cannot open "ubi!_0x0", error -19 [ 685.450122][ T4685] UBIFS error (pid: 4685): cannot open "ubi!_0x0", error -19 09:01:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000006150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:46 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x5, 0x0) 09:01:46 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7000000, 0x0) 09:01:46 executing program 2: [ 685.496416][ T4686] UBIFS error (pid: 4686): cannot open "ubi!_0x0", error -19 [ 685.693967][ T4711] UBIFS error (pid: 4711): cannot open "ubi!_0x0", error -19 [ 685.697148][ T4712] UBIFS error (pid: 4712): cannot open "ubi!_0x0", error -19 [ 685.700164][ T4711] UBIFS error (pid: 4711): cannot open "ubi!_0x0", error -19 [ 685.724800][ T4712] UBIFS error (pid: 4712): cannot open "ubi!_0x0", error -19 [ 685.755399][ T4694] XFS (loop0): Invalid superblock magic number 09:01:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000007150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:46 executing program 2: 09:01:46 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6, 0x0) 09:01:46 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xdc030000, 0x0, 0x0, 0x0, 0x0) 09:01:46 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x1f000000, 0x0) 09:01:46 executing program 2: [ 686.071476][ T4737] UBIFS error (pid: 4737): cannot open "ubi!_0x0", error -19 [ 686.073868][ T4738] UBIFS error (pid: 4738): cannot open "ubi!_0x0", error -19 [ 686.081637][ T4737] UBIFS error (pid: 4737): cannot open "ubi!_0x0", error -19 09:01:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000008150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:47 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7, 0x0) 09:01:47 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x20000000, 0x0) [ 686.141654][ T4738] UBIFS error (pid: 4738): cannot open "ubi!_0x0", error -19 09:01:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:47 executing program 2: [ 686.213445][ T4749] UBIFS error (pid: 4749): cannot open "ubi!_0x0", error -19 [ 686.214266][ T4749] UBIFS error (pid: 4749): cannot open "ubi!_0x0", error -19 09:01:47 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x48, 0x0) 09:01:47 executing program 2: setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000040)=0x800, 0xac) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) inotify_init() write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x200, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="bc00000004000000d2a53018fc18c26840e8ba6fbbf0863879c07f2bb669bd88444662bdeab41fba1e4266d83823a0eb795a84b2d2cf64811ff0eb8bf831f5282e5c495dc77ab52f70d2d47591b033f376f34fc8e66522350b6fdd1002baf916ea624a2e961485be3a427c2104c47f422cf24a92ba0d168ed0c76cff28a3763798cf5c70a0c09e8bb4eafa6d5c787a5a946340a3b83cd90c5a0c74322aec3411d1dc05000000400f3ab5c24585d0ea8f157ecab11fe66cd3d83cb2dd8d277315109aff14723b1786f3539288de7aa300eb083e38e27d88ee91984284df2305000000000000000000000000000000b9417b7345a323d85123037cd4086c3305a06d258e1cc87e23a91c4c84f663854004201134e4b4a66485f0c3e8cc6305a96c838a836b0e8db614fc1ad9e005ad93bc22ccd6f5d7b074e64c3e4eb3e96b31f927853d8751eac2465865254baa117d647af4ae47baa27e3ef385fedece4795259a5adc7cc1ebede598ab0b55ed13b104929112da0ad425eaa8c4cc589a95178b85786c2d57ece74fdae30f1faeeb649418fc65924e50afca34507baaf55b75a8c32f17e1d42fe32e361ca220b6f6b483ce69e6553adc2281"], 0x20480) sendfile(r1, 0xffffffffffffffff, &(0x7f0000000040)=0x100000, 0x8001) [ 686.314378][ T4763] UBIFS error (pid: 4763): cannot open "ubi!_0x0", error -19 09:01:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400000a150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 686.314941][ T4763] UBIFS error (pid: 4763): cannot open "ubi!_0x0", error -19 [ 686.372106][ T4744] XFS (loop0): Invalid superblock magic number 09:01:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 686.423597][ T4771] UBIFS error (pid: 4771): cannot open "ubi!_0x0", error -19 [ 686.424190][ T4771] UBIFS error (pid: 4771): cannot open "ubi!_0x0", error -19 09:01:47 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe4030000, 0x0, 0x0, 0x0, 0x0) 09:01:47 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x20100000, 0x0) 09:01:47 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4c, 0x0) 09:01:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400000e150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 686.955816][ T4793] UBIFS error (pid: 4793): cannot open "ubi!_0x0", error -19 [ 686.956420][ T4793] UBIFS error (pid: 4793): cannot open "ubi!_0x0", error -19 09:01:47 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x68, 0x0) 09:01:47 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x3f000000, 0x0) 09:01:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400000f150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 687.112243][ T4798] XFS (loop0): Invalid superblock magic number [ 687.197522][ T4816] UBIFS error (pid: 4816): cannot open "ubi!_0x0", error -19 [ 687.216423][ T4816] UBIFS error (pid: 4816): cannot open "ubi!_0x0", error -19 09:01:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x4, 0x4000) 09:01:48 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6c, 0x0) 09:01:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000010150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:48 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x48000000, 0x0) 09:01:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:48 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe8010000, 0x0, 0x0, 0x0, 0x0) [ 688.031652][ T4853] UBIFS error (pid: 4853): cannot open "ubi!_0x0", error -19 09:01:48 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x4c000000, 0x0) 09:01:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000028150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 688.033163][ T4853] UBIFS error (pid: 4853): cannot open "ubi!_0x0", error -19 09:01:49 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x74, 0x0) 09:01:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x850, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb49, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000001680)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x100000000000dfff, 0x1, &(0x7f0000000040)=[{&(0x7f00000016c0)="eb64c86d4f66732e66617400020441000500077008f8", 0x16}], 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_create1(0x0) removexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@known='trusted.syz\x00') gettid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000740)={{{@in6, @in6=@mcast1}}, {{@in6=@local}, 0x0, @in=@multicast2}}, &(0x7f0000000840)=0xe8) openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) 09:01:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000048150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 688.200490][ T4849] XFS (loop0): Invalid superblock magic number [ 688.225243][ T4878] UBIFS error (pid: 4878): cannot open "ubi!_0x0", error -19 09:01:49 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:49 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x68000000, 0x0) 09:01:49 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7a, 0x0) [ 688.225925][ T4878] UBIFS error (pid: 4878): cannot open "ubi!_0x0", error -19 09:01:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400004c150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:49 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x6c000000, 0x0) [ 688.391681][ T4893] UBIFS error (pid: 4893): cannot open "ubi!_0x0", error -19 [ 688.429603][ T4893] UBIFS error (pid: 4893): cannot open "ubi!_0x0", error -19 [ 688.551548][ T4901] UBIFS error (pid: 4901): cannot open "ubi!_0x0", error -19 [ 688.552247][ T4901] UBIFS error (pid: 4901): cannot open "ubi!_0x0", error -19 [ 688.711391][ C0] net_ratelimit: 22 callbacks suppressed [ 688.711399][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 688.722919][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 688.728954][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 688.734752][ C0] protocol 88fb is buggy, dev hsr_slave_1 09:01:49 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xe8030000, 0x0, 0x0, 0x0, 0x0) 09:01:49 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xf0, 0x0) 09:01:49 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000060150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:49 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x74000000, 0x0) 09:01:49 executing program 2: r0 = add_key(&(0x7f0000000280)='id_resolver\x00', &(0x7f00000002c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$revoke(0x3, r0) 09:01:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x850, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000001680)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x100000000000dfff, 0x1, &(0x7f0000000040)=[{&(0x7f00000016c0)="eb64c86d4f66732e66617400020441000500077008f8", 0x16}], 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) epoll_create1(0x0) removexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@known='trusted.syz\x00') gettid() lremovexattr(&(0x7f0000000300)='./file0\x00', 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000740)={{{@in6, @in6=@mcast1}}, {{@in6=@local}, 0x0, @in=@multicast2}}, &(0x7f0000000840)=0xe8) openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x0, 0x0) 09:01:49 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x75260000, 0x0) 09:01:49 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x300, 0x0) [ 688.859654][ T4918] UBIFS error (pid: 4918): cannot open "ubi!_0x0", error -19 [ 688.867618][ T4918] UBIFS error (pid: 4918): cannot open "ubi!_0x0", error -19 09:01:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000068150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:49 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) [ 689.025126][ T4943] UBIFS error (pid: 4943): cannot open "ubi!_0x0", error -19 09:01:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400006c150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 689.026151][ T4943] UBIFS error (pid: 4943): cannot open "ubi!_0x0", error -19 [ 689.078808][ T4934] XFS (loop0): Invalid superblock magic number [ 689.402986][ T4963] XFS (loop0): Invalid superblock magic number 09:01:50 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xf4000000, 0x0, 0x0, 0x0, 0x0) 09:01:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x7a000000, 0x0) 09:01:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000074150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:50 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x500, 0x0) 09:01:50 executing program 2 (fault-call:3 fault-nth:0): perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 689.560676][ T4982] UBIFS error (pid: 4982): cannot open "ubi!_0x0", error -19 [ 689.562701][ T4982] UBIFS error (pid: 4982): cannot open "ubi!_0x0", error -19 [ 689.570537][ T4978] FAULT_INJECTION: forcing a failure. [ 689.570537][ T4978] name failslab, interval 1, probability 0, space 0, times 0 [ 689.596143][ T4986] UBIFS error (pid: 4986): cannot open "ubi!_0x0", error -19 [ 689.596834][ T4986] UBIFS error (pid: 4986): cannot open "ubi!_0x0", error -19 09:01:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x8cffffff, 0x0) 09:01:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xc0ed0000, 0x0) [ 689.600280][ T4978] CPU: 0 PID: 4978 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 689.620308][ T4978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 689.630382][ T4978] Call Trace: [ 689.633698][ T4978] dump_stack+0x172/0x1f0 [ 689.638063][ T4978] should_fail.cold+0xa/0x15 [ 689.642682][ T4978] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 689.648518][ T4978] ? ___might_sleep+0x163/0x280 [ 689.653398][ T4978] __should_failslab+0x121/0x190 [ 689.658396][ T4978] should_failslab+0x9/0x14 09:01:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xf6ffffff, 0x0) [ 689.662935][ T4978] __kmalloc_track_caller+0x2d8/0x740 [ 689.668345][ T4978] ? trace_hardirqs_on+0x67/0x230 [ 689.672711][ T4990] UBIFS error (pid: 4990): cannot open "ubi!_0x0", error -19 [ 689.673216][ T4990] UBIFS error (pid: 4990): cannot open "ubi!_0x0", error -19 [ 689.673388][ T4978] ? lock_sock_nested+0x9a/0x120 [ 689.673491][ T4978] ? do_ipv6_setsockopt.isra.0+0x33ed/0x4110 [ 689.699127][ T4978] memdup_user+0x26/0xb0 [ 689.703411][ T4978] do_ipv6_setsockopt.isra.0+0x33ed/0x4110 09:01:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xf9fdffff, 0x0) [ 689.709257][ T4978] ? ipv6_update_options+0x3b0/0x3b0 [ 689.714671][ T4978] ? perf_trace_run_bpf_submit+0x131/0x190 [ 689.720534][ T4978] ? debug_smp_processor_id+0x3c/0x280 [ 689.726030][ T4978] ? __lock_acquire+0x548/0x3fb0 [ 689.730992][ T4978] ? perf_trace_run_bpf_submit+0x138/0x190 [ 689.736872][ T4978] ? __lock_acquire+0x548/0x3fb0 [ 689.741842][ T4978] ? perf_trace_run_bpf_submit+0x138/0x190 [ 689.747687][ T4978] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 689.754010][ T4978] ? aa_label_sk_perm+0x101/0x560 09:01:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xfeffffff, 0x0) 09:01:50 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xfffff000, 0x0) [ 689.759085][ T4978] ? aa_profile_af_perm+0x320/0x320 [ 689.764310][ T4978] ? find_held_lock+0x35/0x130 [ 689.769129][ T4978] ? __fget+0x35a/0x550 [ 689.773333][ T4978] ? lock_downgrade+0x880/0x880 [ 689.778210][ T4978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.784488][ T4978] ? kasan_check_read+0x11/0x20 [ 689.789403][ T4978] ? ___might_sleep+0x163/0x280 [ 689.794290][ T4978] ? __might_sleep+0x95/0x190 [ 689.799012][ T4978] ipv6_setsockopt+0xfc/0x170 [ 689.803708][ T4978] ? ipv6_setsockopt+0xfc/0x170 [ 689.808619][ T4978] tcp_setsockopt+0x95/0xf0 [ 689.813168][ T4978] sock_common_setsockopt+0x9a/0xe0 [ 689.818404][ T4978] __sys_setsockopt+0x180/0x280 [ 689.823270][ T4978] ? kernel_accept+0x310/0x310 [ 689.828059][ T4978] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 689.833547][ T4978] ? do_syscall_64+0x26/0x610 [ 689.838250][ T4978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.844341][ T4978] ? do_syscall_64+0x26/0x610 [ 689.849058][ T4978] __x64_sys_setsockopt+0xbe/0x150 [ 689.854283][ T4978] do_syscall_64+0x103/0x610 [ 689.858877][ T4978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.864938][ T4978] RIP: 0033:0x457f29 [ 689.868960][ T4978] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 689.888560][ T4978] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 689.896985][ T4978] RAX: ffffffffffffffda RBX: 00007f975b233c90 RCX: 0000000000457f29 [ 689.901293][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 689.904974][ T4978] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000004 [ 689.904985][ T4978] RBP: 000000000073bf00 R08: 0000000000000090 R09: 0000000000000000 [ 689.904996][ T4978] R10: 0000000020dbd000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 689.905007][ T4978] R13: 00000000004cc0e0 R14: 00000000004d9ff0 R15: 0000000000000005 [ 689.910838][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 689.927148][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 689.954653][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 689.960442][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 689.966408][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 690.093681][ T5002] XFS (loop0): Invalid superblock magic number 09:01:51 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0xf4030000, 0x0, 0x0, 0x0, 0x0) 09:01:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xfffffdf9, 0x0) 09:01:51 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x600, 0x0) 09:01:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x880400000003, 0x6) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2400007a150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 09:01:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000001640), 0x4) recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x2}, 0x80, &(0x7f0000000000), 0x159, &(0x7f00000002c0)}, 0x0) 09:01:51 executing program 2 (fault-call:3 fault-nth:1): perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000dbd000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90) [ 690.369389][ T5031] UBIFS error (pid: 5031): cannot open "ubi!_0x0", error -19 [ 690.369682][ T5027] FAULT_INJECTION: forcing a failure. [ 690.369682][ T5027] name failslab, interval 1, probability 0, space 0, times 0 09:01:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xffffff8c, 0x0) 09:01:51 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x700, 0x0) [ 690.424970][ T5031] UBIFS error (pid: 5031): cannot open "ubi!_0x0", error -19 [ 690.445070][ T5027] CPU: 0 PID: 5027 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 690.452607][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 690.452716][ T5027] Call Trace: [ 690.452752][ T5027] dump_stack+0x172/0x1f0 [ 690.452785][ T5027] should_fail.cold+0xa/0x15 [ 690.483699][ T5027] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 690.489549][ T5027] ? perf_trace_run_bpf_submit+0x131/0x190 [ 690.495385][ T5027] ? debug_smp_processor_id+0x3c/0x280 [ 690.500873][ T5027] __should_failslab+0x121/0x190 [ 690.500898][ T5027] should_failslab+0x9/0x14 [ 690.500920][ T5027] kmem_cache_alloc+0x47/0x6f0 [ 690.515195][ T5027] dst_alloc+0x10e/0x200 [ 690.519479][ T5027] ip6_dst_alloc+0x34/0xa0 [ 690.523929][ T5027] ip6_create_rt_rcu+0x255/0x370 [ 690.528879][ T5027] ? ip6_rt_copy_init+0xdf0/0xdf0 [ 690.533927][ T5027] ? rcu_read_lock_sched_held+0x110/0x130 [ 690.539767][ T5027] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 690.546042][ T5027] ? trace_fib6_table_lookup+0x77/0x2a0 [ 690.551625][ T5027] ip6_pol_route_lookup+0x838/0xbf0 [ 690.557051][ T5027] ? fib6_multipath_select+0x2d0/0x2d0 [ 690.563070][ T5027] ? save_stack+0xa9/0xd0 [ 690.567421][ T5027] ? save_stack+0x45/0xd0 [ 690.573111][ T5027] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 690.579645][ T5027] ? kasan_kmalloc+0x9/0x10 [ 690.584180][ T5027] ? __kmalloc_track_caller+0x158/0x740 09:01:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xfffffff6, 0x0) [ 690.592003][ T5027] fib6_rule_lookup+0x128/0x560 [ 690.596901][ T5027] ? fib6_multipath_select+0x2d0/0x2d0 [ 690.598343][ T5048] UBIFS error (pid: 5048): cannot open "ubi!_0x0", error -19 [ 690.598914][ T5048] UBIFS error (pid: 5048): cannot open "ubi!_0x0", error -19 [ 690.602497][ T5027] ? fib6_lookup+0x360/0x360 [ 690.602524][ T5027] ? __lock_acquire+0x548/0x3fb0 [ 690.602545][ T5027] ? perf_trace_run_bpf_submit+0x138/0x190 [ 690.602584][ T5027] rt6_lookup+0x1b4/0x280 [ 690.602605][ T5027] ? ip6_route_input_lookup+0xd0/0xd0 [ 690.602641][ T5027] ? lock_acquire+0x16f/0x3f0 [ 690.602660][ T5027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.602756][ T5027] ip6_mc_find_dev_rcu+0x45/0x230 [ 690.602781][ T5027] ip6_mc_msfilter+0x219/0xe00 [ 690.669006][ T5027] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 690.675551][ T5027] ? _copy_from_user+0xdd/0x150 [ 690.680538][ T5027] do_ipv6_setsockopt.isra.0+0x3933/0x4110 [ 690.686501][ T5027] ? ipv6_update_options+0x3b0/0x3b0 09:01:51 executing program 5: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0x1020, 0x0) [ 690.691849][ T5027] ? perf_trace_run_bpf_submit+0x131/0x190 [ 690.697678][ T5027] ? debug_smp_processor_id+0x3c/0x280 [ 690.703293][ T5027] ? __lock_acquire+0x548/0x3fb0 [ 690.708354][ T5027] ? perf_trace_run_bpf_submit+0x138/0x190 [ 690.714544][ T5027] ? __lock_acquire+0x548/0x3fb0 [ 690.719515][ T5027] ? perf_trace_run_bpf_submit+0x138/0x190 [ 690.725380][ T5027] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 690.731655][ T5027] ? aa_label_sk_perm+0x101/0x560 [ 690.736751][ T5027] ? aa_profile_af_perm+0x320/0x320 09:01:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xfffffffe, 0x0) [ 690.741980][ T5027] ? find_held_lock+0x35/0x130 [ 690.746809][ T5027] ? __fget+0x35a/0x550 [ 690.751010][ T5027] ? lock_downgrade+0x880/0x880 [ 690.755896][ T5027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.762190][ T5027] ? kasan_check_read+0x11/0x20 [ 690.767343][ T5027] ? ___might_sleep+0x163/0x280 [ 690.772230][ T5027] ? __might_sleep+0x95/0x190 [ 690.778011][ T5027] ipv6_setsockopt+0xfc/0x170 [ 690.782729][ T5027] ? ipv6_setsockopt+0xfc/0x170 [ 690.787618][ T5027] tcp_setsockopt+0x95/0xf0 09:01:51 executing program 3: mount(&(0x7f0000000100)=@sg0='ubi!_0x0\x00', &(0x7f00000000c0)='.', &(0x7f0000000380)='ubifs\x00', 0xedc000000000, 0x0) [ 690.792158][ T5027] sock_common_setsockopt+0x9a/0xe0 [ 690.797404][ T5027] __sys_setsockopt+0x180/0x280 [ 690.802298][ T5027] ? kernel_accept+0x310/0x310 [ 690.807103][ T5027] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 690.812591][ T5027] ? do_syscall_64+0x26/0x610 [ 690.817288][ T5027] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.823396][ T5027] ? do_syscall_64+0x26/0x610 [ 690.828302][ T5027] __x64_sys_setsockopt+0xbe/0x150 [ 690.833472][ T5027] do_syscall_64+0x103/0x610 [ 690.838105][ T5027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.844024][ T5027] RIP: 0033:0x457f29 [ 690.847949][ T5027] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 690.867594][ T5027] RSP: 002b:00007f975b233c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 690.876035][ T5027] RAX: ffffffffffffffda RBX: 00007f975b233c90 RCX: 0000000000457f29 [ 690.884032][ T5027] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000004 [ 690.892035][ T5027] RBP: 000000000073bf00 R08: 0000000000000090 R09: 0000000000000000 [ 690.900150][ T5027] R10: 0000000020dbd000 R11: 0000000000000246 R12: 00007f975b2346d4 [ 690.908145][ T5027] R13: 00000000004cc0e0 R14: 00000000004d9ff0 R15: 0000000000000005 [ 691.021072][ T5057] XFS (loop0): Invalid superblock magic number [ 691.133998][ T5057] WARNING: CPU: 1 PID: 5057 at kernel/locking/lockdep.c:1024 lockdep_register_key+0x10d/0x490 [ 691.144252][ T5057] Kernel panic - not syncing: panic_on_warn set ... [ 691.150877][ T5057] CPU: 1 PID: 5057 Comm: syz-executor.0 Not tainted 5.0.0-next-20190306 #4 [ 691.159446][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.169487][ T5057] Call Trace: [ 691.172771][ T5057] dump_stack+0x172/0x1f0 [ 691.177099][ T5057] ? lockdep_register_key+0xf0/0x490 [ 691.182450][ T5057] panic+0x2cb/0x65c [ 691.186325][ T5057] ? __warn_printk+0xf3/0xf3 [ 691.190998][ T5057] ? lockdep_register_key+0x10d/0x490 [ 691.196383][ T5057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.202608][ T5057] ? __warn.cold+0x5/0x45 [ 691.206917][ T5057] ? lockdep_register_key+0x10d/0x490 [ 691.212269][ T5057] __warn.cold+0x20/0x45 [ 691.216925][ T5057] ? lockdep_register_key+0x10d/0x490 [ 691.222276][ T5057] report_bug+0x263/0x2b0 [ 691.226999][ T5057] do_error_trap+0x11b/0x200 [ 691.231596][ T5057] do_invalid_op+0x37/0x50 [ 691.236101][ T5057] ? lockdep_register_key+0x10d/0x490 [ 691.241481][ T5057] invalid_op+0x14/0x20 [ 691.245625][ T5057] RIP: 0010:lockdep_register_key+0x10d/0x490 [ 691.251599][ T5057] Code: 75 23 e9 e5 01 00 00 48 89 da 48 c1 ea 03 42 80 3c 3a 00 0f 85 b1 02 00 00 48 8b 1b 48 85 db 0f 84 c7 01 00 00 4c 39 e3 75 dd <0f> 0b 48 c7 c0 b8 57 5e 89 48 ba 00 00 00 00 00 fc ff df 48 89 c1 [ 691.271212][ T5057] RSP: 0018:ffff88808b84fa50 EFLAGS: 00010046 [ 691.277354][ T5057] RAX: dffffc0000000000 RBX: ffff888093f54418 RCX: 1ffffffff12bcaf7 [ 691.285417][ T5057] RDX: 1ffffffff1467fe0 RSI: 0000000000000000 RDI: ffff888055ba2d7c [ 691.293370][ T5057] RBP: ffff88808b84fa80 R08: ffffffff8a33ff00 R09: ffffed1011709f3f [ 691.301347][ T5057] R10: ffffed1011709f3e R11: 0000000000000003 R12: ffff888093f54418 [ 691.309305][ T5057] R13: 0000000000000b0c R14: 0000000000000286 R15: dffffc0000000000 [ 691.317329][ T5057] alloc_workqueue+0x427/0xe70 [ 691.322112][ T5057] ? up_write+0x1c/0x150 [ 691.326343][ T5057] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 691.332040][ T5057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.338330][ T5057] ? xfs_open_devices+0x14a/0x560 [ 691.343340][ T5057] xfs_init_mount_workqueues+0x27c/0x660 [ 691.349600][ T5057] ? sb_set_blocksize+0xe4/0x110 [ 691.354519][ T5057] xfs_fs_fill_super+0x749/0x1670 [ 691.359555][ T5057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.365775][ T5057] mount_bdev+0x307/0x3c0 [ 691.370089][ T5057] ? xfs_test_remount_options+0x90/0x90 [ 691.375624][ T5057] xfs_fs_mount+0x35/0x40 [ 691.379940][ T5057] ? xfs_finish_flags+0x490/0x490 [ 691.385136][ T5057] legacy_get_tree+0xf2/0x200 [ 691.389792][ T5057] vfs_get_tree+0x123/0x450 [ 691.394376][ T5057] do_mount+0x1436/0x2c40 [ 691.398711][ T5057] ? copy_mount_string+0x40/0x40 [ 691.403642][ T5057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.409869][ T5057] ? copy_mount_options+0x280/0x3a0 [ 691.415245][ T5057] ksys_mount+0xdb/0x150 [ 691.419498][ T5057] __x64_sys_mount+0xbe/0x150 [ 691.424157][ T5057] do_syscall_64+0x103/0x610 [ 691.428724][ T5057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.434627][ T5057] RIP: 0033:0x45a99a [ 691.438536][ T5057] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 691.458236][ T5057] RSP: 002b:00007f0964174a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 691.466627][ T5057] RAX: ffffffffffffffda RBX: 00007f0964174b30 RCX: 000000000045a99a [ 691.474826][ T5057] RDX: 00007f0964174ad0 RSI: 0000000020000200 RDI: 00007f0964174af0 [ 691.482955][ T5057] RBP: 0000000020000200 R08: 00007f0964174b30 R09: 00007f0964174ad0 [ 691.490907][ T5057] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 691.498887][ T5057] R13: 0000000000000000 R14: 00000000004dbee0 R15: 00000000ffffffff [ 691.508030][ T5057] Kernel Offset: disabled [ 691.512355][ T5057] Rebooting in 86400 seconds..