[ 38.824690][ T26] audit: type=1800 audit(1554656492.932:27): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 38.852748][ T26] audit: type=1800 audit(1554656492.932:28): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.450602][ T26] audit: type=1800 audit(1554656493.622:29): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 39.472185][ T26] audit: type=1800 audit(1554656493.632:30): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. 2019/04/07 17:01:54 fuzzer started 2019/04/07 17:01:57 dialing manager at 10.128.0.26:34543 2019/04/07 17:01:57 syscalls: 2408 2019/04/07 17:01:57 code coverage: enabled 2019/04/07 17:01:57 comparison tracing: enabled 2019/04/07 17:01:57 extra coverage: extra coverage is not supported by the kernel 2019/04/07 17:01:57 setuid sandbox: enabled 2019/04/07 17:01:57 namespace sandbox: enabled 2019/04/07 17:01:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 17:01:57 fault injection: enabled 2019/04/07 17:01:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 17:01:57 net packet injection: enabled 2019/04/07 17:01:57 net device setup: enabled 17:04:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/\x00\x00z0\x00\x906\xa3\x95A\x1c\xf5\xee\x8aj\xdf\n\xcb\xf0\xce\xd9,Fj\xbd\xad\x89!\xf9\x00\x9f\x80\xd5\x01)c)\xaa\xba\x92\xe1\xd6\xa6\x0fTA\x16jwl\x1a\x92% \x1dY\xed\x87b_\xc4\x97r\xf68u\xf4~g\x1b\xf3g\x0e\x167F\xce\x93\xef\xe1\x91\x81\xe3\xc7*\xdb\x84\x82$\xaa\x8f\xd6 \x98\x81\f\xf4R\x99\xb2\x87#E\xccGc\xf2\x0fs\xed\xff\xc7\xed>Zy\x92\t\xcd\xc8\fN4\x1fn\x99\xd3P!\xb2gR\xdb\xd1\x95`\xadf\xdb($B\x95\xd1\xef\x15\x9ek\b\xc7\x17u<\xcb\xec\xde\x92 \xf1\x01X!y\x8e\f\x1eo\x84o\x12\x1b\x17\xb3\xd7%Mw\xb9[\v\x19B\n\x87l\x9b\xacn\x86tt\xeb\xb7\xf9r\x82\x16\xac\x12\xc9\x00'/265, 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000380), 0x12) syzkaller login: [ 195.039307][ T7771] IPVS: ftp: loaded support on port[0] = 21 17:04:09 executing program 1: mknod$loop(&(0x7f0000000100)='./file0\x00', 0x6009, 0x0) r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0) ioctl$BLKFLSBUF(r0, 0x1261, 0x0) [ 195.152583][ T7771] chnl_net:caif_netlink_parms(): no params data found [ 195.233722][ T7771] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.242996][ T7771] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.251385][ T7771] device bridge_slave_0 entered promiscuous mode [ 195.261047][ T7771] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.268697][ T7771] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.276976][ T7771] device bridge_slave_1 entered promiscuous mode [ 195.300054][ T7771] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.310828][ T7771] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.343109][ T7771] team0: Port device team_slave_0 added [ 195.357191][ T7774] IPVS: ftp: loaded support on port[0] = 21 [ 195.365915][ T7771] team0: Port device team_slave_1 added 17:04:09 executing program 2: r0 = socket$kcm(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_attach_bpf(r0, 0x10e, 0x2, 0x0, 0x0) [ 195.447830][ T7771] device hsr_slave_0 entered promiscuous mode [ 195.534333][ T7771] device hsr_slave_1 entered promiscuous mode 17:04:09 executing program 3: rseq(0x0, 0x0, 0x0, 0x0) socket(0x0, 0x0, 0xdf) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) clock_gettime(0x0, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') sendfile(r1, r2, 0x0, 0x50000000000443) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x7) read$alg(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) write$binfmt_misc(r1, 0x0, 0x0) clock_gettime(0x0, 0x0) [ 195.617943][ T7776] IPVS: ftp: loaded support on port[0] = 21 [ 195.659276][ T7771] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.666566][ T7771] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.674424][ T7771] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.681526][ T7771] bridge0: port 1(bridge_slave_0) entered forwarding state 17:04:10 executing program 4: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x20011, r0, 0x0) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000040)) [ 195.861383][ T7774] chnl_net:caif_netlink_parms(): no params data found [ 195.883566][ T7771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.896697][ T7780] IPVS: ftp: loaded support on port[0] = 21 [ 195.989000][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.004955][ T7778] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.025329][ T7778] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.045169][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 196.070835][ T7771] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.116867][ T7776] chnl_net:caif_netlink_parms(): no params data found [ 196.153091][ T7785] IPVS: ftp: loaded support on port[0] = 21 [ 196.161205][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.171902][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.179035][ T7778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.196873][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.207399][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state 17:04:10 executing program 5: clone(0x2302001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xa) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xde}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 196.214530][ T7778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.234862][ T7774] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.241927][ T7774] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.251092][ T7774] device bridge_slave_0 entered promiscuous mode [ 196.286214][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.300795][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.310158][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.322983][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.331993][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.340708][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.349277][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.360879][ T7774] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.368466][ T7774] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.377868][ T7774] device bridge_slave_1 entered promiscuous mode [ 196.425017][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.436925][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.445715][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.454527][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.486675][ T7774] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.497258][ T7774] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.513347][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.520561][ T7776] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.528153][ T7776] device bridge_slave_0 entered promiscuous mode [ 196.538117][ T7771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.558272][ T7774] team0: Port device team_slave_0 added [ 196.561385][ T7787] IPVS: ftp: loaded support on port[0] = 21 [ 196.568408][ T7774] team0: Port device team_slave_1 added [ 196.576886][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.584094][ T7776] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.591738][ T7776] device bridge_slave_1 entered promiscuous mode [ 196.615172][ T7776] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.627109][ T7776] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.705912][ T7774] device hsr_slave_0 entered promiscuous mode [ 196.744184][ T7774] device hsr_slave_1 entered promiscuous mode [ 196.801647][ T7776] team0: Port device team_slave_0 added [ 196.822014][ T7776] team0: Port device team_slave_1 added [ 196.870808][ T7771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.897312][ T7780] chnl_net:caif_netlink_parms(): no params data found [ 196.995587][ T7776] device hsr_slave_0 entered promiscuous mode [ 197.034365][ T7776] device hsr_slave_1 entered promiscuous mode 17:04:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000001800120008000100707070000c00020008000100", @ANYRES32=r0], 0x2}}, 0x0) [ 197.197591][ T7780] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.208259][ T7780] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.216320][ T7780] device bridge_slave_0 entered promiscuous mode [ 197.234975][ T7787] chnl_net:caif_netlink_parms(): no params data found 17:04:11 executing program 0: [ 197.264240][ T7780] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.271335][ T7780] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.280248][ T7780] device bridge_slave_1 entered promiscuous mode [ 197.297355][ T7785] chnl_net:caif_netlink_parms(): no params data found [ 197.343323][ T7780] bond0: Enslaving bond_slave_0 as an active interface with an up link 17:04:11 executing program 0: 17:04:11 executing program 0: [ 197.429801][ T7780] bond0: Enslaving bond_slave_1 as an active interface with an up link 17:04:11 executing program 0: [ 197.480595][ T7787] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.498674][ T7787] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.506821][ T7787] device bridge_slave_0 entered promiscuous mode 17:04:11 executing program 0: [ 197.542029][ T7780] team0: Port device team_slave_0 added [ 197.567254][ T7787] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.575979][ T7787] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.585308][ T7787] device bridge_slave_1 entered promiscuous mode 17:04:11 executing program 0: [ 197.598852][ T7785] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.606914][ T7785] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.618130][ T7785] device bridge_slave_0 entered promiscuous mode [ 197.633564][ T7780] team0: Port device team_slave_1 added [ 197.645203][ T7774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.671444][ T7787] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.680008][ T7785] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.688134][ T7785] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.698584][ T7785] device bridge_slave_1 entered promiscuous mode [ 197.737929][ T7787] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 197.754799][ T7776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.763737][ T7785] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.797138][ T7780] device hsr_slave_0 entered promiscuous mode [ 197.844343][ T7780] device hsr_slave_1 entered promiscuous mode [ 197.898706][ T7776] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.907335][ T7785] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 197.919410][ T7774] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.929004][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.936895][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.944890][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.952447][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.967264][ T7787] team0: Port device team_slave_0 added [ 197.981351][ T7787] team0: Port device team_slave_1 added [ 197.988466][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.997207][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.005905][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.012949][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.020721][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.031010][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.039378][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.046542][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.054390][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.063234][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.111476][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.120620][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.129411][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.136556][ T7778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.144328][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.152812][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.161191][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.168268][ T7778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.177115][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.185955][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.194936][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.203258][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.211879][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.220312][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.228892][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.237282][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.245692][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.254119][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.261994][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.315782][ T7787] device hsr_slave_0 entered promiscuous mode [ 198.354189][ T7787] device hsr_slave_1 entered promiscuous mode [ 198.418273][ T7785] team0: Port device team_slave_0 added [ 198.425102][ T7776] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 198.435654][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.471021][ T7785] team0: Port device team_slave_1 added [ 198.478469][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.490706][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.499777][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.508448][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.517295][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.525718][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.534106][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.542258][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.550859][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.560076][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 198.582173][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.656892][ T7785] device hsr_slave_0 entered promiscuous mode [ 198.714469][ T7785] device hsr_slave_1 entered promiscuous mode [ 198.758697][ T7780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.780617][ T7776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.791907][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.800072][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.819632][ T7780] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.863302][ T7774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.884187][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.892845][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.905099][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.912152][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.920571][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.929506][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.938034][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.945136][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.952838][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.962976][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.979706][ T7787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.013204][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.022434][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.039269][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.051905][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 17:04:13 executing program 1: [ 199.071957][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.085290][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.093665][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.102495][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 17:04:13 executing program 2: [ 199.121470][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.142859][ T7780] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.153589][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.198094][ T7787] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.221413][ T7780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.231196][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.241229][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.274588][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.283320][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.315003][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.322103][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.331065][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.340328][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.351370][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.358522][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.366401][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.376065][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.397246][ C0] hrtimer: interrupt took 36282 ns [ 199.408515][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.423036][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.440082][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.450047][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.465421][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.474372][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.482996][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.495795][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.504623][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.513339][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.530005][ T7785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.556680][ T7785] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.566279][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.575742][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.603480][ T7785] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 199.615753][ T7785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.631919][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.640964][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.649549][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.656676][ T7778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.665341][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.673949][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.682249][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.698065][ T7778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.706318][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.715078][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.726737][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.735527][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.743802][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.752440][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.760796][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.770084][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.778489][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.786900][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.795990][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.803995][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.811773][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.830142][ T7785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.841824][ T7787] 8021q: adding VLAN 0 to HW filter on device batadv0 17:04:14 executing program 1: 17:04:14 executing program 0: 17:04:14 executing program 2: 17:04:14 executing program 5: 17:04:14 executing program 3: 17:04:14 executing program 4: 17:04:14 executing program 0: 17:04:14 executing program 1: 17:04:14 executing program 2: 17:04:14 executing program 4: 17:04:14 executing program 5: 17:04:14 executing program 3: 17:04:14 executing program 0: 17:04:14 executing program 1: 17:04:14 executing program 2: 17:04:14 executing program 4: 17:04:14 executing program 5: 17:04:14 executing program 3: 17:04:14 executing program 0: 17:04:15 executing program 5: 17:04:15 executing program 1: 17:04:15 executing program 4: 17:04:15 executing program 3: 17:04:15 executing program 2: 17:04:15 executing program 1: 17:04:15 executing program 5: 17:04:15 executing program 0: 17:04:15 executing program 3: 17:04:15 executing program 4: 17:04:15 executing program 1: 17:04:15 executing program 5: 17:04:15 executing program 2: 17:04:15 executing program 3: 17:04:15 executing program 4: 17:04:15 executing program 1: 17:04:15 executing program 0: 17:04:15 executing program 2: 17:04:15 executing program 5: 17:04:15 executing program 1: 17:04:15 executing program 4: 17:04:15 executing program 3: 17:04:15 executing program 0: 17:04:15 executing program 2: 17:04:15 executing program 5: 17:04:15 executing program 1: 17:04:15 executing program 4: 17:04:15 executing program 3: 17:04:15 executing program 2: 17:04:15 executing program 0: 17:04:15 executing program 5: 17:04:15 executing program 4: 17:04:15 executing program 1: 17:04:15 executing program 2: 17:04:15 executing program 3: 17:04:16 executing program 0: 17:04:16 executing program 1: 17:04:16 executing program 4: 17:04:16 executing program 2: 17:04:16 executing program 5: 17:04:16 executing program 3: 17:04:16 executing program 4: 17:04:16 executing program 0: 17:04:16 executing program 1: 17:04:16 executing program 2: 17:04:16 executing program 3: 17:04:16 executing program 5: 17:04:16 executing program 1: 17:04:16 executing program 4: 17:04:16 executing program 0: 17:04:16 executing program 2: 17:04:16 executing program 5: 17:04:16 executing program 3: 17:04:16 executing program 4: 17:04:16 executing program 0: 17:04:16 executing program 1: 17:04:16 executing program 3: 17:04:16 executing program 5: 17:04:16 executing program 2: 17:04:16 executing program 4: 17:04:16 executing program 3: 17:04:16 executing program 0: 17:04:16 executing program 4: 17:04:16 executing program 5: 17:04:16 executing program 2: 17:04:16 executing program 1: 17:04:16 executing program 3: 17:04:16 executing program 3: 17:04:16 executing program 4: 17:04:16 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x6f6, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0305602, &(0x7f0000000040)={0x1}) 17:04:17 executing program 5: 17:04:17 executing program 1: 17:04:17 executing program 2: 17:04:17 executing program 3: 17:04:17 executing program 1: 17:04:17 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x400448e2, &(0x7f0000000080)) 17:04:17 executing program 3: clone(0x800000000041f9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000001c0)) ptrace(0x10, r0) ptrace(0x4208, r0) 17:04:17 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x400448de, &(0x7f0000000080)) 17:04:17 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x400448e0, &(0x7f0000000080)) 17:04:17 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000080)) 17:04:17 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:17 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'vet\x00\x00\x96T\x00\x00\x00\x00\x00\xbdh \x00', 0x402}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'vd\x7f\x00\x16\x00\xf9V\xdbZ\xdd\x91\x80\xd2{\x00', 0x43732e5398417f1e}) 17:04:17 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r2, r0, 0x0, 0x2000005) 17:04:17 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x400448e3, &(0x7f0000000080)) 17:04:17 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x37fffd, @empty}, 0x1c) 17:04:17 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x400448df, &(0x7f0000000080)) 17:04:17 executing program 4: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000000)={0xa6, 0x0, [0x2]}) [ 203.477076][ T8084] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 17:04:18 executing program 3: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@gid={'gid'}}]}) 17:04:18 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:18 executing program 4: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:18 executing program 2: socket(0x800000018, 0x2, 0x0) r0 = socket(0x18, 0x2, 0x0) connect$unix(r0, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) 17:04:18 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) [ 203.962266][ T8103] FAT-fs (loop5): bogus number of reserved sectors [ 204.002246][ T8103] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:18 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x6, 0x4, 0x20001000000009}, 0x3c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000640)={r0, &(0x7f00000005c0)}, 0x10) 17:04:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 204.023185][ T8110] FAT-fs (loop3): bogus number of reserved sectors 17:04:18 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 204.081371][ T8110] FAT-fs (loop3): Can't find a valid FAT filesystem [ 204.124825][ T8119] FAT-fs (loop5): bogus number of reserved sectors [ 204.154571][ T8122] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 204.163473][ T8119] FAT-fs (loop5): Can't find a valid FAT filesystem [ 204.227153][ T8110] FAT-fs (loop3): bogus number of reserved sectors [ 204.261699][ T8110] FAT-fs (loop3): Can't find a valid FAT filesystem 17:04:18 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4080, 0x0) 17:04:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)="4cbc5c811fec5e158176494d8adefaccada213786ce69c2200fe432dff8469b70addc2a0a35500cde337f6807263e4d0be4c9c33688ff1a6f1477f554ba45a92ee10d9378072218e2e2b3ecb06845de444ba3ff15c4c9775f160a8d99e4a96028fc684333a23c90fe8a752c4dc5b534c6a2f463e3c52bacc3618956794d37b50cf83c723ab9a5f4fbdc0c9609755fa9a589d310f1eeb1ae4c6cdc7a20b165b89421ebf143d2697a43123bfab40e8a59b62f3fa5e0b6a217a0695f1ae2292a0f519e1325d58bcce4ce947") ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 204.370988][ T8138] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 17:04:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:18 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:18 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) 17:04:18 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 204.593704][ T8145] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 17:04:18 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 204.659015][ T8157] FAT-fs (loop5): bogus number of reserved sectors [ 204.697566][ T8157] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:19 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) [ 204.890886][ T8175] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 17:04:19 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:19 executing program 4: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 205.128809][ T8179] FAT-fs (loop5): bogus number of reserved sectors 17:04:19 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000200)='/dev/md0\x00', 0x0, 0x0) 17:04:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:19 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:19 executing program 4: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 205.180386][ T8179] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:19 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:19 executing program 4: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:19 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) [ 205.542052][ T8211] FAT-fs (loop5): bogus number of reserved sectors [ 205.586366][ T8211] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:19 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000040)={@dev}, 0xfe53) 17:04:19 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:19 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:20 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r0) [ 205.864333][ T8232] FAT-fs (loop5): bogus number of reserved sectors 17:04:20 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 205.914025][ T8232] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:20 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:20 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:20 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:20 executing program 3: socket$bt_rfcomm(0x1f, 0x0, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r0) 17:04:20 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) [ 206.246410][ T8258] FAT-fs (loop5): bogus number of reserved sectors 17:04:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="baa000edf26df20f080347640f0058d5640f320f381dec0f221b8d4e9c66b80500000066b94a7b00000f01c1", 0x2c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 206.300115][ T8258] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x21009080}, 0xfffffffffffffd23, 0x0}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060", 0x3f}], 0x1, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='auxv\x00') ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) execve(0x0, &(0x7f0000000300)=[&(0x7f0000000200)='/dev/hwrng\x00'], 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:20 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:20 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 17:04:20 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:20 executing program 0: setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000380), 0x4) socket$inet6_udp(0xa, 0x2, 0x0) r0 = syz_open_dev$usbmon(0x0, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000640)=""/4096, &(0x7f0000000000)=0x1000) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, &(0x7f0000000200)) r1 = socket$inet6(0xa, 0x2, 0x0) lookup_dcookie(0x4, 0x0, 0x0) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x800010b, 0x18) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000040)) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000000c0)=0x18, 0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000080)={0x0, r0}) 17:04:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x0, 0x0) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 206.813187][ T8297] FAT-fs (loop5): bogus number of reserved sectors 17:04:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 17:04:21 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 206.901380][ T8297] FAT-fs (loop5): Can't find a valid FAT filesystem [ 206.986327][ T8309] kvm: emulating exchange as write 17:04:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 17:04:21 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:21 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) [ 207.253839][ T8322] FAT-fs (loop5): bogus number of reserved sectors [ 207.321537][ T8322] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 17:04:21 executing program 3: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0xc, 0x0, &(0x7f00000000c0)=0x160) 17:04:21 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:21 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='reno\x00', 0x5) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) 17:04:21 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:21 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f00009b1ffc)) clock_nanosleep(0x0, 0x0, &(0x7f0000000240)={0x77359400}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) write$binfmt_misc(r2, &(0x7f0000000080)=ANY=[@ANYRESHEX], 0x64e6) sendfile(r1, r2, &(0x7f0000000000), 0xffff) fcntl$addseals(r2, 0x409, 0x8) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000380)={0x0, 0x0, 0x0, 0xfff}) tkill(r0, 0x1000000000016) 17:04:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000040)) 17:04:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) [ 207.761527][ T8342] FAT-fs (loop5): bogus number of reserved sectors [ 207.784593][ T8342] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:22 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 17:04:22 executing program 1: syz_open_dev$usb(0x0, 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:22 executing program 3: signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000380)=""/115, 0x73}], 0x1, 0x10400007) [ 208.077342][ T8376] FAT-fs (loop5): bogus number of reserved sectors [ 208.114817][ T8376] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 17:04:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x800448d3, &(0x7f0000000080)) 17:04:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:22 executing program 1: syz_open_dev$usb(0x0, 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:22 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:22 executing program 0: socket$bt_rfcomm(0x1f, 0x0, 0x3) fstat(0xffffffffffffffff, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 17:04:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x0, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000004040)={0x0, 0x6, 0x7ff, 0x8}, 0x10) 17:04:22 executing program 1: syz_open_dev$usb(0x0, 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 208.712916][ T8402] FAT-fs (loop5): bogus number of reserved sectors [ 208.727535][ T8402] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x0, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:23 executing program 3: socket$bt_rfcomm(0x1f, 0x0, 0x3) fstat(0xffffffffffffffff, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r0) 17:04:23 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:23 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x0, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 209.030209][ T8432] FAT-fs (loop5): bogus number of reserved sectors 17:04:23 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:23 executing program 0: socket$bt_rfcomm(0x1f, 0x0, 0x3) fstat(0xffffffffffffffff, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 209.102250][ T8432] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:23 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x0, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:23 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x0, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 209.446737][ T8469] FAT-fs (loop5): bogus number of reserved sectors [ 209.474629][ T8469] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:23 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:23 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x0, 0x0, 0x0, {0x1}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:23 executing program 0: socket$bt_rfcomm(0x1f, 0x0, 0x3) fstat(0xffffffffffffffff, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 17:04:23 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:24 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 209.775333][ T8494] FAT-fs (loop5): bogus number of reserved sectors [ 209.786546][ T8494] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 209.902499][ T8508] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 17:04:24 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:24 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:24 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x200000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x3, &(0x7f0000346fc8)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) 17:04:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 210.068181][ T8517] FAT-fs (loop5): bogus number of reserved sectors [ 210.095690][ T8517] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:24 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) [ 210.185283][ T8527] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 17:04:24 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:24 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:24 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8943, &(0x7f0000000040)='vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdb\x00') 17:04:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 210.340046][ T8533] FAT-fs (loop5): bogus number of reserved sectors 17:04:24 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140), 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 210.409358][ T8533] FAT-fs (loop5): Can't find a valid FAT filesystem [ 210.447888][ T8545] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 17:04:24 executing program 0: syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x201, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) creat(&(0x7f0000000000)='./file1\x00', 0x11) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000002c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) write$apparmor_exec(r2, 0x0, 0x0) 17:04:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:24 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x39, 0x82d, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) 17:04:24 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140), 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:24 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:24 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:25 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1, 0x54}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x48) [ 210.846135][ T8567] FAT-fs (loop5): bogus number of reserved sectors 17:04:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x39, 0x82d, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) [ 210.904531][ T8567] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:25 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140), 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:25 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:25 executing program 0: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getpgrp(0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000440)={'syz1'}, 0x11008) 17:04:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x39, 0x82d, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) 17:04:25 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 211.232401][ T8600] FAT-fs (loop5): bogus number of reserved sectors [ 211.294378][ T8600] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:25 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:25 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x0, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:25 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:25 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:25 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$HCIINQUIRY(r1, 0x400448e4, &(0x7f0000000080)) 17:04:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x0, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:26 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:26 executing program 0: socket$bt_rfcomm(0x1f, 0x0, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000004040)={0x0, 0x6, 0x7ff, 0x8}, 0x10) openat$vhci(0xffffffffffffff9c, 0x0, 0x0) [ 211.810096][ T8629] FAT-fs (loop5): bogus number of reserved sectors [ 211.836923][ T8629] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:26 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0xc, 0x0, [@typed={0x8, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:04:26 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 212.110349][ T8655] FAT-fs (loop5): bogus number of reserved sectors [ 212.187095][ T8655] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:26 executing program 0: r0 = socket$kcm(0xa, 0x3, 0x87) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair(0x1f, 0x0, 0x0, 0x0) 17:04:26 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:26 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x18, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0x4, 0x2}]}, 0x18}}, 0x0) 17:04:26 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:26 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 212.778018][ T8674] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 212.807501][ T8676] FAT-fs (loop5): bogus number of reserved sectors 17:04:27 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 212.829889][ T8676] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:27 executing program 0: r0 = socket$kcm(0x10, 0x800000000002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="2e0000001c008104e00f80ecdb4cb90402c804a012000000980010fb120001000e00da1b40d819a9060015000000", 0x2e}], 0x1}, 0x0) 17:04:27 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x18, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0x4, 0x2}]}, 0x18}}, 0x0) 17:04:27 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:27 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:27 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:27 executing program 0: r0 = socket$kcm(0x10, 0x800000000002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="2e0000001c008104e00f80ecdb4cb90402c804a012000000980010fb120001000e00da1b40d819a9060015000000", 0x2e}], 0x1}, 0x0) [ 213.082109][ T8698] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 213.114173][ T8700] FAT-fs (loop5): bogus number of reserved sectors 17:04:27 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x18, 0x39, 0x82d, 0x0, 0x0, {0x1}, [@nested={0x4, 0x2}]}, 0x18}}, 0x0) [ 213.177169][ T8700] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:27 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:27 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:27 executing program 0: r0 = socket$kcm(0x10, 0x800000000002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="2e0000001c008104e00f80ecdb4cb90402c804a012000000980010fb120001000e00da1b40d819a9060015000000", 0x2e}], 0x1}, 0x0) 17:04:27 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 213.364548][ T8719] netlink: 'syz-executor.4': attribute type 2 has an invalid length. 17:04:27 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:27 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$rds(0x15, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0700000000000000000000000000000000000000ffffffff"], 0x18}, 0x0) 17:04:27 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:27 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:27 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x800000006) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 213.757479][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 213.767094][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 213.772139][ T8762] CPU: 1 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 213.781164][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.791222][ T8762] Call Trace: [ 213.791278][ T8762] dump_stack+0x172/0x1f0 [ 213.791307][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 213.804430][ T8762] sk_mc_loop+0x1d/0x210 [ 213.804449][ T8762] ip_mc_output+0x2ef/0xf70 [ 213.804480][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 213.804495][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 213.804511][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 213.804525][ T8762] ? dst_release+0x62/0xb0 [ 213.804545][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 213.837887][ T8762] ip_local_out+0xc4/0x1b0 [ 213.842306][ T8762] ip_send_skb+0x42/0xf0 [ 213.846551][ T8762] ip_push_pending_frames+0x64/0x80 [ 213.851748][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 213.856342][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 213.861314][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 213.866785][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 213.871741][ T8762] ? ___might_sleep+0x163/0x280 [ 213.876596][ T8762] ? __might_sleep+0x95/0x190 [ 213.881288][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 213.886926][ T8762] ? aa_sk_perm+0x288/0x880 [ 213.891429][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 213.896734][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 213.902282][ T8762] inet_sendmsg+0x147/0x5e0 [ 213.906871][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 213.912328][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 213.917024][ T8762] ? ipip_gro_receive+0x100/0x100 [ 213.922051][ T8762] sock_sendmsg+0xdd/0x130 [ 213.926480][ T8762] kernel_sendmsg+0x44/0x50 [ 213.930990][ T8762] sock_no_sendpage+0x116/0x150 [ 213.935838][ T8762] ? sock_kfree_s+0x70/0x70 [ 213.940361][ T8762] inet_sendpage+0x44a/0x630 [ 213.944961][ T8762] kernel_sendpage+0x95/0xf0 [ 213.949548][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 213.954225][ T8762] sock_sendpage+0x8b/0xc0 [ 213.958646][ T8762] ? pipe_lock+0x6e/0x80 [ 213.962891][ T8762] pipe_to_sendpage+0x299/0x370 [ 213.967744][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 213.972512][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 213.977798][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.984041][ T8762] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 213.990114][ T8762] __splice_from_pipe+0x395/0x7d0 [ 213.995149][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 214.000446][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 214.005742][ T8762] splice_from_pipe+0x108/0x170 [ 214.010616][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 214.015562][ T8762] ? apparmor_file_permission+0x25/0x30 [ 214.021123][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.027369][ T8762] ? security_file_permission+0x94/0x380 [ 214.033009][ T8762] generic_splice_sendpage+0x3c/0x50 [ 214.038294][ T8762] ? splice_from_pipe+0x170/0x170 [ 214.043343][ T8762] do_splice+0x70a/0x13c0 [ 214.047684][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 214.052795][ T8762] ? __fget_light+0x1a9/0x230 [ 214.057486][ T8762] __x64_sys_splice+0x2c6/0x330 [ 214.062346][ T8762] do_syscall_64+0x103/0x610 [ 214.066943][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.072842][ T8762] RIP: 0033:0x4582b9 [ 214.076759][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.096371][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 17:04:28 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:28 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 214.104787][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 214.112753][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 214.120722][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 214.129165][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 214.137133][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 214.152868][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 214.162412][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 214.167540][ T8762] CPU: 1 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 214.176561][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.186608][ T8762] Call Trace: [ 214.189909][ T8762] dump_stack+0x172/0x1f0 [ 214.194254][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 214.199807][ T8762] sk_mc_loop+0x1d/0x210 [ 214.204052][ T8762] ip_mc_output+0x2ef/0xf70 [ 214.208562][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 214.213671][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 214.218531][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 214.223988][ T8762] ? dst_release+0x62/0xb0 [ 214.228406][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 214.233260][ T8762] ip_local_out+0xc4/0x1b0 [ 214.237680][ T8762] ip_send_skb+0x42/0xf0 [ 214.241923][ T8762] ip_push_pending_frames+0x64/0x80 [ 214.247137][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 214.251746][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 214.256700][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 214.262165][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 214.267118][ T8762] ? ___might_sleep+0x163/0x280 [ 214.271970][ T8762] ? __might_sleep+0x95/0x190 [ 214.276648][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 214.282274][ T8762] ? aa_sk_perm+0x288/0x880 [ 214.286862][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 214.292156][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 214.297728][ T8762] inet_sendmsg+0x147/0x5e0 [ 214.302239][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 214.307693][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 214.312364][ T8762] ? ipip_gro_receive+0x100/0x100 [ 214.317389][ T8762] sock_sendmsg+0xdd/0x130 [ 214.321809][ T8762] kernel_sendmsg+0x44/0x50 [ 214.326314][ T8762] sock_no_sendpage+0x116/0x150 [ 214.331162][ T8762] ? sock_kfree_s+0x70/0x70 [ 214.335684][ T8762] inet_sendpage+0x44a/0x630 [ 214.340280][ T8762] kernel_sendpage+0x95/0xf0 [ 214.344903][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 214.349588][ T8762] sock_sendpage+0x8b/0xc0 [ 214.354126][ T8762] ? pipe_lock+0x6e/0x80 [ 214.358899][ T8762] pipe_to_sendpage+0x299/0x370 [ 214.364254][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 214.369856][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 214.375730][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.383243][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 214.389534][ T8762] __splice_from_pipe+0x395/0x7d0 [ 214.395076][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 214.400364][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 214.405650][ T8762] splice_from_pipe+0x108/0x170 [ 214.410507][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 214.415470][ T8762] ? apparmor_file_permission+0x25/0x30 [ 214.421016][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.427262][ T8762] ? security_file_permission+0x94/0x380 [ 214.432898][ T8762] generic_splice_sendpage+0x3c/0x50 [ 214.438184][ T8762] ? splice_from_pipe+0x170/0x170 [ 214.443209][ T8762] do_splice+0x70a/0x13c0 [ 214.447556][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 214.452670][ T8762] ? __fget_light+0x1a9/0x230 [ 214.457354][ T8762] __x64_sys_splice+0x2c6/0x330 [ 214.462215][ T8762] do_syscall_64+0x103/0x610 [ 214.466813][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.472701][ T8762] RIP: 0033:0x4582b9 [ 214.476612][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.496220][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 214.504650][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 214.512628][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 214.520595][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 214.528909][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 214.536879][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 214.563104][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 214.572716][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 214.577800][ T8762] CPU: 1 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 214.586835][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.586842][ T8762] Call Trace: [ 214.586869][ T8762] dump_stack+0x172/0x1f0 [ 214.586890][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 214.586906][ T8762] sk_mc_loop+0x1d/0x210 [ 214.586928][ T8762] ip_mc_output+0x2ef/0xf70 [ 214.586945][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 214.586957][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 214.586971][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 214.586982][ T8762] ? dst_release+0x62/0xb0 [ 214.586993][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 214.587006][ T8762] ip_local_out+0xc4/0x1b0 [ 214.587019][ T8762] ip_send_skb+0x42/0xf0 [ 214.587031][ T8762] ip_push_pending_frames+0x64/0x80 [ 214.587045][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 214.624278][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 214.624304][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 214.624330][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 214.624360][ T8762] ? ___might_sleep+0x163/0x280 [ 214.624379][ T8762] ? __might_sleep+0x95/0x190 [ 214.624397][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 214.624411][ T8762] ? aa_sk_perm+0x288/0x880 [ 214.624434][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 214.639143][ T8762] inet_sendmsg+0x147/0x5e0 [ 214.639159][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 214.639172][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 214.639186][ T8762] ? ipip_gro_receive+0x100/0x100 [ 214.639204][ T8762] sock_sendmsg+0xdd/0x130 [ 214.639226][ T8762] kernel_sendmsg+0x44/0x50 [ 214.652723][ T8762] sock_no_sendpage+0x116/0x150 [ 214.652739][ T8762] ? sock_kfree_s+0x70/0x70 [ 214.652759][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 214.652786][ T8762] ? mark_held_locks+0xa4/0xf0 [ 214.652806][ T8762] inet_sendpage+0x44a/0x630 [ 214.757756][ T8762] kernel_sendpage+0x95/0xf0 [ 214.762352][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 214.767042][ T8762] sock_sendpage+0x8b/0xc0 [ 214.771482][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 214.776782][ T8762] pipe_to_sendpage+0x299/0x370 [ 214.781653][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 214.786430][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 214.791733][ T8762] ? __put_page+0x92/0xd0 [ 214.796081][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 214.801556][ T8762] __splice_from_pipe+0x395/0x7d0 [ 214.806587][ T8762] ? direct_splice_actor+0x1a0/0x1a0 17:04:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:29 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) [ 214.811882][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 214.817171][ T8762] splice_from_pipe+0x108/0x170 [ 214.822041][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 214.826996][ T8762] ? apparmor_file_permission+0x25/0x30 [ 214.832546][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.838795][ T8762] ? security_file_permission+0x94/0x380 [ 214.844447][ T8762] generic_splice_sendpage+0x3c/0x50 [ 214.849758][ T8762] ? splice_from_pipe+0x170/0x170 [ 214.854795][ T8762] do_splice+0x70a/0x13c0 [ 214.859140][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 17:04:29 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 214.859161][ T8762] ? __fget_light+0x1a9/0x230 [ 214.859181][ T8762] __x64_sys_splice+0x2c6/0x330 [ 214.859212][ T8762] do_syscall_64+0x103/0x610 [ 214.878407][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.884300][ T8762] RIP: 0033:0x4582b9 [ 214.888201][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.907814][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 214.907830][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 214.907839][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 214.907849][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 214.907858][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 214.907867][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 214.974401][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 214.983806][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 214.989510][ T8762] CPU: 0 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 214.998571][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.008712][ T8762] Call Trace: [ 215.012013][ T8762] dump_stack+0x172/0x1f0 [ 215.016350][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 215.021896][ T8762] sk_mc_loop+0x1d/0x210 [ 215.026142][ T8762] ip_mc_output+0x2ef/0xf70 [ 215.030649][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 215.035768][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 215.040617][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 215.046075][ T8762] ? dst_release+0x62/0xb0 [ 215.050492][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 215.055344][ T8762] ip_local_out+0xc4/0x1b0 [ 215.059768][ T8762] ip_send_skb+0x42/0xf0 [ 215.064009][ T8762] ip_push_pending_frames+0x64/0x80 [ 215.069203][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 215.073804][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 215.078756][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 215.084223][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 215.089197][ T8762] ? ___might_sleep+0x163/0x280 [ 215.094051][ T8762] ? __might_sleep+0x95/0x190 [ 215.098744][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 215.104387][ T8762] ? aa_sk_perm+0x288/0x880 [ 215.108898][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 215.114446][ T8762] inet_sendmsg+0x147/0x5e0 [ 215.118957][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 215.124410][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 215.129082][ T8762] ? ipip_gro_receive+0x100/0x100 [ 215.134107][ T8762] sock_sendmsg+0xdd/0x130 [ 215.138522][ T8762] kernel_sendmsg+0x44/0x50 [ 215.143028][ T8762] sock_no_sendpage+0x116/0x150 [ 215.147880][ T8762] ? sock_kfree_s+0x70/0x70 [ 215.152383][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 215.158110][ T8762] ? mark_held_locks+0xa4/0xf0 [ 215.162872][ T8762] inet_sendpage+0x44a/0x630 [ 215.167476][ T8762] kernel_sendpage+0x95/0xf0 [ 215.172064][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 215.176754][ T8762] sock_sendpage+0x8b/0xc0 [ 215.181172][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 215.186469][ T8762] pipe_to_sendpage+0x299/0x370 [ 215.191319][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 215.196081][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 215.201382][ T8762] ? __put_page+0x92/0xd0 [ 215.205717][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 215.211182][ T8762] __splice_from_pipe+0x395/0x7d0 [ 215.216209][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 215.221504][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 215.226789][ T8762] splice_from_pipe+0x108/0x170 [ 215.231646][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 215.236593][ T8762] ? apparmor_file_permission+0x25/0x30 [ 215.242134][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.248387][ T8762] ? security_file_permission+0x94/0x380 [ 215.254027][ T8762] generic_splice_sendpage+0x3c/0x50 [ 215.259318][ T8762] ? splice_from_pipe+0x170/0x170 [ 215.264349][ T8762] do_splice+0x70a/0x13c0 [ 215.268699][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 215.273821][ T8762] ? __fget_light+0x1a9/0x230 [ 215.278514][ T8762] __x64_sys_splice+0x2c6/0x330 [ 215.283374][ T8762] do_syscall_64+0x103/0x610 [ 215.287973][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.293866][ T8762] RIP: 0033:0x4582b9 [ 215.297773][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.317391][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 17:04:29 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 215.325812][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 215.333783][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 215.341768][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 215.349748][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 215.357723][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 17:04:29 executing program 4: r0 = socket(0x1c, 0x5, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="161c2e2f660700000000000000cf2bfd64d8680c2b7357"], 0x1) [ 215.436861][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 215.446336][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 215.451375][ T8762] CPU: 1 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 215.460401][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.470478][ T8762] Call Trace: [ 215.473788][ T8762] dump_stack+0x172/0x1f0 [ 215.478182][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 215.483740][ T8762] sk_mc_loop+0x1d/0x210 [ 215.487991][ T8762] ip_mc_output+0x2ef/0xf70 [ 215.492506][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 215.497676][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 215.502541][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 215.508016][ T8762] ? dst_release+0x62/0xb0 [ 215.512435][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 215.517299][ T8762] ip_local_out+0xc4/0x1b0 [ 215.521721][ T8762] ip_send_skb+0x42/0xf0 [ 215.525965][ T8762] ip_push_pending_frames+0x64/0x80 [ 215.531161][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 215.535838][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 215.540783][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 215.546274][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 215.551230][ T8762] ? ___might_sleep+0x163/0x280 [ 215.556090][ T8762] ? __might_sleep+0x95/0x190 [ 215.560770][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 215.566401][ T8762] ? aa_sk_perm+0x288/0x880 [ 215.570913][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 215.576483][ T8762] inet_sendmsg+0x147/0x5e0 [ 215.581002][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 215.586486][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 215.591164][ T8762] ? ipip_gro_receive+0x100/0x100 [ 215.596216][ T8762] sock_sendmsg+0xdd/0x130 [ 215.600645][ T8762] kernel_sendmsg+0x44/0x50 [ 215.605150][ T8762] sock_no_sendpage+0x116/0x150 [ 215.610805][ T8762] ? sock_kfree_s+0x70/0x70 [ 215.615334][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 215.621070][ T8762] ? mark_held_locks+0xa4/0xf0 [ 215.625841][ T8762] inet_sendpage+0x44a/0x630 [ 215.630446][ T8762] kernel_sendpage+0x95/0xf0 [ 215.635047][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 215.639735][ T8762] sock_sendpage+0x8b/0xc0 [ 215.644151][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 215.649439][ T8762] pipe_to_sendpage+0x299/0x370 [ 215.654299][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 215.659062][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 215.664436][ T8762] ? __put_page+0x92/0xd0 [ 215.668779][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 215.674269][ T8762] __splice_from_pipe+0x395/0x7d0 [ 215.679516][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 215.691934][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 215.697245][ T8762] splice_from_pipe+0x108/0x170 [ 215.702121][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 215.707079][ T8762] ? apparmor_file_permission+0x25/0x30 [ 215.712630][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.720449][ T8762] ? security_file_permission+0x94/0x380 [ 215.726118][ T8762] generic_splice_sendpage+0x3c/0x50 [ 215.731582][ T8762] ? splice_from_pipe+0x170/0x170 [ 215.736787][ T8762] do_splice+0x70a/0x13c0 [ 215.741129][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 215.746252][ T8762] ? __fget_light+0x1a9/0x230 [ 215.750933][ T8762] __x64_sys_splice+0x2c6/0x330 [ 215.755793][ T8762] do_syscall_64+0x103/0x610 [ 215.760390][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.766288][ T8762] RIP: 0033:0x4582b9 [ 215.770184][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:04:30 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) [ 215.789794][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 215.798491][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 215.806483][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 215.814476][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 215.822468][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 215.830447][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 17:04:30 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:30 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:30 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 216.139750][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 216.149356][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 216.154477][ T8762] CPU: 1 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 216.163513][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.173580][ T8762] Call Trace: [ 216.173607][ T8762] dump_stack+0x172/0x1f0 [ 216.173630][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 216.173653][ T8762] sk_mc_loop+0x1d/0x210 [ 216.181271][ T8762] ip_mc_output+0x2ef/0xf70 [ 216.181293][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 216.181313][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 216.205646][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 216.211112][ T8762] ? dst_release+0x62/0xb0 [ 216.215533][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 216.220392][ T8762] ip_local_out+0xc4/0x1b0 [ 216.224824][ T8762] ip_send_skb+0x42/0xf0 [ 216.229077][ T8762] ip_push_pending_frames+0x64/0x80 [ 216.234281][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 216.238876][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 216.243822][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 216.249302][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 216.254270][ T8762] ? ___might_sleep+0x163/0x280 [ 216.259127][ T8762] ? __might_sleep+0x95/0x190 [ 216.263820][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 216.269469][ T8762] ? aa_sk_perm+0x288/0x880 [ 216.273996][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 216.279554][ T8762] inet_sendmsg+0x147/0x5e0 [ 216.284064][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 216.289525][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 216.294208][ T8762] ? ipip_gro_receive+0x100/0x100 [ 216.299250][ T8762] sock_sendmsg+0xdd/0x130 [ 216.303681][ T8762] kernel_sendmsg+0x44/0x50 [ 216.308193][ T8762] sock_no_sendpage+0x116/0x150 [ 216.313064][ T8762] ? sock_kfree_s+0x70/0x70 [ 216.317575][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 216.323307][ T8762] ? mark_held_locks+0xa4/0xf0 [ 216.328085][ T8762] inet_sendpage+0x44a/0x630 [ 216.332689][ T8762] kernel_sendpage+0x95/0xf0 [ 216.337284][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 216.341967][ T8762] sock_sendpage+0x8b/0xc0 [ 216.346385][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 216.351672][ T8762] pipe_to_sendpage+0x299/0x370 [ 216.356528][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 216.361312][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 216.366605][ T8762] ? __put_page+0x92/0xd0 [ 216.370940][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 216.376407][ T8762] __splice_from_pipe+0x395/0x7d0 [ 216.381435][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 216.386743][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 216.392040][ T8762] splice_from_pipe+0x108/0x170 [ 216.396912][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 216.401866][ T8762] ? apparmor_file_permission+0x25/0x30 [ 216.407421][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.413683][ T8762] ? security_file_permission+0x94/0x380 [ 216.419337][ T8762] generic_splice_sendpage+0x3c/0x50 [ 216.424630][ T8762] ? splice_from_pipe+0x170/0x170 [ 216.429659][ T8762] do_splice+0x70a/0x13c0 [ 216.434002][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 216.439119][ T8762] ? __fget_light+0x1a9/0x230 [ 216.443799][ T8762] __x64_sys_splice+0x2c6/0x330 [ 216.448671][ T8762] do_syscall_64+0x103/0x610 [ 216.453275][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 216.459199][ T8762] RIP: 0033:0x4582b9 [ 216.463100][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 216.482709][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 216.491128][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 216.499108][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 216.507102][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 216.515142][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 216.523132][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 216.561183][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 216.570643][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 216.575814][ T8762] CPU: 0 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 216.584841][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.584847][ T8762] Call Trace: [ 216.584873][ T8762] dump_stack+0x172/0x1f0 [ 216.584895][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 216.584911][ T8762] sk_mc_loop+0x1d/0x210 [ 216.584928][ T8762] ip_mc_output+0x2ef/0xf70 [ 216.584950][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 216.598332][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 216.627205][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 216.632675][ T8762] ? dst_release+0x62/0xb0 [ 216.637104][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 216.641965][ T8762] ip_local_out+0xc4/0x1b0 [ 216.646390][ T8762] ip_send_skb+0x42/0xf0 [ 216.650638][ T8762] ip_push_pending_frames+0x64/0x80 [ 216.655846][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 216.660447][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 216.665414][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 216.670902][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 216.675873][ T8762] ? ___might_sleep+0x163/0x280 [ 216.680748][ T8762] ? __might_sleep+0x95/0x190 [ 216.685429][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 216.691050][ T8762] ? aa_sk_perm+0x288/0x880 [ 216.695546][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 216.701086][ T8762] inet_sendmsg+0x147/0x5e0 [ 216.705602][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 216.711058][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 216.715732][ T8762] ? ipip_gro_receive+0x100/0x100 [ 216.720791][ T8762] sock_sendmsg+0xdd/0x130 [ 216.725237][ T8762] kernel_sendmsg+0x44/0x50 [ 216.729759][ T8762] sock_no_sendpage+0x116/0x150 [ 216.734602][ T8762] ? sock_kfree_s+0x70/0x70 [ 216.739093][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 216.744800][ T8762] ? mark_held_locks+0xa4/0xf0 [ 216.749548][ T8762] inet_sendpage+0x44a/0x630 [ 216.754126][ T8762] kernel_sendpage+0x95/0xf0 [ 216.758705][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 216.763372][ T8762] sock_sendpage+0x8b/0xc0 [ 216.767774][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 216.773044][ T8762] pipe_to_sendpage+0x299/0x370 [ 216.777889][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 216.782636][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 216.787903][ T8762] ? __put_page+0x92/0xd0 [ 216.792218][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 216.797665][ T8762] __splice_from_pipe+0x395/0x7d0 [ 216.802685][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 216.807957][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 216.813220][ T8762] splice_from_pipe+0x108/0x170 [ 216.818058][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 216.822983][ T8762] ? apparmor_file_permission+0x25/0x30 [ 216.828509][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.834733][ T8762] ? security_file_permission+0x94/0x380 [ 216.840395][ T8762] generic_splice_sendpage+0x3c/0x50 [ 216.845665][ T8762] ? splice_from_pipe+0x170/0x170 [ 216.850669][ T8762] do_splice+0x70a/0x13c0 [ 216.854999][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 216.860091][ T8762] ? __fget_light+0x1a9/0x230 [ 216.864754][ T8762] __x64_sys_splice+0x2c6/0x330 [ 216.869589][ T8762] do_syscall_64+0x103/0x610 [ 216.874162][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 216.880033][ T8762] RIP: 0033:0x4582b9 [ 216.883915][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 216.903571][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 216.911965][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 216.919917][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 216.927871][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 216.935826][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 216.943778][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 216.953029][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 216.962404][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 216.967553][ T8762] CPU: 0 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 216.976579][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.986630][ T8762] Call Trace: [ 216.989906][ T8762] dump_stack+0x172/0x1f0 [ 216.994250][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 216.999794][ T8762] sk_mc_loop+0x1d/0x210 [ 217.004050][ T8762] ip_mc_output+0x2ef/0xf70 [ 217.008545][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 217.013637][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 217.018476][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 217.023926][ T8762] ? dst_release+0x62/0xb0 [ 217.028329][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 217.033160][ T8762] ip_local_out+0xc4/0x1b0 [ 217.037564][ T8762] ip_send_skb+0x42/0xf0 [ 217.041785][ T8762] ip_push_pending_frames+0x64/0x80 [ 217.046962][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 217.051534][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 217.056455][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 217.061908][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 217.066837][ T8762] ? ___might_sleep+0x163/0x280 [ 217.071673][ T8762] ? __might_sleep+0x95/0x190 [ 217.076336][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 217.081947][ T8762] ? aa_sk_perm+0x288/0x880 [ 217.086437][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 217.091974][ T8762] inet_sendmsg+0x147/0x5e0 [ 217.096470][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 217.101909][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 217.106565][ T8762] ? ipip_gro_receive+0x100/0x100 [ 217.111570][ T8762] sock_sendmsg+0xdd/0x130 [ 217.115985][ T8762] kernel_sendmsg+0x44/0x50 [ 217.120493][ T8762] sock_no_sendpage+0x116/0x150 [ 217.125325][ T8762] ? sock_kfree_s+0x70/0x70 [ 217.129812][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 217.135531][ T8762] ? mark_held_locks+0xa4/0xf0 [ 217.140275][ T8762] inet_sendpage+0x44a/0x630 [ 217.144849][ T8762] kernel_sendpage+0x95/0xf0 [ 217.149413][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 217.154074][ T8762] sock_sendpage+0x8b/0xc0 [ 217.158477][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 217.163770][ T8762] pipe_to_sendpage+0x299/0x370 [ 217.168602][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 217.173347][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.178614][ T8762] ? __put_page+0x92/0xd0 [ 217.182924][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 217.188364][ T8762] __splice_from_pipe+0x395/0x7d0 [ 217.193371][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.198642][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.203946][ T8762] splice_from_pipe+0x108/0x170 [ 217.208779][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 217.213707][ T8762] ? apparmor_file_permission+0x25/0x30 [ 217.219250][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.225501][ T8762] ? security_file_permission+0x94/0x380 [ 217.231116][ T8762] generic_splice_sendpage+0x3c/0x50 [ 217.236383][ T8762] ? splice_from_pipe+0x170/0x170 [ 217.241404][ T8762] do_splice+0x70a/0x13c0 [ 217.245721][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 217.250821][ T8762] ? __fget_light+0x1a9/0x230 [ 217.255485][ T8762] __x64_sys_splice+0x2c6/0x330 [ 217.260318][ T8762] do_syscall_64+0x103/0x610 [ 217.264889][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.270762][ T8762] RIP: 0033:0x4582b9 [ 217.274637][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.294224][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 217.302619][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 217.310573][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 217.318524][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 217.326490][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 217.334468][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 217.343646][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 217.353045][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 217.358234][ T8762] CPU: 0 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 217.367258][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.377307][ T8762] Call Trace: [ 217.380585][ T8762] dump_stack+0x172/0x1f0 [ 217.384920][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 217.390449][ T8762] sk_mc_loop+0x1d/0x210 [ 217.394702][ T8762] ip_mc_output+0x2ef/0xf70 [ 217.399187][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 217.404278][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 217.409110][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 217.414570][ T8762] ? dst_release+0x62/0xb0 [ 217.418968][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 217.423811][ T8762] ip_local_out+0xc4/0x1b0 [ 217.428218][ T8762] ip_send_skb+0x42/0xf0 [ 217.432452][ T8762] ip_push_pending_frames+0x64/0x80 [ 217.437646][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 217.442238][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 217.447168][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 217.452616][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 217.457571][ T8762] ? ___might_sleep+0x163/0x280 [ 217.462406][ T8762] ? __might_sleep+0x95/0x190 [ 217.467069][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 217.472680][ T8762] ? aa_sk_perm+0x288/0x880 [ 217.477183][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 217.482726][ T8762] inet_sendmsg+0x147/0x5e0 [ 217.487225][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 217.492670][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 217.497327][ T8762] ? ipip_gro_receive+0x100/0x100 [ 217.502335][ T8762] sock_sendmsg+0xdd/0x130 [ 217.506757][ T8762] kernel_sendmsg+0x44/0x50 [ 217.511248][ T8762] sock_no_sendpage+0x116/0x150 [ 217.516084][ T8762] ? sock_kfree_s+0x70/0x70 [ 217.520573][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 217.526281][ T8762] ? mark_held_locks+0xa4/0xf0 [ 217.531042][ T8762] inet_sendpage+0x44a/0x630 [ 217.535621][ T8762] kernel_sendpage+0x95/0xf0 [ 217.540186][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 217.544849][ T8762] sock_sendpage+0x8b/0xc0 [ 217.549247][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 217.554516][ T8762] pipe_to_sendpage+0x299/0x370 [ 217.559374][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 217.564137][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.569403][ T8762] ? __put_page+0x92/0xd0 [ 217.573716][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 217.579164][ T8762] __splice_from_pipe+0x395/0x7d0 [ 217.584193][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.589474][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.594760][ T8762] splice_from_pipe+0x108/0x170 [ 217.599603][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 217.604531][ T8762] ? apparmor_file_permission+0x25/0x30 [ 217.610062][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.617330][ T8762] ? security_file_permission+0x94/0x380 [ 217.622950][ T8762] generic_splice_sendpage+0x3c/0x50 [ 217.628245][ T8762] ? splice_from_pipe+0x170/0x170 [ 217.633256][ T8762] do_splice+0x70a/0x13c0 [ 217.637569][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 217.642662][ T8762] ? __fget_light+0x1a9/0x230 [ 217.647322][ T8762] __x64_sys_splice+0x2c6/0x330 [ 217.652162][ T8762] do_syscall_64+0x103/0x610 [ 217.656817][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.662906][ T8762] RIP: 0033:0x4582b9 [ 217.666786][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.694987][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 217.703393][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 217.711361][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 217.719326][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 217.727288][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 217.735248][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff [ 217.745415][ T8762] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8762 [ 217.754857][ T8762] caller is sk_mc_loop+0x1d/0x210 [ 217.759897][ T8762] CPU: 0 PID: 8762 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 217.768926][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.779000][ T8762] Call Trace: [ 217.782292][ T8762] dump_stack+0x172/0x1f0 [ 217.787276][ T8762] __this_cpu_preempt_check+0x246/0x270 [ 217.792830][ T8762] sk_mc_loop+0x1d/0x210 [ 217.797092][ T8762] ip_mc_output+0x2ef/0xf70 [ 217.801593][ T8762] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 217.806689][ T8762] ? __ip_make_skb+0xf15/0x1820 [ 217.811534][ T8762] ? ip_append_data.part.0+0x170/0x170 [ 217.816993][ T8762] ? dst_release+0x62/0xb0 [ 217.821421][ T8762] ? __ip_make_skb+0xf93/0x1820 [ 217.826257][ T8762] ip_local_out+0xc4/0x1b0 [ 217.830662][ T8762] ip_send_skb+0x42/0xf0 [ 217.834889][ T8762] ip_push_pending_frames+0x64/0x80 [ 217.840070][ T8762] raw_sendmsg+0x1e6d/0x2f20 [ 217.844643][ T8762] ? __lock_acquire+0x4d6/0x3fb0 [ 217.849564][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 217.855034][ T8762] ? __lock_acquire+0x548/0x3fb0 [ 217.859967][ T8762] ? ___might_sleep+0x163/0x280 [ 217.864806][ T8762] ? __might_sleep+0x95/0x190 [ 217.869476][ T8762] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 217.875100][ T8762] ? aa_sk_perm+0x288/0x880 [ 217.879615][ T8762] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 217.885154][ T8762] inet_sendmsg+0x147/0x5e0 [ 217.889674][ T8762] ? compat_raw_getsockopt+0x100/0x100 [ 217.895137][ T8762] ? inet_sendmsg+0x147/0x5e0 [ 217.899801][ T8762] ? ipip_gro_receive+0x100/0x100 [ 217.904814][ T8762] sock_sendmsg+0xdd/0x130 [ 217.909221][ T8762] kernel_sendmsg+0x44/0x50 [ 217.913748][ T8762] sock_no_sendpage+0x116/0x150 [ 217.918612][ T8762] ? sock_kfree_s+0x70/0x70 [ 217.923105][ T8762] ? debug_check_no_obj_freed+0x211/0x444 [ 217.928821][ T8762] ? mark_held_locks+0xa4/0xf0 [ 217.933599][ T8762] inet_sendpage+0x44a/0x630 [ 217.938181][ T8762] kernel_sendpage+0x95/0xf0 [ 217.942752][ T8762] ? inet_sendmsg+0x5e0/0x5e0 [ 217.947436][ T8762] sock_sendpage+0x8b/0xc0 [ 217.951863][ T8762] ? lockdep_hardirqs_on+0x418/0x5d0 [ 217.957153][ T8762] pipe_to_sendpage+0x299/0x370 [ 217.961994][ T8762] ? kernel_sendpage+0xf0/0xf0 [ 217.966761][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.972038][ T8762] ? __put_page+0x92/0xd0 [ 217.976376][ T8762] ? anon_pipe_buf_release+0x1c6/0x270 [ 217.981833][ T8762] __splice_from_pipe+0x395/0x7d0 [ 217.986852][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.992126][ T8762] ? direct_splice_actor+0x1a0/0x1a0 [ 217.997398][ T8762] splice_from_pipe+0x108/0x170 [ 218.002239][ T8762] ? splice_shrink_spd+0xd0/0xd0 [ 218.007181][ T8762] ? apparmor_file_permission+0x25/0x30 [ 218.012721][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.018985][ T8762] ? security_file_permission+0x94/0x380 [ 218.024616][ T8762] generic_splice_sendpage+0x3c/0x50 [ 218.029893][ T8762] ? splice_from_pipe+0x170/0x170 [ 218.035101][ T8762] do_splice+0x70a/0x13c0 [ 218.039435][ T8762] ? opipe_prep.part.0+0x2d0/0x2d0 [ 218.044558][ T8762] ? __fget_light+0x1a9/0x230 [ 218.049225][ T8762] __x64_sys_splice+0x2c6/0x330 [ 218.054070][ T8762] do_syscall_64+0x103/0x610 [ 218.058654][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.064563][ T8762] RIP: 0033:0x4582b9 [ 218.068450][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 218.088051][ T8762] RSP: 002b:00007fc65b8c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 218.096475][ T8762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 218.104437][ T8762] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 17:04:32 executing program 0: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) close(r1) 17:04:32 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x5, 0x2, 0x8000000001}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fff8, 0x0, 0x820004, 0x0}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, &(0x7f0000000080)="c7", 0x0}, 0x18) 17:04:32 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:32 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:32 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 218.112431][ T8762] RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000 [ 218.120405][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8c36d4 [ 218.128367][ T8762] R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff 17:04:32 executing program 4: r0 = msgget(0x3, 0x0) msgrcv(r0, 0x0, 0x0, 0x1, 0x1800) 17:04:32 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:32 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}, {@fat=@gid={'gid'}}]}) 17:04:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/\x00~WMzU\xed\xbb\xc8\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb\xe9\x9cm\xb2\xb1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\x19sT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6d\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\"\x89\xbc\xe0b\xd1\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\xf7\xff\xff\xff\xff\xff\xff\xff\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xecv:\x1ba=\xd7G\xd5)\xeap\xef\x02\x98\xff\xf5f\x160\xb9\x9ay\xec\x82i\xaf\x9b\xe1x\xae\xca\x17\xfe\xfb\x14\xfd=\x00\x97Z\x99\x9dy\xba\x89M\xba\xe4\xc1\xa6\x06\x00\x00\x00\x00\x00\x00\x00x\"m\a\xe6:?E\x96~\x0e\xe8Y\xbbn\x0f0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 17:04:32 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000001c0)=0x2, 0x4) r1 = socket$inet(0x2, 0x3, 0x7f) ioctl(r1, 0x1000008912, &(0x7f0000000200)="0adc5f123c123f319bd070") sendmmsg(r0, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000000ac0)="fc", 0x1}], 0x1}}], 0x1, 0x8000) 17:04:32 executing program 4: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x2000040000003a}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f00000025c0)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 17:04:32 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:32 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 218.724742][ T8867] FAT-fs (loop5): bogus number of reserved sectors [ 218.754196][ T8867] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:33 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000400000084) shutdown(r0, 0x0) sendto$inet6(r0, &(0x7f0000925000)="e0", 0x1, 0x0, 0x0, 0x0) 17:04:33 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:33 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 17:04:33 executing program 0: lseek(0xffffffffffffffff, 0x0, 0x7) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x20400040c2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000440)) openat$vcs(0xffffffffffffff9c, 0x0, 0x4000000, 0x0) ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000140)='\x00', 0xfffffffffffffff8) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000180)={r1, 0x5, 0x7}, 0x0, &(0x7f00000001c0)="737b6965689d70e48417965a206978c3bfd4fa4e42288a94d957f9aa081db87430076ec954fba50f872dc18a682360ad856f91d8b52f7fb276e8b0a9277b79980501b37c3b88f5299a8470c5acf85a45d536e0044f88b86fd2447ec0d113eab303e2a5a8a9008ad9d25e7d355ad8b11edf96e6c9e34a8b78e14b5d184d580cbe1f6087100f3da9a16891e2fa3cd6b72e4b9956e8c6", 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="02006800000f000000000000000000008128b14700000000d59863d20000000002000f2020cc00000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a6e94c0000055aa", 0x60, 0x1a0}]) 17:04:33 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:33 executing program 4: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x8000000000044000) io_setup(0x8, &(0x7f0000000200)=0x0) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) io_submit(r1, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) fdatasync(r2) 17:04:33 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) [ 219.071233][ T8898] FAT-fs (loop5): bogus number of reserved sectors [ 219.084041][ T8898] FAT-fs (loop5): Can't find a valid FAT filesystem [ 219.091143][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 219.091157][ T26] audit: type=1800 audit(1554656673.262:31): pid=8903 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16664 res=0 17:04:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:33 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 219.268172][ T8903] loop0: p1 < > p4 [ 219.292702][ T8903] loop0: partition table partially beyond EOD, truncated 17:04:33 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 219.365314][ T8903] loop0: p1 size 2 extends beyond EOD, truncated 17:04:33 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:33 executing program 4: pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1c9c380}, 0x0) [ 219.439160][ T8923] FAT-fs (loop5): bogus number of reserved sectors [ 219.511108][ T8903] loop0: p4 start 1854537728 is beyond EOD, truncated 17:04:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 219.573759][ T8923] FAT-fs (loop5): Can't find a valid FAT filesystem 17:04:33 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a1, 0x0) 17:04:33 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:34 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}]}) 17:04:34 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='bbr\x00', 0xb4) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = fcntl$dupfd(r0, 0x0, r0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440)}}, 0xfef5) 17:04:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:34 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) 17:04:34 executing program 0: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r1, 0x0, 0xcf7d95259234d8e1, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000380)='highspeed\x00', 0xa) splice(r1, 0x0, r0, 0x0, 0x80000004, 0x0) sendto$packet(r1, &(0x7f0000000340), 0xffffffffffffffd4, 0x0, 0x0, 0xffffffffffffff9a) 17:04:34 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 220.055971][ T8972] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8972 [ 220.065722][ T8972] caller is ip6_finish_output+0x335/0xdc0 [ 220.071472][ T8972] CPU: 1 PID: 8972 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 220.080501][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.090571][ T8972] Call Trace: [ 220.093879][ T8972] dump_stack+0x172/0x1f0 [ 220.098219][ T8972] __this_cpu_preempt_check+0x246/0x270 [ 220.103782][ T8972] ip6_finish_output+0x335/0xdc0 [ 220.108748][ T8972] ip6_output+0x235/0x7f0 [ 220.113081][ T8972] ? ip6_finish_output+0xdc0/0xdc0 [ 220.118195][ T8972] ? ip6_fragment+0x3980/0x3980 [ 220.123063][ T8972] ip6_xmit+0xe41/0x20c0 [ 220.127316][ T8972] ? ip6_finish_output2+0x2550/0x2550 [ 220.132689][ T8972] ? mark_held_locks+0xf0/0xf0 [ 220.137481][ T8972] ? ip6_setup_cork+0x1870/0x1870 [ 220.142527][ T8972] inet6_csk_xmit+0x2fb/0x5d0 [ 220.147206][ T8972] ? inet6_csk_update_pmtu+0x190/0x190 [ 220.152666][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.158917][ T8972] ? csum_ipv6_magic+0x20/0x80 [ 220.163811][ T8972] __tcp_transmit_skb+0x1a32/0x3750 [ 220.169023][ T8972] ? __tcp_select_window+0x8b0/0x8b0 [ 220.174312][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.180551][ T8972] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 220.186023][ T8972] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 220.192267][ T8972] tcp_connect+0x1e47/0x4280 [ 220.196974][ T8972] ? tcp_push_one+0x110/0x110 [ 220.201652][ T8972] ? secure_tcpv6_ts_off+0x24f/0x360 [ 220.206947][ T8972] ? secure_dccpv6_sequence_number+0x280/0x280 [ 220.213158][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.219404][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.225646][ T8972] ? prandom_u32_state+0x13/0x180 [ 220.230684][ T8972] tcp_v6_connect+0x150b/0x20a0 [ 220.235536][ T8972] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 220.240917][ T8972] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 220.246199][ T8972] ? __switch_to_asm+0x34/0x70 [ 220.250960][ T8972] ? __switch_to_asm+0x40/0x70 [ 220.255734][ T8972] ? find_held_lock+0x35/0x130 [ 220.260502][ T8972] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 220.266157][ T8972] __inet_stream_connect+0x83f/0xea0 [ 220.271441][ T8972] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 220.276733][ T8972] ? __inet_stream_connect+0x83f/0xea0 [ 220.282199][ T8972] ? inet_dgram_connect+0x2e0/0x2e0 [ 220.287416][ T8972] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 220.292787][ T8972] ? rcu_read_lock_sched_held+0x110/0x130 [ 220.298523][ T8972] ? kmem_cache_alloc_trace+0x354/0x760 [ 220.304066][ T8972] ? __lock_acquire+0x548/0x3fb0 [ 220.309011][ T8972] tcp_sendmsg_locked+0x231f/0x37f0 [ 220.314213][ T8972] ? mark_held_locks+0xf0/0xf0 [ 220.319005][ T8972] ? mark_held_locks+0xa4/0xf0 [ 220.323783][ T8972] ? tcp_sendpage+0x60/0x60 [ 220.328289][ T8972] ? lock_sock_nested+0x9a/0x120 [ 220.333241][ T8972] ? trace_hardirqs_on+0x67/0x230 [ 220.338267][ T8972] ? lock_sock_nested+0x9a/0x120 [ 220.343205][ T8972] ? __local_bh_enable_ip+0x15a/0x270 [ 220.348589][ T8972] tcp_sendmsg+0x30/0x50 [ 220.352834][ T8972] inet_sendmsg+0x147/0x5e0 [ 220.357336][ T8972] ? ipip_gro_receive+0x100/0x100 [ 220.362362][ T8972] sock_sendmsg+0xdd/0x130 [ 220.366782][ T8972] __sys_sendto+0x262/0x380 [ 220.371288][ T8972] ? __ia32_sys_getpeername+0xb0/0xb0 [ 220.376681][ T8972] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 220.382935][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 220.388398][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 220.393856][ T8972] ? do_syscall_64+0x26/0x610 [ 220.398642][ T8972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.404745][ T8972] __x64_sys_sendto+0xe1/0x1a0 [ 220.409534][ T8972] do_syscall_64+0x103/0x610 [ 220.414131][ T8972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.420021][ T8972] RIP: 0033:0x4582b9 [ 220.423916][ T8972] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.443549][ T8972] RSP: 002b:00007fc65b8e3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 220.451972][ T8972] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 220.459943][ T8972] RDX: cf7d95259234d8e1 RSI: 0000000000000000 RDI: 0000000000000005 [ 220.467921][ T8972] RBP: 000000000073bf00 R08: 0000000020b63fe4 R09: 000000000000001c [ 220.476344][ T8972] R10: 0000000020000001 R11: 0000000000000246 R12: 00007fc65b8e46d4 [ 220.484335][ T8972] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 220.505986][ T8972] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8972 [ 220.515512][ T8972] caller is ip6_finish_output+0x335/0xdc0 [ 220.521242][ T8972] CPU: 0 PID: 8972 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 220.530259][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.540317][ T8972] Call Trace: [ 220.543611][ T8972] dump_stack+0x172/0x1f0 [ 220.547947][ T8972] __this_cpu_preempt_check+0x246/0x270 [ 220.553506][ T8972] ip6_finish_output+0x335/0xdc0 [ 220.558476][ T8972] ip6_output+0x235/0x7f0 [ 220.562836][ T8972] ? ip6_finish_output+0xdc0/0xdc0 [ 220.567982][ T8972] ? ip6_fragment+0x3980/0x3980 [ 220.572840][ T8972] ip6_xmit+0xe41/0x20c0 [ 220.577093][ T8972] ? ip6_finish_output2+0x2550/0x2550 [ 220.582476][ T8972] ? mark_held_locks+0xf0/0xf0 [ 220.587246][ T8972] ? ip6_setup_cork+0x1870/0x1870 [ 220.592311][ T8972] inet6_csk_xmit+0x2fb/0x5d0 [ 220.596991][ T8972] ? inet6_csk_update_pmtu+0x190/0x190 [ 220.602450][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.608964][ T8972] ? csum_ipv6_magic+0x20/0x80 [ 220.613767][ T8972] __tcp_transmit_skb+0x1a32/0x3750 [ 220.618989][ T8972] ? memcpy+0x46/0x50 [ 220.622987][ T8972] ? __tcp_select_window+0x8b0/0x8b0 [ 220.628364][ T8972] ? tcp_rbtree_insert+0x188/0x200 [ 220.633487][ T8972] tcp_send_synack+0x4b0/0x15b0 [ 220.638358][ T8972] ? tcp_send_active_reset+0x8e0/0x8e0 [ 220.643826][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.650070][ T8972] ? tcp_sync_mss+0x2ee/0xa30 [ 220.654768][ T8972] tcp_rcv_state_process+0x225d/0x4d93 [ 220.660236][ T8972] ? tcp_finish_connect+0x510/0x510 [ 220.665444][ T8972] ? __release_sock+0xca/0x3a0 [ 220.670222][ T8972] ? find_held_lock+0x35/0x130 [ 220.674988][ T8972] ? mark_held_locks+0xa4/0xf0 [ 220.679758][ T8972] ? __local_bh_enable_ip+0x15a/0x270 [ 220.685127][ T8972] ? _raw_spin_unlock_bh+0x31/0x40 [ 220.690253][ T8972] ? __local_bh_enable_ip+0x15a/0x270 [ 220.695646][ T8972] tcp_v6_do_rcv+0x7da/0x12c0 [ 220.700326][ T8972] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 220.705190][ T8972] __release_sock+0x12e/0x3a0 [ 220.709874][ T8972] release_sock+0x59/0x1c0 [ 220.714292][ T8972] __inet_stream_connect+0x59f/0xea0 [ 220.719603][ T8972] ? inet_dgram_connect+0x2e0/0x2e0 [ 220.724810][ T8972] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 220.730185][ T8972] ? do_wait_intr_irq+0x2b0/0x2b0 [ 220.735207][ T8972] ? __lock_acquire+0x548/0x3fb0 [ 220.740153][ T8972] tcp_sendmsg_locked+0x231f/0x37f0 [ 220.745353][ T8972] ? mark_held_locks+0xf0/0xf0 [ 220.750119][ T8972] ? mark_held_locks+0xa4/0xf0 [ 220.754904][ T8972] ? tcp_sendpage+0x60/0x60 [ 220.759427][ T8972] ? lock_sock_nested+0x9a/0x120 [ 220.764381][ T8972] ? trace_hardirqs_on+0x67/0x230 [ 220.769407][ T8972] ? lock_sock_nested+0x9a/0x120 [ 220.774353][ T8972] ? __local_bh_enable_ip+0x15a/0x270 [ 220.779916][ T8972] tcp_sendmsg+0x30/0x50 [ 220.784174][ T8972] inet_sendmsg+0x147/0x5e0 [ 220.788677][ T8972] ? ipip_gro_receive+0x100/0x100 [ 220.793702][ T8972] sock_sendmsg+0xdd/0x130 [ 220.798127][ T8972] __sys_sendto+0x262/0x380 [ 220.802635][ T8972] ? __ia32_sys_getpeername+0xb0/0xb0 [ 220.808022][ T8972] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 220.814286][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 220.819748][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 220.825207][ T8972] ? do_syscall_64+0x26/0x610 [ 220.829883][ T8972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.835954][ T8972] __x64_sys_sendto+0xe1/0x1a0 [ 220.840726][ T8972] do_syscall_64+0x103/0x610 [ 220.845326][ T8972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.851231][ T8972] RIP: 0033:0x4582b9 [ 220.855125][ T8972] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.874732][ T8972] RSP: 002b:00007fc65b8e3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 220.883154][ T8972] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 220.891245][ T8972] RDX: cf7d95259234d8e1 RSI: 0000000000000000 RDI: 0000000000000005 [ 220.899223][ T8972] RBP: 000000000073bf00 R08: 0000000020b63fe4 R09: 000000000000001c 17:04:35 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) [ 220.907376][ T8972] R10: 0000000020000001 R11: 0000000000000246 R12: 00007fc65b8e46d4 [ 220.915358][ T8972] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 17:04:35 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}]}) 17:04:35 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 17:04:35 executing program 1: syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xd, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, 0x0, 0x0, 0x0) [ 221.124002][ T8988] FAT-fs (loop5): bogus number of reserved sectors [ 221.172578][ T8988] FAT-fs (loop5): Can't find a valid FAT filesystem [ 221.193727][ T8972] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8972 [ 221.203347][ T8972] caller is ip6_finish_output+0x335/0xdc0 [ 221.209132][ T8972] CPU: 0 PID: 8972 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 221.218152][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.228208][ T8972] Call Trace: [ 221.231516][ T8972] dump_stack+0x172/0x1f0 [ 221.235862][ T8972] __this_cpu_preempt_check+0x246/0x270 [ 221.241418][ T8972] ip6_finish_output+0x335/0xdc0 [ 221.246413][ T8972] ip6_output+0x235/0x7f0 [ 221.250775][ T8972] ? ip6_finish_output+0xdc0/0xdc0 [ 221.250797][ T8972] ? ip6_fragment+0x3980/0x3980 [ 221.250825][ T8972] ip6_xmit+0xe41/0x20c0 [ 221.265041][ T8972] ? ip6_finish_output2+0x2550/0x2550 [ 221.270425][ T8972] ? mark_held_locks+0xf0/0xf0 [ 221.275205][ T8972] ? ip6_setup_cork+0x1870/0x1870 [ 221.280681][ T8972] inet6_csk_xmit+0x2fb/0x5d0 [ 221.285365][ T8972] ? inet6_csk_update_pmtu+0x190/0x190 [ 221.290824][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 221.297075][ T8972] ? csum_ipv6_magic+0x20/0x80 [ 221.301852][ T8972] __tcp_transmit_skb+0x1a32/0x3750 [ 221.307082][ T8972] ? __tcp_select_window+0x8b0/0x8b0 [ 221.312375][ T8972] ? tcp_mstamp_refresh+0x16/0xa0 [ 221.318278][ T8972] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 221.323573][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 221.329999][ T8972] tcp_send_ack+0x88/0xa0 [ 221.334333][ T8972] tcp_send_challenge_ack.isra.0+0x250/0x300 [ 221.340316][ T8972] tcp_validate_incoming+0x55e/0x1660 [ 221.345723][ T8972] tcp_rcv_state_process+0xb6b/0x4d93 [ 221.351109][ T8972] ? tcp_finish_connect+0x510/0x510 [ 221.356307][ T8972] ? __release_sock+0xca/0x3a0 [ 221.361070][ T8972] ? find_held_lock+0x35/0x130 [ 221.365836][ T8972] ? mark_held_locks+0xa4/0xf0 [ 221.370621][ T8972] ? __local_bh_enable_ip+0x15a/0x270 [ 221.376008][ T8972] ? _raw_spin_unlock_bh+0x31/0x40 [ 221.381122][ T8972] ? __local_bh_enable_ip+0x15a/0x270 [ 221.387284][ T8972] tcp_v6_do_rcv+0x7da/0x12c0 [ 221.391960][ T8972] ? tcp_v6_do_rcv+0x7da/0x12c0 [ 221.396819][ T8972] __release_sock+0x12e/0x3a0 [ 221.401512][ T8972] release_sock+0x59/0x1c0 [ 221.405933][ T8972] __inet_stream_connect+0x59f/0xea0 [ 221.411244][ T8972] ? inet_dgram_connect+0x2e0/0x2e0 [ 221.416454][ T8972] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 221.421840][ T8972] ? do_wait_intr_irq+0x2b0/0x2b0 [ 221.426865][ T8972] ? __lock_acquire+0x548/0x3fb0 [ 221.431813][ T8972] tcp_sendmsg_locked+0x231f/0x37f0 [ 221.437023][ T8972] ? mark_held_locks+0xf0/0xf0 [ 221.441790][ T8972] ? mark_held_locks+0xa4/0xf0 [ 221.446560][ T8972] ? tcp_sendpage+0x60/0x60 [ 221.451064][ T8972] ? lock_sock_nested+0x9a/0x120 [ 221.456089][ T8972] ? trace_hardirqs_on+0x67/0x230 [ 221.461113][ T8972] ? lock_sock_nested+0x9a/0x120 [ 221.466054][ T8972] ? __local_bh_enable_ip+0x15a/0x270 [ 221.471444][ T8972] tcp_sendmsg+0x30/0x50 [ 221.475703][ T8972] inet_sendmsg+0x147/0x5e0 [ 221.480210][ T8972] ? ipip_gro_receive+0x100/0x100 [ 221.485233][ T8972] sock_sendmsg+0xdd/0x130 [ 221.489649][ T8972] __sys_sendto+0x262/0x380 [ 221.494174][ T8972] ? __ia32_sys_getpeername+0xb0/0xb0 [ 221.499562][ T8972] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 221.505824][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 221.511303][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 221.516770][ T8972] ? do_syscall_64+0x26/0x610 [ 221.521450][ T8972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.527540][ T8972] __x64_sys_sendto+0xe1/0x1a0 [ 221.532313][ T8972] do_syscall_64+0x103/0x610 [ 221.536911][ T8972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.542803][ T8972] RIP: 0033:0x4582b9 [ 221.546704][ T8972] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:04:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x3000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:04:35 executing program 1: ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f0000000340)='/dev/usbmon#\x00', 0x0, 0x400) r0 = creat(&(0x7f0000000500)='./bus\x00', 0x0) init_module(0x0, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x7b}, 0x1, 0x1ff, 0x0, 0x0, 0x3}) ioctl$KDGKBSENT(0xffffffffffffffff, 0x4b48, &(0x7f0000000140)={0x54cc}) fdatasync(r0) ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, 0x0) [ 221.566317][ T8972] RSP: 002b:00007fc65b8e3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 221.574750][ T8972] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 221.582734][ T8972] RDX: cf7d95259234d8e1 RSI: 0000000000000000 RDI: 0000000000000005 [ 221.590721][ T8972] RBP: 000000000073bf00 R08: 0000000020b63fe4 R09: 000000000000001c [ 221.598713][ T8972] R10: 0000000020000001 R11: 0000000000000246 R12: 00007fc65b8e46d4 [ 221.606695][ T8972] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 17:04:35 executing program 3: write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="258ed6a218d6e29a959394f45aaed9cb96560163592d9bd2fcf63e74a8f7d7fd98b700360f40ff6e"], 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x246) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0xfffd}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x30, 0x0, 0x0, 0x117) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 221.663262][ T9001] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/9001 [ 221.673127][ T9001] caller is ip6_finish_output+0x335/0xdc0 [ 221.678913][ T9001] CPU: 1 PID: 9001 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 221.696312][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.706378][ T9001] Call Trace: 17:04:35 executing program 4: clone(0x1fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x80002102001ff3, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000363000/0x1000)=nil, 0x1000) sigaltstack(&(0x7f0000665000/0x2000)=nil, 0x0) [ 221.709693][ T9001] dump_stack+0x172/0x1f0 [ 221.714040][ T9001] __this_cpu_preempt_check+0x246/0x270 [ 221.720934][ T9001] ip6_finish_output+0x335/0xdc0 [ 221.726258][ T9001] ip6_output+0x235/0x7f0 [ 221.730602][ T9001] ? ip6_finish_output+0xdc0/0xdc0 [ 221.735730][ T9001] ? ip6_fragment+0x3980/0x3980 [ 221.740610][ T9001] ip6_xmit+0xe41/0x20c0 [ 221.744883][ T9001] ? ip6_finish_output2+0x2550/0x2550 [ 221.750251][ T9001] ? mark_held_locks+0xf0/0xf0 [ 221.755057][ T9001] ? ip6_setup_cork+0x1870/0x1870 [ 221.760104][ T9001] inet6_csk_xmit+0x2fb/0x5d0 [ 221.764766][ T9001] ? inet6_csk_update_pmtu+0x190/0x190 [ 221.770215][ T9001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 221.776472][ T9001] ? csum_ipv6_magic+0x20/0x80 [ 221.781247][ T9001] __tcp_transmit_skb+0x1a32/0x3750 [ 221.786439][ T9001] ? __tcp_select_window+0x8b0/0x8b0 [ 221.791712][ T9001] ? lockdep_hardirqs_on+0x418/0x5d0 [ 221.796984][ T9001] ? trace_hardirqs_on+0x67/0x230 [ 221.802014][ T9001] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 221.807825][ T9001] tcp_write_xmit+0xe39/0x5660 [ 221.812583][ T9001] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 221.818297][ T9001] tcp_push_one+0xd7/0x110 [ 221.822713][ T9001] tcp_sendmsg_locked+0xa35/0x37f0 [ 221.827831][ T9001] ? tcp_sendpage+0x60/0x60 [ 221.832340][ T9001] ? trace_hardirqs_on+0x67/0x230 [ 221.837355][ T9001] ? lock_sock_nested+0x9a/0x120 [ 221.842282][ T9001] ? __local_bh_enable_ip+0x15a/0x270 [ 221.847649][ T9001] tcp_sendmsg+0x30/0x50 [ 221.851894][ T9001] inet_sendmsg+0x147/0x5e0 [ 221.856396][ T9001] ? ipip_gro_receive+0x100/0x100 [ 221.861432][ T9001] sock_sendmsg+0xdd/0x130 [ 221.865849][ T9001] __sys_sendto+0x262/0x380 [ 221.870361][ T9001] ? __ia32_sys_getpeername+0xb0/0xb0 [ 221.872287][ T9003] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/9003 [ 221.875760][ T9001] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 221.875776][ T9001] ? put_timespec64+0xda/0x140 [ 221.875792][ T9001] ? nsecs_to_jiffies+0x30/0x30 [ 221.875817][ T9001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 221.875831][ T9001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 221.875844][ T9001] ? do_syscall_64+0x26/0x610 [ 221.875858][ T9001] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.875878][ T9001] __x64_sys_sendto+0xe1/0x1a0 [ 221.875898][ T9001] do_syscall_64+0x103/0x610 [ 221.875916][ T9001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.875928][ T9001] RIP: 0033:0x4582b9 [ 221.875942][ T9001] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 221.875959][ T9001] RSP: 002b:00007fc65b880c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 221.885335][ T9003] caller is ip6_finish_output+0x335/0xdc0 [ 221.891503][ T9001] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 221.983568][ T9001] RDX: ffffffffffffffd4 RSI: 0000000020000340 RDI: 0000000000000005 [ 221.991556][ T9001] RBP: 000000000073c0e0 R08: 0000000000000000 R09: ffffffffffffff9a [ 221.999543][ T9001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8816d4 [ 222.007623][ T9001] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 222.015657][ T9003] CPU: 0 PID: 9003 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 222.024711][ T9003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.029926][ T9001] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/9001 [ 222.034866][ T9003] Call Trace: [ 222.034892][ T9003] dump_stack+0x172/0x1f0 [ 222.034917][ T9003] __this_cpu_preempt_check+0x246/0x270 [ 222.034938][ T9003] ip6_finish_output+0x335/0xdc0 [ 222.034957][ T9003] ip6_output+0x235/0x7f0 [ 222.034975][ T9003] ? ip6_finish_output+0xdc0/0xdc0 [ 222.034993][ T9003] ? ip6_fragment+0x3980/0x3980 [ 222.035014][ T9003] ip6_xmit+0xe41/0x20c0 [ 222.035039][ T9003] ? ip6_finish_output2+0x2550/0x2550 [ 222.035055][ T9003] ? mark_held_locks+0xf0/0xf0 [ 222.035075][ T9003] ? ip6_setup_cork+0x1870/0x1870 [ 222.035106][ T9003] inet6_csk_xmit+0x2fb/0x5d0 [ 222.035123][ T9003] ? inet6_csk_update_pmtu+0x190/0x190 [ 222.035137][ T9003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.035160][ T9003] ? csum_ipv6_magic+0x20/0x80 [ 222.035185][ T9003] __tcp_transmit_skb+0x1a32/0x3750 [ 222.035210][ T9003] ? __tcp_select_window+0x8b0/0x8b0 [ 222.044579][ T9001] caller is ip6_finish_output+0x335/0xdc0 [ 222.047799][ T9003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.139883][ T9003] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 222.145349][ T9003] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 222.151620][ T9003] tcp_connect+0x1e47/0x4280 [ 222.156233][ T9003] ? tcp_push_one+0x110/0x110 [ 222.160919][ T9003] ? secure_tcpv6_ts_off+0x24f/0x360 [ 222.166213][ T9003] ? secure_dccpv6_sequence_number+0x280/0x280 [ 222.172389][ T9003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.178647][ T9003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.184889][ T9003] ? prandom_u32_state+0x13/0x180 [ 222.189926][ T9003] tcp_v6_connect+0x150b/0x20a0 [ 222.194815][ T9003] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 222.200224][ T9003] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 222.205540][ T9003] ? find_held_lock+0x35/0x130 [ 222.210324][ T9003] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 222.215976][ T9003] __inet_stream_connect+0x83f/0xea0 [ 222.221276][ T9003] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 222.226764][ T9003] ? __inet_stream_connect+0x83f/0xea0 [ 222.232253][ T9003] ? inet_dgram_connect+0x2e0/0x2e0 [ 222.237479][ T9003] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 222.242866][ T9003] ? rcu_read_lock_sched_held+0x110/0x130 [ 222.248618][ T9003] ? kmem_cache_alloc_trace+0x354/0x760 [ 222.254169][ T9003] ? __lock_acquire+0x548/0x3fb0 [ 222.259119][ T9003] tcp_sendmsg_locked+0x231f/0x37f0 [ 222.264323][ T9003] ? mark_held_locks+0xf0/0xf0 [ 222.269094][ T9003] ? mark_held_locks+0xa4/0xf0 [ 222.273863][ T9003] ? tcp_sendpage+0x60/0x60 [ 222.278378][ T9003] ? lock_sock_nested+0x9a/0x120 [ 222.283327][ T9003] ? trace_hardirqs_on+0x67/0x230 [ 222.288354][ T9003] ? lock_sock_nested+0x9a/0x120 [ 222.293292][ T9003] ? __local_bh_enable_ip+0x15a/0x270 [ 222.298780][ T9003] tcp_sendmsg+0x30/0x50 [ 222.303037][ T9003] inet_sendmsg+0x147/0x5e0 [ 222.307546][ T9003] ? ipip_gro_receive+0x100/0x100 [ 222.312576][ T9003] sock_sendmsg+0xdd/0x130 [ 222.317047][ T9003] __sys_sendto+0x262/0x380 [ 222.321911][ T9003] ? __ia32_sys_getpeername+0xb0/0xb0 [ 222.327323][ T9003] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 222.333692][ T9003] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 222.339164][ T9003] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 222.344628][ T9003] ? do_syscall_64+0x26/0x610 [ 222.349309][ T9003] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.355390][ T9003] __x64_sys_sendto+0xe1/0x1a0 [ 222.360172][ T9003] do_syscall_64+0x103/0x610 [ 222.364778][ T9003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.370677][ T9003] RIP: 0033:0x4582b9 [ 222.374582][ T9003] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.394194][ T9003] RSP: 002b:00007fc65b85fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 222.402620][ T9003] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 222.410597][ T9003] RDX: cf7d95259234d8e1 RSI: 0000000000000000 RDI: 0000000000000008 [ 222.418571][ T9003] RBP: 000000000073c180 R08: 0000000020b63fe4 R09: 000000000000001c [ 222.426543][ T9003] R10: 0000000020000001 R11: 0000000000000246 R12: 00007fc65b8606d4 [ 222.434519][ T9003] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 222.442523][ T9001] CPU: 1 PID: 9001 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 222.451577][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.461642][ T9001] Call Trace: [ 222.464963][ T9001] dump_stack+0x172/0x1f0 [ 222.469305][ T9001] __this_cpu_preempt_check+0x246/0x270 [ 222.474861][ T9001] ip6_finish_output+0x335/0xdc0 [ 222.479826][ T9001] ip6_output+0x235/0x7f0 [ 222.484172][ T9001] ? ip6_finish_output+0xdc0/0xdc0 [ 222.489307][ T9001] ? ip6_fragment+0x3980/0x3980 [ 222.494177][ T9001] ip6_xmit+0xe41/0x20c0 [ 222.498594][ T9001] ? ip6_finish_output2+0x2550/0x2550 [ 222.503971][ T9001] ? mark_held_locks+0xf0/0xf0 [ 222.508747][ T9001] ? ip6_setup_cork+0x1870/0x1870 [ 222.513777][ T9001] ? inet6_csk_route_socket+0x715/0xf40 [ 222.519347][ T9001] inet6_csk_xmit+0x2fb/0x5d0 [ 222.524055][ T9001] ? inet6_csk_update_pmtu+0x190/0x190 [ 222.529515][ T9001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.535763][ T9001] ? csum_ipv6_magic+0x20/0x80 [ 222.540543][ T9001] __tcp_transmit_skb+0x1a32/0x3750 [ 222.545776][ T9001] ? __tcp_select_window+0x8b0/0x8b0 [ 222.551079][ T9001] ? lockdep_hardirqs_on+0x418/0x5d0 [ 222.556374][ T9001] ? trace_hardirqs_on+0x67/0x230 [ 222.561426][ T9001] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 222.567167][ T9001] tcp_write_xmit+0xe39/0x5660 [ 222.571949][ T9001] ? lock_downgrade+0x880/0x880 [ 222.576820][ T9001] __tcp_push_pending_frames+0xb4/0x350 [ 222.582380][ T9001] tcp_sendmsg_locked+0x25d8/0x37f0 [ 222.587633][ T9001] ? tcp_sendpage+0x60/0x60 [ 222.592140][ T9001] ? trace_hardirqs_on+0x67/0x230 [ 222.597166][ T9001] ? lock_sock_nested+0x9a/0x120 [ 222.602116][ T9001] ? __local_bh_enable_ip+0x15a/0x270 [ 222.607586][ T9001] tcp_sendmsg+0x30/0x50 [ 222.611838][ T9001] inet_sendmsg+0x147/0x5e0 [ 222.616344][ T9001] ? ipip_gro_receive+0x100/0x100 [ 222.621369][ T9001] sock_sendmsg+0xdd/0x130 [ 222.625793][ T9001] __sys_sendto+0x262/0x380 [ 222.630316][ T9001] ? __ia32_sys_getpeername+0xb0/0xb0 [ 222.635704][ T9001] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 222.641951][ T9001] ? put_timespec64+0xda/0x140 [ 222.646717][ T9001] ? nsecs_to_jiffies+0x30/0x30 [ 222.651576][ T9001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 222.657038][ T9001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 222.662507][ T9001] ? do_syscall_64+0x26/0x610 [ 222.667186][ T9001] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.673262][ T9001] __x64_sys_sendto+0xe1/0x1a0 [ 222.678042][ T9001] do_syscall_64+0x103/0x610 [ 222.682636][ T9001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.688522][ T9001] RIP: 0033:0x4582b9 [ 222.692415][ T9001] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.712032][ T9001] RSP: 002b:00007fc65b880c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 222.720911][ T9001] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 222.729028][ T9001] RDX: ffffffffffffffd4 RSI: 0000000020000340 RDI: 0000000000000005 [ 222.737010][ T9001] RBP: 000000000073c0e0 R08: 0000000000000000 R09: ffffffffffffff9a [ 222.744991][ T9001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8816d4 [ 222.752967][ T9001] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 222.823666][ T9001] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/9001 [ 222.833202][ T9001] caller is ip6_finish_output+0x335/0xdc0 [ 222.839094][ T9001] CPU: 0 PID: 9001 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 222.848346][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.858411][ T9001] Call Trace: [ 222.861717][ T9001] dump_stack+0x172/0x1f0 [ 222.866071][ T9001] __this_cpu_preempt_check+0x246/0x270 [ 222.871630][ T9001] ip6_finish_output+0x335/0xdc0 [ 222.876589][ T9001] ip6_output+0x235/0x7f0 [ 222.880933][ T9001] ? ip6_finish_output+0xdc0/0xdc0 [ 222.886057][ T9001] ? ip6_fragment+0x3980/0x3980 [ 222.890923][ T9001] ip6_xmit+0xe41/0x20c0 [ 222.895185][ T9001] ? ip6_finish_output2+0x2550/0x2550 [ 222.900599][ T9001] ? mark_held_locks+0xf0/0xf0 [ 222.905374][ T9001] ? ip6_setup_cork+0x1870/0x1870 [ 222.905408][ T9001] inet6_csk_xmit+0x2fb/0x5d0 [ 222.905435][ T9001] ? inet6_csk_update_pmtu+0x190/0x190 [ 222.920605][ T9001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.920637][ T9001] ? csum_ipv6_magic+0x20/0x80 [ 222.931649][ T9001] __tcp_transmit_skb+0x1a32/0x3750 [ 222.936870][ T9001] ? __tcp_select_window+0x8b0/0x8b0 [ 222.942197][ T9001] ? ktime_get+0x105/0x300 [ 222.946631][ T9001] __tcp_send_ack.part.0+0x3c6/0x5b0 [ 222.951930][ T9001] tcp_send_ack+0x88/0xa0 [ 222.951946][ T9001] __tcp_ack_snd_check+0x165/0x8d0 [ 222.951967][ T9001] tcp_rcv_established+0x9ed/0x1fb0 [ 222.966584][ T9001] ? tcp_data_queue+0x4840/0x4840 [ 222.971881][ T9001] ? __local_bh_enable_ip+0x100/0x270 [ 222.977261][ T9001] ? _raw_spin_unlock_bh+0x31/0x40 [ 222.982385][ T9001] ? __local_bh_enable_ip+0x15a/0x270 [ 222.987779][ T9001] ? lockdep_hardirqs_on+0x418/0x5d0 [ 222.993080][ T9001] tcp_v6_do_rcv+0x421/0x12c0 [ 222.997831][ T9001] __release_sock+0x12e/0x3a0 [ 223.002537][ T9001] __sk_flush_backlog+0x28/0x40 [ 223.007409][ T9001] tcp_sendmsg_locked+0x2715/0x37f0 [ 223.012670][ T9001] ? tcp_sendpage+0x60/0x60 [ 223.017179][ T9001] ? trace_hardirqs_on+0x67/0x230 [ 223.022207][ T9001] ? lock_sock_nested+0x9a/0x120 [ 223.027151][ T9001] ? __local_bh_enable_ip+0x15a/0x270 [ 223.032536][ T9001] tcp_sendmsg+0x30/0x50 [ 223.036780][ T9001] inet_sendmsg+0x147/0x5e0 [ 223.041285][ T9001] ? ipip_gro_receive+0x100/0x100 [ 223.046313][ T9001] sock_sendmsg+0xdd/0x130 [ 223.050750][ T9001] __sys_sendto+0x262/0x380 [ 223.055259][ T9001] ? __ia32_sys_getpeername+0xb0/0xb0 [ 223.060660][ T9001] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.066907][ T9001] ? put_timespec64+0xda/0x140 [ 223.071692][ T9001] ? nsecs_to_jiffies+0x30/0x30 [ 223.076564][ T9001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 223.082021][ T9001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 223.087490][ T9001] ? do_syscall_64+0x26/0x610 [ 223.092166][ T9001] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.098243][ T9001] __x64_sys_sendto+0xe1/0x1a0 [ 223.103014][ T9001] do_syscall_64+0x103/0x610 [ 223.107610][ T9001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.113499][ T9001] RIP: 0033:0x4582b9 [ 223.117392][ T9001] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 223.137009][ T9001] RSP: 002b:00007fc65b880c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 223.145445][ T9001] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 223.153434][ T9001] RDX: ffffffffffffffd4 RSI: 0000000020000340 RDI: 0000000000000005 [ 223.161417][ T9001] RBP: 000000000073c0e0 R08: 0000000000000000 R09: ffffffffffffff9a 17:04:37 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)={[{@fat=@sys_immutable='sys_immutable'}, {@fat=@nocase='nocase'}, {@fat=@nfs_nostale_ro='nfs=nostale_ro'}]}) 17:04:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7d9288a000000000000464d4f8a90615100"/32, 0x20) [ 223.169406][ T9001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc65b8816d4 [ 223.177380][ T9001] R13: 00000000004c59f3 R14: 00000000004d9d88 R15: 00000000ffffffff [ 223.207612][ T9013] FAT-fs (loop5): bogus number of reserved sectors [ 223.219100][ T9013] FAT-fs (loop5): Can't find a valid FAT filesystem [ 223.517197][ T8967] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/8967 [ 223.526832][ T8967] caller is ip6_finish_output+0x335/0xdc0 [ 223.532578][ T8967] CPU: 1 PID: 8967 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190405 #19 [ 223.541603][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.551676][ T8967] Call Trace: [ 223.554994][ T8967] dump_stack+0x172/0x1f0 [ 223.559349][ T8967] __this_cpu_preempt_check+0x246/0x270 [ 223.564914][ T8967] ip6_finish_output+0x335/0xdc0 [ 223.569889][ T8967] ip6_output+0x235/0x7f0 [ 223.574260][ T8967] ? ip6_finish_output+0xdc0/0xdc0 [ 223.579404][ T8967] ? ip6_fragment+0x3980/0x3980 [ 223.584287][ T8967] ip6_xmit+0xe41/0x20c0 [ 223.588552][ T8967] ? ip6_finish_output2+0x2550/0x2550 [ 223.593934][ T8967] ? mark_held_locks+0xf0/0xf0 [ 223.598729][ T8967] ? ip6_setup_cork+0x1870/0x1870 [ 223.603778][ T8967] ? inet6_csk_route_socket+0x715/0xf40 [ 223.610115][ T8967] inet6_csk_xmit+0x2fb/0x5d0 [ 223.614805][ T8967] ? inet6_csk_update_pmtu+0x190/0x190 [ 223.620318][ T8967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.632784][ T8967] ? csum_ipv6_magic+0x20/0x80 [ 223.637553][ T8967] __tcp_transmit_skb+0x1a32/0x3750 [ 223.642781][ T8967] ? __tcp_select_window+0x8b0/0x8b0 [ 223.648099][ T8967] ? lockdep_hardirqs_on+0x418/0x5d0 [ 223.653399][ T8967] ? trace_hardirqs_on+0x67/0x230 [ 223.658435][ T8967] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 223.664183][ T8967] ? ktime_get+0x208/0x300 [ 223.668621][ T8967] tcp_send_active_reset+0x43a/0x8e0 [ 223.673926][ T8967] tcp_close+0xbb1/0x10c0 [ 223.678276][ T8967] ? sock_fasync+0x100/0x160 [ 223.682873][ T8967] inet_release+0x105/0x1f0 [ 223.687481][ T8967] inet6_release+0x53/0x80 [ 223.691930][ T8967] __sock_release+0xd3/0x2b0 [ 223.696533][ T8967] ? __sock_release+0x2b0/0x2b0 [ 223.701369][ T8967] sock_close+0x1b/0x30 [ 223.705525][ T8967] __fput+0x2e5/0x8d0 [ 223.709511][ T8967] ____fput+0x16/0x20 [ 223.713481][ T8967] task_work_run+0x14a/0x1c0 [ 223.718064][ T8967] do_exit+0x90a/0x2fa0 [ 223.722285][ T8967] ? get_signal+0x331/0x1d50 [ 223.726883][ T8967] ? mm_update_next_owner+0x640/0x640 [ 223.732261][ T8967] ? kasan_check_write+0x14/0x20 [ 223.737215][ T8967] ? _raw_spin_unlock_irq+0x28/0x90 [ 223.742409][ T8967] ? get_signal+0x331/0x1d50 [ 223.747018][ T8967] ? _raw_spin_unlock_irq+0x28/0x90 [ 223.752223][ T8967] do_group_exit+0x135/0x370 [ 223.756812][ T8967] get_signal+0x399/0x1d50 [ 223.761234][ T8967] ? debug_object_activate+0x2a9/0x470