subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1945/file0/file0" dev="sda1" ino=16753 res=1 00:13:07 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:07 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01", 0x11}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:07 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x0, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r3, r2, 0x0) [ 2011.517032][T10852] FAT-fs (loop3): invalid media value (0x00) [ 2011.558605][T10852] FAT-fs (loop3): Can't find a valid FAT filesystem 00:13:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:07 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r3, r2, 0x0) 00:13:08 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:08 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r3, r2, 0x0) [ 2012.122391][T10877] FAT-fs (loop0): bogus number of reserved sectors 00:13:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r3, r2, 0x0) [ 2012.152960][T10877] FAT-fs (loop0): Can't find a valid FAT filesystem 00:13:08 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r3, r2, 0x0) 00:13:08 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r3, r2, 0x0) [ 2012.793234][T10901] FAT-fs (loop3): bogus number of reserved sectors 00:13:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2012.856084][T10901] FAT-fs (loop3): Can't find a valid FAT filesystem 00:13:09 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r3, r2, 0x0) 00:13:09 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2013.108672][ T26] audit: type=1804 audit(1573258389.278:1033): pid=10898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2000/file0/file0" dev="sda1" ino=16911 res=1 00:13:09 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, 0x0) dup3(0xffffffffffffffff, r2, 0x0) [ 2013.313022][T10920] FAT-fs (loop0): bogus number of reserved sectors [ 2013.337535][T10920] FAT-fs (loop0): Can't find a valid FAT filesystem 00:13:09 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, 0x0) dup3(0xffffffffffffffff, r2, 0x0) 00:13:11 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:11 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, 0x0) dup3(0xffffffffffffffff, r2, 0x0) 00:13:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:11 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:11 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r2, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)) dup3(0xffffffffffffffff, r2, 0x0) [ 2015.512366][ T26] audit: type=1804 audit(1573258391.688:1034): pid=10948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1948/file0/file0" dev="loop0" ino=2544 res=1 [ 2015.549525][T10948] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)) dup3(0xffffffffffffffff, r2, 0x0) [ 2015.566001][T10948] FAT-fs (loop0): Filesystem has been set read-only [ 2015.573737][T10948] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:12 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:12 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)) dup3(0xffffffffffffffff, r2, 0x0) [ 2016.114466][T10986] FAT-fs (loop0): bogus number of reserved sectors [ 2016.149479][T10986] FAT-fs (loop0): Can't find a valid FAT filesystem 00:13:12 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r2, 0xffffffffffffffff, 0x0) [ 2016.354825][ T26] audit: type=1804 audit(1573258392.528:1035): pid=10986 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1949/file0/file0" dev="sda1" ino=17337 res=1 00:13:14 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:14 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:14 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r2, 0xffffffffffffffff, 0x0) 00:13:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2018.317340][T11012] FAT-fs (loop2): bogus number of reserved sectors [ 2018.331578][T11012] FAT-fs (loop2): Can't find a valid FAT filesystem 00:13:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r2, 0xffffffffffffffff, 0x0) [ 2018.477194][ T26] audit: type=1804 audit(1573258394.648:1036): pid=11022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1770/file0/file0" dev="sda1" ino=17332 res=1 00:13:15 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:15 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2019.143030][T11038] FAT-fs (loop4): bogus number of reserved sectors [ 2019.185665][T11038] FAT-fs (loop4): Can't find a valid FAT filesystem 00:13:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:15 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2019.418508][ T26] audit: type=1804 audit(1573258395.588:1037): pid=11038 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1864/file0/file0" dev="sda1" ino=17352 res=1 00:13:17 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:17 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:17 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:17 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2021.416196][T11095] FAT-fs (loop4): bogus number of reserved sectors [ 2021.455938][T11095] FAT-fs (loop4): Can't find a valid FAT filesystem 00:13:18 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:18 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:18 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:18 executing program 2: tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2022.862796][T11126] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2022.913461][T11126] FAT-fs (loop0): Filesystem has been set read-only [ 2022.955891][T11126] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:19 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2023.280334][T11152] FAT-fs (loop0): bogus number of reserved sectors [ 2023.290541][T11152] FAT-fs (loop0): Can't find a valid FAT filesystem [ 2023.400850][ T26] audit: type=1804 audit(1573258399.578:1038): pid=11152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1954/file0/file0" dev="sda1" ino=16574 res=1 00:13:20 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:20 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:20 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:20 executing program 2: pipe(&(0x7f0000000000)) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:20 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2024.554021][T11177] FAT-fs (loop4): bogus number of reserved sectors [ 2024.705155][T11177] FAT-fs (loop4): Can't find a valid FAT filesystem 00:13:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:21 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2024.932119][ T26] audit: type=1804 audit(1573258401.108:1039): pid=11179 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1955/file0/file0" dev="sda1" ino=16725 res=1 [ 2025.020919][ T26] audit: type=1804 audit(1573258401.198:1040): pid=11166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1867/file0/file0" dev="sda1" ino=17384 res=1 00:13:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2025.306781][T11213] FAT-fs (loop0): bogus number of reserved sectors [ 2025.317551][T11213] FAT-fs (loop0): Can't find a valid FAT filesystem 00:13:21 executing program 4: pipe(&(0x7f0000000000)) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:21 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:21 executing program 3: pipe(&(0x7f0000000000)) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2025.473921][ T26] audit: type=1804 audit(1573258401.648:1041): pid=11210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1956/file0/file0" dev="sda1" ino=16529 res=1 [ 2025.931555][ T26] audit: type=1804 audit(1573258402.108:1042): pid=11230 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1775/file0/file0" dev="loop2" ino=2549 res=1 [ 2025.962059][T11230] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2026.012062][T11230] FAT-fs (loop2): Filesystem has been set read-only [ 2026.019316][T11230] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2026.168776][T11239] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2026.181760][T11239] FAT-fs (loop4): Filesystem has been set read-only [ 2026.203013][T11239] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2026.305633][T11233] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2026.334931][T11233] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2026.348633][T11233] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2026.364185][T11233] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:23 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:23 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:23 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:23 executing program 4: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:23 executing program 3: pipe(&(0x7f0000000000)) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2027.712680][T11259] FAT-fs (loop2): bogus number of reserved sectors [ 2027.730608][T11259] FAT-fs (loop2): Can't find a valid FAT filesystem [ 2027.798559][T11253] FAT-fs (loop0): bogus number of reserved sectors [ 2027.843502][T11253] FAT-fs (loop0): Can't find a valid FAT filesystem 00:13:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2028.051765][ T26] audit: type=1804 audit(1573258404.228:1043): pid=11259 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1776/file0/file0" dev="sda1" ino=16642 res=1 00:13:24 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:24 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:25 executing program 3: pipe(&(0x7f0000000000)) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:25 executing program 4: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:26 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:26 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:26 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:26 executing program 4: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:26 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2031.138747][T11344] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2031.164399][T11363] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2031.174686][T11344] FAT-fs (loop4): Filesystem has been set read-only [ 2031.191737][T11344] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2031.194693][T11352] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2031.244495][T11363] FAT-fs (loop0): Filesystem has been set read-only [ 2031.262714][T11352] FAT-fs (loop2): Filesystem has been set read-only [ 2031.286715][T11335] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2031.311162][T11352] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:13:27 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2031.333472][T11363] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2031.353546][T11335] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2031.372986][T11363] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2031.426230][T11337] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2031.437010][T11337] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2031.451405][T11337] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2031.482827][T11337] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:27 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:27 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:27 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2031.766781][ T26] audit: type=1804 audit(1573258407.938:1044): pid=11372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1872/file0/file0" dev="sda1" ino=16522 res=1 00:13:28 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:28 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2032.177246][ T26] audit: type=1804 audit(1573258408.348:1045): pid=11385 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1960/file0/file0" dev="loop0" ino=2563 res=1 [ 2032.301485][T11385] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2032.348975][T11385] FAT-fs (loop0): Filesystem has been set read-only [ 2032.364887][T11385] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2032.528785][ T26] audit: type=1804 audit(1573258408.698:1046): pid=11409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2011/file0" dev="sda1" ino=17011 res=1 00:13:28 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:29 executing program 4: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2033.010292][ T26] audit: type=1804 audit(1573258409.188:1047): pid=11423 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1961/file0/file0" dev="loop0" ino=2566 res=1 00:13:29 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2033.213040][T11435] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2033.276214][T11435] FAT-fs (loop0): Filesystem has been set read-only [ 2033.301280][T11435] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:29 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:29 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2033.414203][T11431] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2033.434943][T11431] FAT-fs (loop4): Filesystem has been set read-only [ 2033.482542][T11423] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2033.509392][T11431] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2033.515424][T11423] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2033.541697][T11423] FAT-fs (loop0): error, invalid access to FAT (entry 0x000008ff) 00:13:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2033.582191][T11423] FAT-fs (loop0): error, invalid access to FAT (entry 0x000008ff) [ 2033.728364][ T26] audit: type=1804 audit(1573258409.898:1048): pid=11448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2012/file0" dev="sda1" ino=16644 res=1 00:13:30 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2033.829635][ T26] audit: type=1804 audit(1573258409.978:1049): pid=11453 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1780/file0" dev="sda1" ino=16645 res=1 [ 2033.832662][T11429] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:13:30 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2033.968781][T11429] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:30 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2034.242820][ T26] audit: type=1804 audit(1573258410.418:1050): pid=11473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1962/file0/file0" dev="loop0" ino=2572 res=1 00:13:30 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:30 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2034.563511][T11484] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:30 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2034.592002][ T26] audit: type=1804 audit(1573258410.768:1051): pid=11479 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1874/file0/file0" dev="loop4" ino=2575 res=1 [ 2034.615207][T11484] FAT-fs (loop0): Filesystem has been set read-only 00:13:30 executing program 2: tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2034.656661][T11479] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2034.669436][T11484] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2034.677578][T11479] FAT-fs (loop4): Filesystem has been set read-only [ 2034.713467][T11479] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:30 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2034.769905][T11473] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2034.788214][T11473] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2034.798438][T11473] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:13:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2034.825968][T11473] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2034.973291][ T26] audit: type=1804 audit(1573258411.148:1052): pid=11497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2013/file0" dev="sda1" ino=17121 res=1 00:13:31 executing program 4: tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:31 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:31 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2035.395595][T11508] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2035.422440][T11508] FAT-fs (loop2): Filesystem has been set read-only 00:13:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2035.457462][T11508] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:13:31 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2035.668415][ T26] audit: type=1804 audit(1573258411.838:1053): pid=11531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1963/file0/file0" dev="sda1" ino=16535 res=1 [ 2035.706129][T11523] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2035.732823][T11523] FAT-fs (loop4): Filesystem has been set read-only [ 2035.759373][T11523] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:31 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:32 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:32 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:32 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:32 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2036.531569][T11578] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2036.567661][T11565] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2036.587635][T11579] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2036.606308][T11578] FAT-fs (loop2): Filesystem has been set read-only [ 2036.616655][T11579] FAT-fs (loop3): Filesystem has been set read-only [ 2036.635411][T11578] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2036.644887][T11579] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2036.654260][T11565] FAT-fs (loop4): Filesystem has been set read-only [ 2036.686482][T11565] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:32 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2036.821628][T11559] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2036.839156][T11559] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:33 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2036.924591][T11559] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2036.935110][T11556] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2036.979545][T11559] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2036.994134][T11556] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2037.004575][T11556] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2037.015840][T11556] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:33 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:33 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:33 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2037.736817][ T26] audit: type=1804 audit(1573258413.908:1054): pid=11613 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2015/file0/file0" dev="loop3" ino=2594 res=1 [ 2037.854827][T11613] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2037.900142][T11613] FAT-fs (loop3): Filesystem has been set read-only [ 2037.923466][T11613] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:13:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:34 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2038.007952][T11634] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2038.046012][T11634] FAT-fs (loop2): Filesystem has been set read-only 00:13:34 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2038.086916][T11634] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:13:34 executing program 4: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2038.246786][T11615] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:13:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2038.295795][T11615] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2038.354111][T11615] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2038.426064][ T26] audit: type=1804 audit(1573258414.598:1055): pid=11643 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1965/file0/file0" dev="sda1" ino=16595 res=1 [ 2038.439450][T11615] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2038.666315][ T26] audit: type=1804 audit(1573258414.838:1056): pid=11657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1878/file0/file0" dev="loop4" ino=2599 res=1 00:13:34 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2038.806780][T11657] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:35 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2038.863897][T11657] FAT-fs (loop4): Filesystem has been set read-only [ 2038.918979][T11657] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:35 executing program 4: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:35 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:13:35 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2039.844150][ T26] audit: type=1804 audit(1573258416.018:1057): pid=11717 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2017/file0/file0" dev="sda1" ino=16644 res=1 00:13:36 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:36 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:36 executing program 4: pipe(0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:36 executing program 3: pipe(0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2040.718124][ T26] audit: type=1804 audit(1573258416.888:1058): pid=11742 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1785/file0/file0" dev="sda1" ino=17185 res=1 00:13:37 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2040.843008][ T26] audit: type=1804 audit(1573258416.938:1059): pid=11755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1880/file0/file0" dev="loop4" ino=2602 res=1 00:13:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2040.997683][T11768] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2041.056892][T11768] FAT-fs (loop4): Filesystem has been set read-only 00:13:37 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2041.115891][T11768] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, 0x0, 0x0) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2041.252260][ T26] audit: type=1804 audit(1573258417.418:1060): pid=11769 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2018/file0/file0" dev="loop3" ino=2605 res=1 [ 2041.419864][ T26] audit: type=1804 audit(1573258417.588:1061): pid=11780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1967/file0/file0" dev="loop0" ino=2608 res=1 [ 2041.532874][T11790] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2041.567671][T11780] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2041.570330][T11790] FAT-fs (loop3): Filesystem has been set read-only 00:13:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, 0x0, 0x0) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2041.579369][T11755] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2041.597005][T11780] FAT-fs (loop0): Filesystem has been set read-only [ 2041.616852][T11780] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:37 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2041.628116][T11790] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2041.643329][T11755] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2041.689212][T11769] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:13:37 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2041.746863][T11769] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:38 executing program 4: pipe(0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, 0x0, 0x0) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2041.806257][T11769] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2041.856318][T11769] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:38 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2042.111457][ T26] audit: type=1804 audit(1573258418.278:1062): pid=11805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1786/file0/file0" dev="sda1" ino=17345 res=1 [ 2042.252183][ T26] audit: type=1804 audit(1573258418.368:1063): pid=11825 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1968/file0/file0" dev="sda1" ino=16572 res=1 00:13:38 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:39 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:13:39 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:39 executing program 4: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:13:39 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2043.551548][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 2043.551570][ T26] audit: type=1804 audit(1573258419.728:1065): pid=11873 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1969/file0/file0" dev="loop0" ino=2611 res=1 00:13:39 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2043.637092][T11873] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2043.663932][T11873] FAT-fs (loop0): Filesystem has been set read-only [ 2043.700477][T11873] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:40 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2044.259835][T11893] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2044.281091][T11893] FAT-fs (loop3): Filesystem has been set read-only [ 2044.297421][T11893] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2044.373073][T11900] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2044.388628][T11900] FAT-fs (loop0): Filesystem has been set read-only [ 2044.401510][T11900] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:13:40 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:40 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:40 executing program 2: pipe(0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:40 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:40 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2045.217936][ T26] audit: type=1804 audit(1573258421.388:1066): pid=11930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1971/file0/file0" dev="sda1" ino=16649 res=1 [ 2045.324002][ T26] audit: type=1804 audit(1573258421.438:1067): pid=11934 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1883/file0/file0" dev="sda1" ino=16755 res=1 00:13:41 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2045.423675][ T26] audit: type=1804 audit(1573258421.478:1068): pid=11935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1788/file0/file0" dev="sda1" ino=17433 res=1 00:13:41 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:41 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2045.946593][ T26] audit: type=1804 audit(1573258422.118:1069): pid=11959 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1789/file0/file0" dev="sda1" ino=17438 res=1 00:13:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, 0x0, 0x0, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:42 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:42 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2046.153389][T11965] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2046.177449][T11965] FAT-fs (loop3): Filesystem has been set read-only [ 2046.190931][T11965] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:13:42 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:42 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) 00:13:43 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2046.850339][T11979] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2046.875153][T11979] FAT-fs (loop4): Filesystem has been set read-only [ 2046.913462][T11979] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) 00:13:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, 0x0, 0x0, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2047.175555][T11993] FAT-fs (loop3): error, invalid access to FAT (entry 0x000006ff) [ 2047.207693][T11993] FAT-fs (loop3): Filesystem has been set read-only [ 2047.240666][T11993] FAT-fs (loop3): error, invalid access to FAT (entry 0x000006ff) [ 2047.280645][ T26] audit: type=1804 audit(1573258423.458:1070): pid=12001 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1790/file0/file0" dev="sda1" ino=17427 res=1 00:13:43 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:43 executing program 3: pipe(0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:43 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:43 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2047.851382][ T26] audit: type=1804 audit(1573258424.028:1071): pid=12014 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1885/file0/file0" dev="loop4" ino=2627 res=1 [ 2047.951350][ T26] audit: type=1804 audit(1573258424.108:1072): pid=12019 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2024/file0/file0" dev="sda1" ino=16836 res=1 00:13:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, 0x0, 0x0, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2048.005463][T12034] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2048.042887][ T26] audit: type=1804 audit(1573258424.158:1073): pid=12026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1973/file0/file0" dev="sda1" ino=17441 res=1 [ 2048.070379][T12034] FAT-fs (loop4): Filesystem has been set read-only 00:13:44 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2048.111179][T12034] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:44 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) [ 2048.278773][T12014] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2048.336868][T12014] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2048.389453][T12014] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2048.460463][ T26] audit: type=1804 audit(1573258424.638:1074): pid=12044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1791/file0/file0" dev="loop2" ino=2630 res=1 [ 2048.490860][T12014] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:44 executing program 3: pipe(0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2048.597144][T12044] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2048.628421][T12044] FAT-fs (loop2): Filesystem has been set read-only 00:13:44 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:13:44 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2048.657519][T12044] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:13:44 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) [ 2048.792505][T12047] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2048.812011][T12047] FAT-fs (loop0): Filesystem has been set read-only [ 2048.819422][T12047] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540), 0x0, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:45 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) [ 2049.143744][ T26] audit: type=1804 audit(1573258425.318:1075): pid=12070 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1886/file0/file0" dev="sda1" ino=17450 res=1 00:13:45 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2049.334720][ T26] audit: type=1804 audit(1573258425.348:1076): pid=12068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1886/file0/file0" dev="sda1" ino=17450 res=1 00:13:45 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2049.684176][T12080] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2049.704538][T12080] FAT-fs (loop2): Filesystem has been set read-only [ 2049.720742][T12080] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:46 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:46 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:13:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540), 0x0, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2050.248794][ T26] audit: type=1804 audit(1573258426.418:1077): pid=12110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1887/file0/file0" dev="loop4" ino=2637 res=1 00:13:46 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) [ 2050.401134][ T26] audit: type=1804 audit(1573258426.578:1078): pid=12117 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1793/file0/file0" dev="sda1" ino=16802 res=1 [ 2050.492111][T12110] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2050.501311][T12110] FAT-fs (loop4): Filesystem has been set read-only [ 2050.508473][T12110] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF 00:13:46 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2050.563187][T12109] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:46 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:46 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:13:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540), 0x0, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2051.154705][ T26] audit: type=1804 audit(1573258427.328:1079): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1888/file0/file0" dev="loop4" ino=2642 res=1 [ 2051.307730][T12125] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2051.328879][T12125] FAT-fs (loop0): Filesystem has been set read-only [ 2051.337237][T12125] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:47 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:47 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2051.432859][T12144] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2051.454862][T12144] FAT-fs (loop4): Filesystem has been set read-only [ 2051.472091][T12144] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2051.505633][T12141] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:47 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:47 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:13:48 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2051.952735][ T26] audit: type=1804 audit(1573258428.128:1080): pid=12158 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/1977/file0/file0" dev="sda1" ino=16524 res=1 00:13:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2052.111206][ T26] audit: type=1804 audit(1573258428.198:1081): pid=12166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1889/file0/file0" dev="sda1" ino=16644 res=1 [ 2052.227158][ T26] audit: type=1804 audit(1573258428.318:1082): pid=12165 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1794/file0/file0" dev="loop2" ino=2645 res=1 [ 2052.277873][T12178] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2052.291533][T12178] FAT-fs (loop2): Filesystem has been set read-only [ 2052.336298][T12178] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2052.347826][ T26] audit: type=1804 audit(1573258428.388:1083): pid=12171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2028/file0/file0" dev="sda1" ino=17460 res=1 [ 2052.535294][T12165] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2052.562605][T12165] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:48 executing program 0: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:48 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2052.641259][T12165] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2052.673716][T12165] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:48 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:13:48 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:49 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2053.063643][ T26] audit: type=1804 audit(1573258429.238:1084): pid=12203 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1890/file0/file0" dev="loop4" ino=2648 res=1 00:13:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2053.236139][T12223] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2053.445681][T12223] FAT-fs (loop4): Filesystem has been set read-only [ 2053.494760][T12210] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2053.523065][T12210] FAT-fs (loop2): Filesystem has been set read-only [ 2053.547369][T12210] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2053.568396][T12223] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2053.583152][T12196] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2053.592525][T12196] FAT-fs (loop0): Filesystem has been set read-only [ 2053.599963][T12196] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) 00:13:49 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2053.687935][T12203] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2053.722644][T12203] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:50 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:50 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2053.836330][T12213] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2053.860457][T12213] FAT-fs (loop3): Filesystem has been set read-only [ 2053.886385][T12213] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2053.896630][T12206] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:13:50 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:13:50 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2054.230376][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 2054.230397][ T26] audit: type=1804 audit(1573258430.408:1087): pid=12251 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1891/file0/file0" dev="sda1" ino=17464 res=1 [ 2054.424499][T12243] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2054.459032][T12243] FAT-fs (loop2): Filesystem has been set read-only [ 2054.490510][T12243] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2054.512876][T12241] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2054.543045][T12241] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2054.613062][ T26] audit: type=1804 audit(1573258430.788:1088): pid=12264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2030/file0/file0" dev="sda1" ino=16537 res=1 00:13:50 executing program 2: r0 = socket(0x15, 0x805, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0x10) 00:13:51 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:51 executing program 2: r0 = socket(0x15, 0x805, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0x10) 00:13:51 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400400, 0x0, 0x1, 0x9}, 0x20) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400400, 0x0, 0x1, 0x9}, 0x20) 00:13:51 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r3, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000002a00070200"/20, @ANYRES32=r3, @ANYBLOB="ecff1200071c0000000000de"], 0x24}}, 0x0) 00:13:51 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setuid(0x0) [ 2055.314012][ T26] audit: type=1804 audit(1573258431.488:1089): pid=12287 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1892/file0/file0" dev="loop4" ino=2660 res=1 00:13:51 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2055.478355][T12295] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:51 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() ptrace$setopts(0x4206, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getpid() tkill(0x0, 0x9) r1 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r2, 0x0, 0xedc0) [ 2055.593625][T12295] FAT-fs (loop4): Filesystem has been set read-only [ 2055.627572][T12295] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:51 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() tkill(r2, 0x9) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r4, 0x0, 0xedc0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) 00:13:51 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) [ 2055.789952][T12287] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2055.832775][T12287] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2055.869908][T12287] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2055.928470][T12287] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF 00:13:52 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setrlimit(0x7, &(0x7f0000000080)) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) 00:13:52 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:52 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() tkill(r2, 0x9) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r4, 0x0, 0xedc0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) 00:13:52 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) 00:13:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2056.393648][ T26] audit: type=1804 audit(1573258432.568:1090): pid=12342 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1893/file0/file0" dev="sda1" ino=16577 res=1 00:13:52 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\b', 0x2000003ffe}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_ifreq(r0, 0x8922, &(0x7f0000000080)={'eql\x00', @ifru_ivalue=0x10e8}) 00:13:52 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:52 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "51ba2ffb361b97aaf92bee8b523625553af192b1ac378e62106e090b190bc06a"}}) 00:13:53 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x67, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0406618, &(0x7f0000000140)={{0x0, 0x0, @identifier="597b08e190b1961f44715390a004e533"}}) r0 = gettid() r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x200000) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{0x3, 0x0, 0x2, 0x101}, {0x200, 0x6, 0x2}, {0x0, 0x0, 0x0, 0xff}, {0x5d9, 0x39, 0x6, 0x24579c7f}, {0x0, 0x40, 0x0, 0x934a}, {0x1, 0x83, 0x0, 0x6}]}, 0x8) process_vm_writev(r0, &(0x7f0000000180)=[{&(0x7f0000000400)=""/127, 0x7f}], 0x1, &(0x7f0000000d40)=[{&(0x7f0000001880)=""/4096, 0x7ffff000}], 0x1, 0x0) getpgrp(0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000600)='net/tcp\x00') socket$nl_route(0x10, 0x3, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x0) syz_open_procfs(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) pipe2(0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) socket(0x0, 0x803, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000540)='limits\x00\x80\xa8\xdb\x02\xffC\xd2p\xa5W\x14\xa2\xc0+\xfc \x84YN\xff\x1a\x7f\x85\xf1\xa7(q|\xe3\xed8\x15\x18,?\x06\x86\xc9\x80\x86\x1b\xa8\xc4J\xcb\x7f`\xa3\xf2\xb5\x03l\xc1~cK8\xf3\xe1;JG\xed\x0f\xb3\x95\xb2\x14z{d\x1d\xff\xc5\xcd\xe0\xae\xd6\xbdS-\xc0\x90m\xa0\rq]K\xe3\xff\xff\xe1Q\xeb7V\xfe\x17\xef9.5\xafc\t\x13\xde\xc7\x8e\xebn_Q\xeb*w\xa7\x9e\x8ab\xdcS\xf0\xd4\xcb\x06`v\xc8\x01\xac`AqDS%S\xaf\x98\xb0\x02{\\\x9f1%\xf0\xf0\xd2a\x91\f\x153\xad{\f2\x90`bz\x14\x901R\xdd\x11\xd7\xc9\x10\x85\a\xd7\xf0|\xccW&\xe9\x81Eu\xa2db\xd6JJ$\xe1_fH') preadv(r4, &(0x7f00000017c0), 0x3a8, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x0, 0x100000003, 0x1, 0x0, 0x0, 0x400000000}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x0, 0x0, 0x1, 0x3}, 0x20) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x202, 0x4000000000dc) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="44d9195b2745c9eb1a8a8192ae8cd6a46f93b3a564755b8e99229322", @ANYRES16, @ANYBLOB="050c3700000071b3166100000000"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8040) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000540)='limits\x00\x80\xa8\xdb\x02\xffC\xd2p\xa5W\x14\xa2\xc0+\xfc \x84YN\xff\x1a\x7f\x85\xf1\xa7(q|\xe3\xed8\x15\x18,?\x06\x86\xc9\x80\x86\x1b\xa8\xc4J\xcb\x7f`\xa3\xf2\xb5\x03l\xc1~cK8\xf3\xe1;JG\xed\x0f\xb3\x95\xb2\x14z{d\x1d\xff\xc5\xcd\xe0\xae\xd6\xbdS-\xc0\x90m\xa0\rq]K\xe3\xff\xff\xe1Q\xeb7V\xfe\x17\xef9.5\xafc\t\x13\xde\xc7\x8e\xebn_Q\xeb*w\xa7\x9e\x8ab\xdcS\xf0\xd4\xcb\x06`v\xc8\x01\xac`AqDS%S\xaf\x98\xb0\x02{\\\x9f1%\xf0\xf0\xd2a\x91\f\x153\xad{\f2\x90`bz\x14\x901R\xdd\x11\xd7\xc9\x10\x85\a\xd7\xf0|\xccW&\xe9\x81Eu\xa2db\xd6JJ$\xe1_fH') 00:13:53 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000440)=0x2) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') getgroups(0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x0, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000510}, 0xc, &(0x7f0000000300)={&(0x7f0000000700)={0x154, 0x0, 0x202, 0x70bd27, 0x0, {}, [@TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8483}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffb}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x81}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x4}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1f}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x8904) mknodat(r1, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) 00:13:53 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup(r0) read$usbmon(r1, 0x0, 0x0) 00:13:53 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:53 executing program 0: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000010, 0x80000000002, 0x0) write(r0, &(0x7f0000000180)="240000001a0025f00034009300edfc0e800300000000af00000000000800010048050006", 0x24) [ 2057.518180][ T26] audit: type=1804 audit(1573258433.688:1091): pid=12390 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1894/file0/file0" dev="sda1" ino=16577 res=1 00:13:53 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:53 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x80000000b9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() socket$nl_route(0x10, 0x3, 0x0) tkill(r2, 0x9) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r4, 0x0, 0xedc0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, 0x0, 0x0) setsockopt$sock_int(r6, 0x1, 0x0, 0x0, 0xfdfc) connect$inet(r6, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) r7 = socket(0x80000000000000a, 0x0, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xe0, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x100000, 0x0, 0x9}, 0x18) 00:13:54 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)) 00:13:54 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000004000)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}], 0x2, 0x0) 00:13:54 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() ptrace$setopts(0x4206, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) 00:13:54 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/igmp\x00') preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000740)=""/4096, 0x1000}], 0x1, 0x0) 00:13:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:54 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() tkill(r2, 0x9) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r4, 0x0, 0xedc0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) r7 = socket(0x0, 0x2, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xe0, 0x0, 0x0, @loopback}}}, 0x108) 00:13:54 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:54 executing program 0: shmat(0x0, &(0x7f000000d000/0x2000)=nil, 0x5800) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) 00:13:54 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) socket$inet_udp(0x2, 0x2, 0x0) 00:13:54 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:54 executing program 3: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) [ 2058.869311][ T26] audit: type=1804 audit(1573258435.048:1092): pid=12452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1895/file0/file0" dev="loop4" ino=2664 res=1 [ 2058.917919][T12452] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2058.945054][T12452] FAT-fs (loop4): Filesystem has been set read-only 00:13:55 executing program 3: r0 = add_key(&(0x7f0000000080)='user\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='V', 0x1, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, r0) [ 2058.966593][T12452] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:55 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000a00)=[{{&(0x7f00000000c0)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{&(0x7f00000003c0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000580)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x86, 0x2}]}}}], 0x18}}], 0x2, 0x0) 00:13:55 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:55 executing program 2: io_setup(0x8, &(0x7f0000000180)=0x0) io_submit(r0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 00:13:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:55 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() tkill(r2, 0x9) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r4, 0x0, 0xedc0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) 00:13:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 00:13:55 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0xe, 0x800000000000004, 0x4, 0x8008, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) [ 2059.488007][ T26] audit: type=1804 audit(1573258435.658:1093): pid=12479 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1896/file0/file0" dev="loop4" ino=2667 res=1 00:13:55 executing program 0: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) lseek(r0, 0xfffffffffffffffe, 0x1) getdents64(r0, &(0x7f0000000180)=""/166, 0xa6) readv(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 00:13:55 executing program 3: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x200, 0x0) [ 2059.571228][T12479] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2059.606895][T12479] FAT-fs (loop4): Filesystem has been set read-only [ 2059.614010][T12479] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:55 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:55 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:56 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() tkill(r2, 0x9) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r4, 0x0, 0xedc0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:13:56 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001380)=""/7, 0x7}, {0x0, 0x353}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r0, &(0x7f00000017c0), 0x331, 0x0) 00:13:56 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000004000)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="180000000000000029000000b51951690acfb8e4471cdd39"], 0x18}}], 0x2, 0x0) [ 2060.052721][ T26] audit: type=1804 audit(1573258436.228:1094): pid=12526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1897/file0/file0" dev="sda1" ino=16522 res=1 00:13:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x3) 00:13:56 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:56 executing program 0: add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) 00:13:56 executing program 2: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x1420000a77, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001800110300000000000000000a200000000000000000000014000500fe80"], 0x1}}, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RLERROR(r1, &(0x7f0000000080)={0xa, 0x7, 0x0, {0x1, '\xde'}}, 0xa) 00:13:56 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:56 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00f0ffff000000000200000000", 0x58}], 0x1) 00:13:57 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:57 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001380)=""/7, 0x7}, {0x0, 0x353}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r0, &(0x7f00000017c0), 0x331, 0x0) 00:13:57 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00f0ffff000000000200000000", 0x58}], 0x1) [ 2061.102455][ T26] audit: type=1804 audit(1573258437.278:1095): pid=12564 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1898/file0/file0" dev="loop4" ino=2670 res=1 [ 2061.153304][T12564] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2061.180573][T12564] FAT-fs (loop4): Filesystem has been set read-only 00:13:57 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2061.204229][T12564] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x2) 00:13:57 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:57 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000180)=""/166, 0xa6) [ 2061.604061][ T26] audit: type=1804 audit(1573258437.778:1096): pid=12586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1899/file0/file0" dev="loop4" ino=2672 res=1 00:13:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c) [ 2061.649542][T12586] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:57 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2061.694660][T12586] FAT-fs (loop4): Filesystem has been set read-only [ 2061.721590][T12586] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:57 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000700)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000500)="00abe6d29e6101cb8b41eea5cf2e67fea541e9b7b65fe42e517d5f81d2919e1b2f4cf7f77a16fc3e961a0847916c7c2d9b77cd3160567341263cf19b3b2c6177e7065dda850c756c06aede12e9da8118bb5464ad07fa6146f6903ee57345cbd7551f547bdbe947b4f9a0b28cf29a28eda534fc6e2c9bf2c36c87da9ad79e6e7090", 0x4202692d7f740df1, 0x4000801, 0x0, 0xfffffffffffffeda) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0xffffffffffffffd0, 0x406142) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) fchdir(r2) open(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x216) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) recvfrom$inet(r0, &(0x7f0000000440)=""/98, 0x203be9be0e639dd, 0x0, 0x0, 0xffffffffffffffd7) 00:13:58 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:58 executing program 3: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr="ff3e6808e92b7abafc47d822996f60e4"}, 0x1c) 00:13:58 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/igmp6\x00') write$P9_RFSYNC(r0, 0x0, 0x0) [ 2062.128284][ T26] audit: type=1804 audit(1573258438.298:1097): pid=12613 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1900/file0/file0" dev="loop4" ino=2674 res=1 00:13:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:13:58 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) prctl$PR_SET_PTRACER(0x59616d61, r0) 00:13:58 executing program 3: r0 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r0, &(0x7f0000000240)="b1", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0xff8) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev}, 0x1c) [ 2062.179356][T12613] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2062.201408][T12613] FAT-fs (loop4): Filesystem has been set read-only [ 2062.208088][T12613] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:58 executing program 0: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x8020001) 00:13:58 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:58 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc), 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r2, 0x0, 0xedc0) 00:13:58 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000700)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000500)="00abe6d29e6101cb8b41eea5cf2e67fea541e9b7b65fe42e517d5f81d2919e1b2f4cf7f77a16fc3e961a0847916c7c2d9b77cd3160567341263cf19b3b2c6177e7065dda850c756c06aede12e9da8118bb5464ad07fa6146f6903ee57345cbd7551f547bdbe947b4f9a0b28cf29a28eda534fc6e2c9bf2c36c87da9ad79e6e7090", 0x4202692d7f740df1, 0x4000801, 0x0, 0xfffffffffffffeda) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0xffffffffffffffd0, 0x406142) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) fchdir(r2) open(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x216) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) recvfrom$inet(r0, &(0x7f0000000440)=""/98, 0x203be9be0e639dd, 0x0, 0x0, 0xffffffffffffffd7) 00:13:58 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:13:59 executing program 3: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) r1 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r2 = dup(r1) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000040)=""/207) [ 2062.881236][ T26] audit: type=1804 audit(1573258439.058:1098): pid=12644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1901/file0/file0" dev="loop4" ino=2676 res=1 [ 2062.969072][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2062.974927][ C0] protocol 88fb is buggy, dev hsr_slave_1 00:13:59 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000700)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000500)="00abe6d29e6101cb8b41eea5cf2e67fea541e9b7b65fe42e517d5f81d2919e1b2f4cf7f77a16fc3e961a0847916c7c2d9b77cd3160567341263cf19b3b2c6177e7065dda850c756c06aede12e9da8118bb5464ad07fa6146f6903ee57345cbd7551f547bdbe947b4f9a0b28cf29a28eda534fc6e2c9bf2c36c87da9ad79e6e7090", 0x4202692d7f740df1, 0x4000801, 0x0, 0xfffffffffffffeda) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0xffffffffffffffd0, 0x406142) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) fchdir(r2) open(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x216) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) recvfrom$inet(r0, &(0x7f0000000440)=""/98, 0x203be9be0e639dd, 0x0, 0x0, 0xffffffffffffffd7) [ 2063.026889][T12646] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2063.057627][T12646] FAT-fs (loop4): Filesystem has been set read-only [ 2063.114487][T12646] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:13:59 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc), 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r2, 0x0, 0xedc0) 00:13:59 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x80000000b9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() socket$nl_route(0x10, 0x3, 0x0) tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) setsockopt$sock_int(r4, 0x1, 0x0, 0x0, 0xfdfc) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xe0, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x100000, 0x0, 0x9}, 0x18) setsockopt$inet_int(r4, 0x0, 0x1f, &(0x7f0000000000)=0x9, 0x4) 00:13:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2063.249208][T12644] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2063.300187][T12644] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:13:59 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000700)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000500)="00abe6d29e6101cb8b41eea5cf2e67fea541e9b7b65fe42e517d5f81d2919e1b2f4cf7f77a16fc3e961a0847916c7c2d9b77cd3160567341263cf19b3b2c6177e7065dda850c756c06aede12e9da8118bb5464ad07fa6146f6903ee57345cbd7551f547bdbe947b4f9a0b28cf29a28eda534fc6e2c9bf2c36c87da9ad79e6e7090", 0x4202692d7f740df1, 0x4000801, 0x0, 0xfffffffffffffeda) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0xffffffffffffffd0, 0x406142) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) fchdir(r2) open(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x127f, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x216) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) recvfrom$inet(r0, &(0x7f0000000440)=""/98, 0x203be9be0e639dd, 0x0, 0x0, 0xffffffffffffffd7) [ 2063.372046][T12644] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2063.389120][T12644] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2063.439029][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2063.444839][ C0] protocol 88fb is buggy, dev hsr_slave_1 00:13:59 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:13:59 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000200)) 00:13:59 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000007c0)={'vcan0\x00', 0x0}) connect(r0, &(0x7f0000000740)=@ll={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="0400000000ffffff00000091436a8970bb95835835d2fcd9aa8e5295275000ddf235bd3128c10f40c9a4173c0c7dda03297cf9b5efcf33b9886b82eecadc530a5639d8684338f684a3ea29bf236d720da69effbf9472ccfafec9e3580d1e9ae0c951539719d9874a8436e2f09949c1c4ecc2c32d90bcd669b47fb708c4b5f9be640cb482d19da4608b4753fe512b96b144fbf076883a3e4dfb401050d805ed802b1c70423939f36f4503d1296a77215c0e1704c94dca38feed91b5a67fa9954856e8f0e4e18a8400007370f5da", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000000000000455201c284d3042646cb28816c6055151ca2c1467d0922ae05f2c27d20427db7a98c73166ac193b6214b6b11f97cf565bb8005c1daf48d1ef1a0d0c3ec2ae49d"], 0x80}}, 0x0) 00:13:59 executing program 3: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup(r0) read$usbmon(r1, 0x0, 0x0) 00:14:00 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x\x11k4\xd3\x1b\x05\xaf\xf0\x1eyRN\xc9\xc6V\x00\x02\x00\x00\x00\x00\x00\x00\x00', 0x275a, 0x0) 00:14:00 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2063.841051][ T26] audit: type=1804 audit(1573258440.018:1099): pid=12691 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1902/file0/file0" dev="sda1" ino=16521 res=1 00:14:00 executing program 0: shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) shmat(0x0, &(0x7f000000d000/0x2000)=nil, 0x5800) ioctl$KVM_S390_UCAS_MAP(0xffffffffffffffff, 0x4018ae50, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) 00:14:00 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x7, 0x1, {0xb, @sdr={0x0, 0xffffffff}}}) ioctl$VIDIOC_EXPBUF(r0, 0x40045613, &(0x7f0000000000)={0xb}) 00:14:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:00 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) 00:14:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, 0x0) socket(0x0, 0x0, 0x0) accept$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) rt_sigsuspend(0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x2) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62160554]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000780)={"54abec7338595f275a2292c45ff078f1cbbf04241d1c3421ec9bf61b2221bc18246e74f0001e36735c2ad340bf94ad2a35cfc5d0953a3b2bfd41e2e051c6765447395415a9b05dffbe957e300168dc46f8377130fd28e50a805a6005ab6167da65430e3fcc214d7893c6d91026b5f5192f346a367dbc8ae5df0fd099b4e7a6dadd7f555b203f504eda86e0e8d8c5f319604db5a686750d03bf3a67210063e9a17ca0a1ccd80a7d57cb034b828b784b14c9e5dd70ca358c6819c3df7f4443dced6d9a56bb54eac6538cc61c5e9ef3bda9feeb62cbe4f0e1d1c7f6cbbcada85dbb247b0551773f0734e6f4733db49c22e497557c2f74bfa0e4af9b6228643f180d9f9e1e2bcdf0c35a5b8c388e728b574a066e190800db7b42573f534b8f60e8f756dc4d8dec7ad58b0474fc002851b265cc72099d43115828ac723e73009150fcf7196b4133e2988d4b0fc459e57293afef8837fa0d5d24b984a95cb4bdc48fc9c6e73ebee6b1a3239b2c0eef7c751ccb9f2dcdc3c69173db48df6b5d6e59e6465283de675a8d053e7f3abf86f43006a5a0c6225a589c12583e767b9d817f17bf690444a18e6f8a35b2cb4b60c191efbb16393560b568ee6c82bed918aa4a34b575ac9966b395aafa7fc3b7f467b484eb7d2617e0a240e8acbc2a7e02b650f7d1be52f462be20faa32dd88eb041e2c46b24ed7ab79c10f05296f5461f4ebda25dd7b9908da4be62b0871b169016fab8aae31c7ba45e5b30b7556a062999f43d2dbb9995d2d5de72ffe885bf6bce45caa470933c0906807da75cd38533d8f16d875452c543b259e78215011d2be638eab023513cfe0693d3107e17cfc87e038fc7d1db232d15307fe1d2a818d0a4bde2c53d221111ffa646514dd1fbd3c011b058f79c6fb0a31857ea309018bf72180a434611195c975cf5e285777231b6f158ecaf212183600379fe9762277c13cb6cde9cc0178b883fd1f210180e599f8eb33d33a9ff0f70db1de485b2f2434f2707bf9a54bb6aff687c515c430d5087f4d53a57adf7c97a06dcc61d7733a93dc505d57d8d5c83bf83e345a979307d708756c3f0f1c53a28883b665fda239019f32fc6f07d700d05023e9ef5b66d4b6be57ffd6fe39703fd4eed61535568f47ee51eff8290618e8387d0ba0d00c5bc4585d2d85688af46bb1da08bf42901634cb10e6b03ee276c16980090b59f3c57b428ae0a7ede758c781e2a5a8585e903adde0a0a281a7779a59067d82985655d9138b75042970e11aee4b95b8bcf232473767cca0139b2c2fb40045c6e031950c314015db2524c3f2fe941f249d158a44aa14774e61b2ee185bdfea8f317e440a39533c6db7ffd3c2b626c1e1e088bcebc59526b016cc6a0e4b766c3f00f619d366e5a4378bc15f805a6fb8c9400"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) 00:14:00 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:01 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f00000004c0)=0x210, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffffefffc, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$inet(0x10, 0x3, 0x0) dup2(r1, r0) 00:14:01 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, 0x0) socket(0x0, 0x0, 0x0) accept$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) rt_sigsuspend(0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x2) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62160554]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000780)={"54abec7338595f275a2292c45ff078f1cbbf04241d1c3421ec9bf61b2221bc18246e74f0001e36735c2ad340bf94ad2a35cfc5d0953a3b2bfd41e2e051c6765447395415a9b05dffbe957e300168dc46f8377130fd28e50a805a6005ab6167da65430e3fcc214d7893c6d91026b5f5192f346a367dbc8ae5df0fd099b4e7a6dadd7f555b203f504eda86e0e8d8c5f319604db5a686750d03bf3a67210063e9a17ca0a1ccd80a7d57cb034b828b784b14c9e5dd70ca358c6819c3df7f4443dced6d9a56bb54eac6538cc61c5e9ef3bda9feeb62cbe4f0e1d1c7f6cbbcada85dbb247b0551773f0734e6f4733db49c22e497557c2f74bfa0e4af9b6228643f180d9f9e1e2bcdf0c35a5b8c388e728b574a066e190800db7b42573f534b8f60e8f756dc4d8dec7ad58b0474fc002851b265cc72099d43115828ac723e73009150fcf7196b4133e2988d4b0fc459e57293afef8837fa0d5d24b984a95cb4bdc48fc9c6e73ebee6b1a3239b2c0eef7c751ccb9f2dcdc3c69173db48df6b5d6e59e6465283de675a8d053e7f3abf86f43006a5a0c6225a589c12583e767b9d817f17bf690444a18e6f8a35b2cb4b60c191efbb16393560b568ee6c82bed918aa4a34b575ac9966b395aafa7fc3b7f467b484eb7d2617e0a240e8acbc2a7e02b650f7d1be52f462be20faa32dd88eb041e2c46b24ed7ab79c10f05296f5461f4ebda25dd7b9908da4be62b0871b169016fab8aae31c7ba45e5b30b7556a062999f43d2dbb9995d2d5de72ffe885bf6bce45caa470933c0906807da75cd38533d8f16d875452c543b259e78215011d2be638eab023513cfe0693d3107e17cfc87e038fc7d1db232d15307fe1d2a818d0a4bde2c53d221111ffa646514dd1fbd3c011b058f79c6fb0a31857ea309018bf72180a434611195c975cf5e285777231b6f158ecaf212183600379fe9762277c13cb6cde9cc0178b883fd1f210180e599f8eb33d33a9ff0f70db1de485b2f2434f2707bf9a54bb6aff687c515c430d5087f4d53a57adf7c97a06dcc61d7733a93dc505d57d8d5c83bf83e345a979307d708756c3f0f1c53a28883b665fda239019f32fc6f07d700d05023e9ef5b66d4b6be57ffd6fe39703fd4eed61535568f47ee51eff8290618e8387d0ba0d00c5bc4585d2d85688af46bb1da08bf42901634cb10e6b03ee276c16980090b59f3c57b428ae0a7ede758c781e2a5a8585e903adde0a0a281a7779a59067d82985655d9138b75042970e11aee4b95b8bcf232473767cca0139b2c2fb40045c6e031950c314015db2524c3f2fe941f249d158a44aa14774e61b2ee185bdfea8f317e440a39533c6db7ffd3c2b626c1e1e088bcebc59526b016cc6a0e4b766c3f00f619d366e5a4378bc15f805a6fb8c9400"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) [ 2065.153174][ T26] audit: type=1804 audit(1573258441.328:1100): pid=12748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1903/file0/file0" dev="loop4" ino=2679 res=1 00:14:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, 0x0) socket(0x0, 0x0, 0x0) accept$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) rt_sigsuspend(0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x2) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62160554]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000780)={"54abec7338595f275a2292c45ff078f1cbbf04241d1c3421ec9bf61b2221bc18246e74f0001e36735c2ad340bf94ad2a35cfc5d0953a3b2bfd41e2e051c6765447395415a9b05dffbe957e300168dc46f8377130fd28e50a805a6005ab6167da65430e3fcc214d7893c6d91026b5f5192f346a367dbc8ae5df0fd099b4e7a6dadd7f555b203f504eda86e0e8d8c5f319604db5a686750d03bf3a67210063e9a17ca0a1ccd80a7d57cb034b828b784b14c9e5dd70ca358c6819c3df7f4443dced6d9a56bb54eac6538cc61c5e9ef3bda9feeb62cbe4f0e1d1c7f6cbbcada85dbb247b0551773f0734e6f4733db49c22e497557c2f74bfa0e4af9b6228643f180d9f9e1e2bcdf0c35a5b8c388e728b574a066e190800db7b42573f534b8f60e8f756dc4d8dec7ad58b0474fc002851b265cc72099d43115828ac723e73009150fcf7196b4133e2988d4b0fc459e57293afef8837fa0d5d24b984a95cb4bdc48fc9c6e73ebee6b1a3239b2c0eef7c751ccb9f2dcdc3c69173db48df6b5d6e59e6465283de675a8d053e7f3abf86f43006a5a0c6225a589c12583e767b9d817f17bf690444a18e6f8a35b2cb4b60c191efbb16393560b568ee6c82bed918aa4a34b575ac9966b395aafa7fc3b7f467b484eb7d2617e0a240e8acbc2a7e02b650f7d1be52f462be20faa32dd88eb041e2c46b24ed7ab79c10f05296f5461f4ebda25dd7b9908da4be62b0871b169016fab8aae31c7ba45e5b30b7556a062999f43d2dbb9995d2d5de72ffe885bf6bce45caa470933c0906807da75cd38533d8f16d875452c543b259e78215011d2be638eab023513cfe0693d3107e17cfc87e038fc7d1db232d15307fe1d2a818d0a4bde2c53d221111ffa646514dd1fbd3c011b058f79c6fb0a31857ea309018bf72180a434611195c975cf5e285777231b6f158ecaf212183600379fe9762277c13cb6cde9cc0178b883fd1f210180e599f8eb33d33a9ff0f70db1de485b2f2434f2707bf9a54bb6aff687c515c430d5087f4d53a57adf7c97a06dcc61d7733a93dc505d57d8d5c83bf83e345a979307d708756c3f0f1c53a28883b665fda239019f32fc6f07d700d05023e9ef5b66d4b6be57ffd6fe39703fd4eed61535568f47ee51eff8290618e8387d0ba0d00c5bc4585d2d85688af46bb1da08bf42901634cb10e6b03ee276c16980090b59f3c57b428ae0a7ede758c781e2a5a8585e903adde0a0a281a7779a59067d82985655d9138b75042970e11aee4b95b8bcf232473767cca0139b2c2fb40045c6e031950c314015db2524c3f2fe941f249d158a44aa14774e61b2ee185bdfea8f317e440a39533c6db7ffd3c2b626c1e1e088bcebc59526b016cc6a0e4b766c3f00f619d366e5a4378bc15f805a6fb8c9400"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) [ 2065.321060][T12750] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:14:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2065.420600][T12750] FAT-fs (loop4): Filesystem has been set read-only [ 2065.431441][T12750] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:14:01 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() socket$nl_route(0x10, 0x3, 0x0) tkill(r2, 0x9) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r4, 0x0, 0xedc0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000140), 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xe0, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x100000, 0x0, 0x9}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1f, &(0x7f0000000000)=0x9, 0x4) 00:14:01 executing program 2: timer_create(0x4, 0x0, 0x0) 00:14:02 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:02 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfdfc) connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) socket(0x80000000000000a, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1f, 0x0, 0x0) 00:14:02 executing program 3: clone(0x3102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) futex(&(0x7f0000000540)=0x2, 0x0, 0x2, &(0x7f00000005c0)={0x0, 0x1c9c380}, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 00:14:02 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:02 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x5, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffc}]}) [ 2066.127335][ T26] audit: type=1804 audit(1573258442.298:1101): pid=12795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2051/file0" dev="sda1" ino=16527 res=1 00:14:02 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFBR(r0, 0x8940, 0x0) 00:14:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x0, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2066.455363][ T26] audit: type=1326 audit(1573258442.628:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12807 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45d05a code=0xffff0000 00:14:02 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000588ff8)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x1}) fcntl$lock(r0, 0x6, &(0x7f0000000180)) [ 2066.543635][ T26] audit: type=1326 audit(1573258442.658:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12807 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45d05a code=0xffff0000 00:14:02 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f00000004c0), 0x4) 00:14:02 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x129f0817) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000180), 0x4) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000040), 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 00:14:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x0, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:03 executing program 0: execveat(0xffffffffffffffff, &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x400) 00:14:03 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:03 executing program 2: shmat(0x0, &(0x7f000000d000/0x2000)=nil, 0x5800) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) ioctl$KVM_S390_UCAS_MAP(0xffffffffffffffff, 0x4018ae50, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) 00:14:03 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0xe, 0x800000000000004, 0x4, 0x8008, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 00:14:03 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:03 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) socket(0x80000000000000a, 0x0, 0x0) 00:14:03 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x0, 0x0, 0xfdfc) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1f, 0x0, 0x0) [ 2067.575877][T12870] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2067.675522][T12870] FAT-fs (loop4): Filesystem has been set read-only 00:14:03 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0xe, 0x800000000000004, 0x4, 0x8008, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 00:14:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x0, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) [ 2067.755383][T12870] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:14:04 executing program 3: [ 2067.976537][T12860] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2068.000120][T12860] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2068.010180][T12860] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2068.027412][T12860] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:04 executing program 3: 00:14:04 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:04 executing program 2: 00:14:04 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0xe, 0x800000000000004, 0x4, 0x8008, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 00:14:04 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:04 executing program 2: 00:14:04 executing program 3: 00:14:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:04 executing program 3: 00:14:04 executing program 2: 00:14:05 executing program 0: 00:14:05 executing program 3: 00:14:05 executing program 2: 00:14:05 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:05 executing program 0: 00:14:05 executing program 3: 00:14:05 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:05 executing program 2: 00:14:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:05 executing program 0: 00:14:05 executing program 3: 00:14:05 executing program 0: 00:14:05 executing program 2: 00:14:06 executing program 2: 00:14:06 executing program 3: [ 2069.982790][ T26] audit: type=1804 audit(1573258446.148:1104): pid=12957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1907/file0/file0" dev="sda1" ino=16945 res=1 00:14:06 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:06 executing program 0: 00:14:06 executing program 2: 00:14:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:06 executing program 3: 00:14:06 executing program 2: 00:14:06 executing program 0: 00:14:06 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:06 executing program 3: 00:14:06 executing program 2: 00:14:06 executing program 0: [ 2071.005115][ T26] audit: type=1804 audit(1573258447.178:1105): pid=12986 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1908/file0/file0" dev="loop4" ino=2685 res=1 00:14:07 executing program 0: 00:14:07 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:07 executing program 2: 00:14:07 executing program 3: [ 2071.265218][T12986] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2071.295746][T12986] FAT-fs (loop4): Filesystem has been set read-only [ 2071.349746][T12986] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:07 executing program 0: 00:14:07 executing program 2: 00:14:07 executing program 3: 00:14:07 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:07 executing program 2: 00:14:07 executing program 3: 00:14:07 executing program 2: 00:14:07 executing program 0: [ 2071.847667][ T26] audit: type=1804 audit(1573258448.018:1106): pid=13026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1909/file0/file0" dev="loop4" ino=2688 res=1 [ 2071.981571][T13028] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2072.038425][T13028] FAT-fs (loop4): Filesystem has been set read-only [ 2072.059653][T13028] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2072.120974][T13026] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2072.130329][T13026] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2072.140066][T13026] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2072.186506][T13026] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:08 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:08 executing program 3: 00:14:08 executing program 2: 00:14:08 executing program 0: 00:14:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:08 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:08 executing program 3: 00:14:08 executing program 2: 00:14:08 executing program 0: 00:14:08 executing program 2: 00:14:08 executing program 0: [ 2072.645317][ T26] audit: type=1804 audit(1573258448.818:1107): pid=13054 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1910/file0/file0" dev="sda1" ino=16942 res=1 00:14:08 executing program 3: 00:14:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:14:09 executing program 2: 00:14:09 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:09 executing program 0: 00:14:09 executing program 3: 00:14:09 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:09 executing program 3: 00:14:09 executing program 2: 00:14:09 executing program 0: 00:14:09 executing program 0: 00:14:09 executing program 3: 00:14:10 executing program 2: [ 2073.856074][ T26] audit: type=1804 audit(1573258450.028:1108): pid=13097 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1911/file0/file0" dev="loop4" ino=2691 res=1 [ 2073.963858][T13100] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2074.066497][T13100] FAT-fs (loop4): Filesystem has been set read-only [ 2074.092992][T13100] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:14:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, 0x0, 0x0, 0x11, 0x0, 0x0) 00:14:10 executing program 0: 00:14:10 executing program 1: unshare(0x2000400) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(0xffffffffffffffff, 0x2) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x1000000000016) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:10 executing program 2: 00:14:10 executing program 3: [ 2074.441182][T13097] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2074.519680][T13097] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:10 executing program 1: unshare(0x2000400) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(0xffffffffffffffff, 0x2) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x1000000000016) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:10 executing program 0: 00:14:10 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:10 executing program 3: 00:14:10 executing program 2: 00:14:11 executing program 2: 00:14:11 executing program 0: [ 2075.127541][ T26] audit: type=1804 audit(1573258451.298:1109): pid=13135 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1912/file0/file0" dev="sda1" ino=16954 res=1 00:14:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, 0x0, 0x0, 0x11, 0x0, 0x0) 00:14:11 executing program 3: 00:14:11 executing program 1: unshare(0x2000400) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(0xffffffffffffffff, 0x2) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x1000000000016) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:11 executing program 2: 00:14:11 executing program 0: 00:14:11 executing program 3: 00:14:11 executing program 2: 00:14:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:11 executing program 0: 00:14:11 executing program 3: 00:14:11 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:12 executing program 3: [ 2076.053961][ T26] audit: type=1804 audit(1573258452.228:1110): pid=13173 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1913/file0/file0" dev="loop4" ino=2694 res=1 [ 2076.149325][T13177] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2076.157739][T13177] FAT-fs (loop4): Filesystem has been set read-only [ 2076.164909][T13177] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2076.223674][T13173] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2076.232982][T13173] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2076.242415][T13173] FAT-fs (loop4): error, invalid access to FAT (entry 0x000008ff) [ 2076.250581][T13173] FAT-fs (loop4): error, invalid access to FAT (entry 0x000008ff) 00:14:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, 0x0, 0x0, 0x11, 0x0, 0x0) 00:14:12 executing program 2: 00:14:12 executing program 0: 00:14:12 executing program 3: 00:14:12 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:12 executing program 3: 00:14:12 executing program 0: 00:14:12 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:12 executing program 2: 00:14:12 executing program 0: 00:14:12 executing program 3: [ 2076.752285][ T26] audit: type=1804 audit(1573258452.928:1111): pid=13199 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1914/file0/file0" dev="sda1" ino=16524 res=1 00:14:13 executing program 2: 00:14:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0), 0x0, 0x11, 0x0, 0x0) 00:14:13 executing program 0: 00:14:13 executing program 3: 00:14:13 executing program 2: 00:14:13 executing program 3: 00:14:13 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockname$packet(r2, 0x0, &(0x7f0000001c80)) 00:14:13 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:13 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:13 executing program 0: 00:14:13 executing program 3: 00:14:13 executing program 2: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x4005ef3) fallocate(r0, 0x0, 0x0, 0x4005ef3) 00:14:14 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) mount(0x0, &(0x7f0000000300)='./bus\x00', &(0x7f0000000340)='tmpfs\x00', 0x0, &(0x7f0000000380)='trusted.overlay.redirect\x00') [ 2077.903214][ T26] audit: type=1804 audit(1573258454.078:1112): pid=13238 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1915/file0/file0" dev="sda1" ino=17473 res=1 [ 2078.026355][T13253] tmpfs: Unknown parameter 'trusted.overlay.redirect' 00:14:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0), 0x0, 0x11, 0x0, 0x0) 00:14:14 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x4}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0xc000040) syz_mount_image$nfs(0x0, 0x0, 0x2, 0x0, &(0x7f0000000340), 0x20018, &(0x7f0000000380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>\x9b\x94a\xac\xf8R?\x1c\xe2\xb5!\xfa\xcb\xd4\xb6\xe1_\xb4d>\xf6\xb7h\xb9Uql\b0x0}) ioctl$DRM_IOCTL_LOCK(r5, 0x4008642a, &(0x7f00000000c0)={r6}) ioctl$DRM_IOCTL_UNLOCK(r4, 0x4008642b, &(0x7f00000000c0)={r6, 0x1}) creat(0x0, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) fsetxattr$trusted_overlay_nlink(r7, &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U+', 0xffffffffffffffff}, 0x28, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) lstat(&(0x7f0000000500)='./bus\x00', &(0x7f0000000540)) ioctl$TIOCMIWAIT(r7, 0x545c, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) memfd_create(&(0x7f0000003380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>\x9b\x94a\xac\xf8R?\x1c\xe2\xb5!\xfa\xcb\xd4\xb6\xe1_\xb4d>\xf6\xb7h\xb9Uql\b0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0xc000040) syz_mount_image$nfs(0x0, 0x0, 0x2, 0x0, &(0x7f0000000340), 0x20018, &(0x7f0000000380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>\x9b\x94a\xac\xf8R?\x1c\xe2\xb5!\xfa\xcb\xd4\xb6\xe1_\xb4d>\xf6\xb7h\xb9Uql\b0x0}) ioctl$DRM_IOCTL_LOCK(r5, 0x4008642a, &(0x7f00000000c0)={r6}) ioctl$DRM_IOCTL_UNLOCK(r4, 0x4008642b, &(0x7f00000000c0)={r6, 0x1}) creat(0x0, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) fsetxattr$trusted_overlay_nlink(r7, &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U+', 0xffffffffffffffff}, 0x28, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) lstat(&(0x7f0000000500)='./bus\x00', &(0x7f0000000540)) ioctl$TIOCMIWAIT(r7, 0x545c, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) memfd_create(&(0x7f0000003380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>\x9b\x94a\xac\xf8R?\x1c\xe2\xb5!\xfa\xcb\xd4\xb6\xe1_\xb4d>\xf6\xb7h\xb9Uql\b0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0), 0x0, 0x11, 0x0, 0x0) [ 2079.287720][T13311] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 2079.296640][T13311] FAT-fs (loop4): Filesystem has been set read-only [ 2079.303984][T13311] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 0) [ 2079.425097][T13307] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2079.484295][T13307] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2079.520539][T13307] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2079.542389][T13307] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2079.564583][T13302] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF 00:14:15 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2079.604841][T13315] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2079.614094][T13315] FAT-fs (loop3): Filesystem has been set read-only [ 2079.621039][T13315] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) 00:14:15 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:16 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:16 executing program 1: unshare(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2080.131992][ T26] audit: type=1804 audit(1573258456.308:1115): pid=13334 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1857/file0/file0" dev="loop2" ino=2705 res=1 [ 2080.196989][T13339] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 2080.239165][T13336] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2080.279055][T13339] FAT-fs (loop4): Filesystem has been set read-only [ 2080.280013][T13336] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) 00:14:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b0", 0x27, 0x11, 0x0, 0x0) [ 2080.319845][T13339] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2080.354135][T13354] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:14:16 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2080.374372][ T26] audit: type=1804 audit(1573258456.548:1116): pid=13345 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2043/file0/file0" dev="loop0" ino=2708 res=1 [ 2080.406864][T13339] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 0) [ 2080.463754][T13336] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2080.543539][T13354] FAT-fs (loop2): Filesystem has been set read-only [ 2080.566010][T13336] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2080.629197][T13354] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2080.630109][T13348] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2080.640204][T13332] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2080.673456][ T26] audit: type=1804 audit(1573258456.848:1117): pid=13365 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2090/file0/file0" dev="loop3" ino=2711 res=1 00:14:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b0", 0x27, 0x11, 0x0, 0x0) [ 2080.718788][T13348] FAT-fs (loop0): Filesystem has been set read-only 00:14:17 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2080.768697][T13348] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2080.807338][T13334] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2080.845268][T13334] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2080.882059][T13370] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2080.926636][T13334] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2080.933956][T13370] FAT-fs (loop3): Filesystem has been set read-only [ 2080.942440][T13370] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2080.962295][T13334] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:17 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b0", 0x27, 0x11, 0x0, 0x0) 00:14:17 executing program 1: unshare(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2081.222423][T13365] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2081.247726][T13365] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2081.290152][T13365] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:17 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2081.326212][ T26] audit: type=1804 audit(1573258457.498:1118): pid=13386 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1858/file0/file0" dev="loop2" ino=2714 res=1 [ 2081.370375][T13365] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab", 0x3a, 0x11, 0x0, 0x0) [ 2081.608753][T13403] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:14:17 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2081.693517][T13403] FAT-fs (loop2): Filesystem has been set read-only [ 2081.730368][T13403] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2081.790185][T13386] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2081.827098][T13386] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab", 0x3a, 0x11, 0x0, 0x0) [ 2081.886412][T13386] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:18 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2081.935298][T13386] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:18 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2082.267234][T13419] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:14:18 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab", 0x3a, 0x11, 0x0, 0x0) [ 2082.312056][T13419] FAT-fs (loop3): Filesystem has been set read-only [ 2082.333154][T13435] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 2082.425555][T13419] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 2082.430068][T13435] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 0) [ 2082.434073][ T26] audit: type=1804 audit(1573258458.598:1119): pid=13430 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1919/file0/file0" dev="sda1" ino=17470 res=1 [ 2082.507255][T13419] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2082.561055][T13419] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 2082.637528][T13418] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 00:14:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b", 0x44, 0x11, 0x0, 0x0) 00:14:18 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:19 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2082.942286][T13453] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 2082.954664][T13445] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2083.024795][T13445] FAT-fs (loop2): Filesystem has been set read-only [ 2083.033239][T13445] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2083.046033][T13445] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2083.055363][T13445] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2083.117816][T13453] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF 00:14:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b", 0x44, 0x11, 0x0, 0x0) [ 2083.215536][T13453] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 0) [ 2083.240634][ T26] audit: type=1804 audit(1573258459.418:1120): pid=13464 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2092/file0/file0" dev="loop3" ino=2722 res=1 00:14:19 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:19 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2083.327299][T13444] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2083.357915][ T26] audit: type=1804 audit(1573258459.458:1121): pid=13470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2045/file0/file0" dev="loop0" ino=2723 res=1 00:14:19 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2083.496457][ T26] audit: type=1804 audit(1573258459.468:1122): pid=13466 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2045/file0/file0" dev="loop0" ino=2723 res=1 [ 2083.530304][T13470] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2083.532210][T13468] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b", 0x44, 0x11, 0x0, 0x0) [ 2083.564739][T13470] FAT-fs (loop0): Filesystem has been set read-only [ 2083.589313][T13470] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2083.600418][T13468] FAT-fs (loop3): Filesystem has been set read-only [ 2083.623135][T13468] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2083.644016][T13464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2083.697359][T13464] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2083.734529][ T26] audit: type=1804 audit(1573258459.908:1123): pid=13485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1920/file0" dev="sda1" ino=16930 res=1 [ 2083.790370][T13464] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2083.874918][T13464] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf74", 0x49, 0x11, 0x0, 0x0) [ 2083.957766][T13466] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2083.970580][T13466] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2083.982050][T13466] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2084.046370][T13466] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:20 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2084.104740][ T26] audit: type=1804 audit(1573258460.278:1124): pid=13497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1860/file0/file0" dev="sda1" ino=16522 res=1 00:14:20 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:20 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf74", 0x49, 0x11, 0x0, 0x0) 00:14:20 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf74", 0x49, 0x11, 0x0, 0x0) [ 2084.736192][ T26] audit: type=1804 audit(1573258460.908:1125): pid=13519 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2093/file0/file0" dev="sda1" ino=16930 res=1 [ 2084.831533][ T26] audit: type=1804 audit(1573258460.978:1126): pid=13525 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2046/file0/file0" dev="sda1" ino=17475 res=1 [ 2084.963741][ T26] audit: type=1804 audit(1573258461.138:1127): pid=13543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1921/file0/file0" dev="loop4" ino=2727 res=1 [ 2085.092638][T13543] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2085.106495][T13543] FAT-fs (loop4): Filesystem has been set read-only [ 2085.113980][T13543] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2085.130305][T13551] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:14:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec", 0x4b, 0x11, 0x0, 0x0) [ 2085.149516][T13551] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) 00:14:21 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:21 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:21 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec", 0x4b, 0x11, 0x0, 0x0) 00:14:22 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:22 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec", 0x4b, 0x11, 0x0, 0x0) [ 2085.993878][T13570] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2086.076809][T13570] FAT-fs (loop2): Filesystem has been set read-only [ 2086.113488][T13570] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2086.134783][T13569] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2086.168083][T13569] FAT-fs (loop4): Filesystem has been set read-only [ 2086.208387][T13569] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66", 0x4c, 0x11, 0x0, 0x0) [ 2086.338316][T13565] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2086.347714][T13565] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2086.356183][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 2086.356203][ T26] audit: type=1804 audit(1573258462.528:1131): pid=13594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2047/file0/file0" dev="sda1" ino=16689 res=1 00:14:22 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:22 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2086.412332][T13565] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2086.485379][T13565] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2086.488019][T13602] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2086.506738][T13602] FAT-fs (loop3): Filesystem has been set read-only [ 2086.522505][T13602] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66", 0x4c, 0x11, 0x0, 0x0) 00:14:22 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2086.778996][ T26] audit: type=1804 audit(1573258462.948:1132): pid=13620 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1923/file0/file0" dev="loop4" ino=2738 res=1 00:14:23 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66", 0x4c, 0x11, 0x0, 0x0) [ 2087.136294][T13620] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2087.174824][T13620] FAT-fs (loop4): Filesystem has been set read-only [ 2087.205815][ T26] audit: type=1804 audit(1573258463.378:1133): pid=13634 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1862/file0/file0" dev="loop2" ino=2741 res=1 [ 2087.258367][T13620] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:23 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2087.332335][T13634] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:14:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) [ 2087.389058][T13634] FAT-fs (loop2): Filesystem has been set read-only 00:14:23 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2087.445121][T13634] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) 00:14:23 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2087.492911][T13637] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2087.508950][ T26] audit: type=1804 audit(1573258463.678:1134): pid=13646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2095/file0/file0" dev="loop3" ino=2743 res=1 [ 2087.557136][T13637] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2087.643369][T13650] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2087.679394][T13650] FAT-fs (loop3): Filesystem has been set read-only [ 2087.717816][T13650] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2087.823816][T13646] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2087.846712][ T26] audit: type=1804 audit(1573258464.018:1135): pid=13668 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1924/file0/file0" dev="loop4" ino=2746 res=1 [ 2087.869699][T13646] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:24 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2087.952903][ T26] audit: type=1804 audit(1573258464.088:1136): pid=13664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2048/file0/file0" dev="sda1" ino=16769 res=1 [ 2087.979973][T13646] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2088.071403][T13646] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2088.084304][T13668] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2088.098369][T13668] FAT-fs (loop4): Filesystem has been set read-only [ 2088.113245][T13668] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:24 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:24 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) [ 2088.315057][ T26] audit: type=1804 audit(1573258464.488:1137): pid=13681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1863/file0/file0" dev="loop2" ino=2749 res=1 00:14:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) 00:14:24 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2088.639796][ T26] audit: type=1804 audit(1573258464.818:1138): pid=13694 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1925/file0/file0" dev="sda1" ino=16787 res=1 [ 2088.751258][ T26] audit: type=1804 audit(1573258464.908:1139): pid=13688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2096/file0/file0" dev="sda1" ino=16528 res=1 [ 2088.824407][T13681] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2088.880371][T13681] FAT-fs (loop2): Filesystem has been set read-only [ 2088.887275][T13681] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:25 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:25 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2089.364127][ T26] audit: type=1804 audit(1573258465.538:1140): pid=13713 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1864/file0/file0" dev="loop2" ino=2752 res=1 00:14:25 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) [ 2089.508752][T13723] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2089.544885][T13723] FAT-fs (loop2): Filesystem has been set read-only 00:14:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)=ANY=[]}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r2, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffd89}], 0x1}}], 0x1, 0x100, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x4d, 0x0, 0x0, 0x0) [ 2089.571687][T13723] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2089.593263][T13713] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2089.632058][T13719] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:14:25 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2089.695454][T13719] FAT-fs (loop0): Filesystem has been set read-only [ 2089.722831][T13713] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) 00:14:25 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2089.768540][T13719] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2089.784027][T13716] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2089.860357][T13716] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:26 executing program 2: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2089.928401][T13716] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2089.985238][T13716] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2090.127390][T13728] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2090.168973][T13728] FAT-fs (loop4): Filesystem has been set read-only [ 2090.183466][T13728] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:26 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:26 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8080fffffffe) [ 2090.372813][T13750] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2090.410254][T13750] FAT-fs (loop2): Filesystem has been set read-only [ 2090.467396][T13750] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:14:26 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:26 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:27 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2090.895759][T13772] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2090.986510][T13772] FAT-fs (loop0): Filesystem has been set read-only [ 2091.058416][T13772] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:14:27 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2091.148740][T13756] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2091.162388][T13756] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2091.165782][T13769] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2091.174223][T13756] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2091.179438][T13769] FAT-fs (loop5): Filesystem has been set read-only [ 2091.217080][T13769] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2091.303476][T13756] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:27 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:27 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2091.474366][T13783] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2091.493677][T13783] FAT-fs (loop2): Filesystem has been set read-only [ 2091.505845][T13783] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:14:27 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2091.538132][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 2091.538159][ T26] audit: type=1804 audit(1573258467.708:1149): pid=13788 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2098/file0/file0" dev="sda1" ino=16801 res=1 [ 2091.707137][T13780] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2091.748559][T13780] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2091.846493][T13780] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:28 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(0xffffffffffffffff, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2091.914726][T13780] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2092.012463][ T26] audit: type=1804 audit(1573258468.188:1150): pid=13801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2051/file0/file0" dev="loop0" ino=2771 res=1 [ 2092.136607][ T26] audit: type=1804 audit(1573258468.228:1151): pid=13797 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/1961/file0/file0" dev="sda1" ino=16485 res=1 00:14:28 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:28 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(0xffffffffffffffff, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2092.247458][T13819] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2092.278552][T13819] FAT-fs (loop0): Filesystem has been set read-only [ 2092.341729][T13819] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:14:28 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(0xffffffffffffffff, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:28 executing program 3: pipe(&(0x7f0000000000)) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2092.503640][T13801] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2092.526097][T13801] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2092.587554][T13801] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2092.629253][T13801] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:28 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:29 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:14:29 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2092.964197][ T26] audit: type=1804 audit(1573258469.138:1152): pid=13835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2099/file0/file0" dev="loop3" ino=2774 res=1 [ 2093.032222][T13835] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:29 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2093.073328][T13835] FAT-fs (loop3): Filesystem has been set read-only [ 2093.101993][T13835] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:29 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2093.319639][T13846] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2093.391881][T13846] FAT-fs (loop4): Filesystem has been set read-only [ 2093.434836][T13846] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2093.684219][ T26] audit: type=1804 audit(1573258469.858:1153): pid=13866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2100/file0/file0" dev="loop3" ino=2778 res=1 00:14:30 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:30 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2093.853775][T13869] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2093.884819][T13869] FAT-fs (loop3): Filesystem has been set read-only 00:14:30 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2093.924265][T13869] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2093.942843][T13866] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2093.958663][T13866] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2093.986815][T13866] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2094.005624][T13866] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:30 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:30 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2094.565831][T13879] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:14:30 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2094.616840][T13879] FAT-fs (loop4): Filesystem has been set read-only [ 2094.668942][T13879] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2094.730569][ T26] audit: type=1804 audit(1573258470.908:1154): pid=13891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2101/file0/file0" dev="sda1" ino=16786 res=1 00:14:31 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2094.992548][T13899] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2095.035829][T13899] FAT-fs (loop0): Filesystem has been set read-only [ 2095.062710][T13899] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2095.107876][ T26] audit: type=1804 audit(1573258471.278:1155): pid=13905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/1963/file0/file0" dev="loop5" ino=2784 res=1 [ 2095.138748][T13894] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:14:31 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2095.170858][T13894] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2095.250099][T13905] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2095.299030][T13905] FAT-fs (loop5): Filesystem has been set read-only [ 2095.317631][T13905] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) 00:14:31 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:31 executing program 5: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:14:31 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:31 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2095.591109][T13917] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2095.640642][T13917] FAT-fs (loop4): Filesystem has been set read-only [ 2095.655073][T13917] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) 00:14:32 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2096.095378][T13925] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2096.143496][T13925] FAT-fs (loop2): Filesystem has been set read-only [ 2096.168674][T13925] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2096.196881][T13929] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2096.217088][ T26] audit: type=1804 audit(1573258472.388:1156): pid=13947 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2102/file0/file0" dev="loop3" ino=2793 res=1 [ 2096.225879][T13929] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2096.306004][T13940] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:14:32 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:14:32 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2096.348231][T13933] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2096.363010][T13940] FAT-fs (loop0): Filesystem has been set read-only [ 2096.394071][T13940] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2096.404619][T13933] FAT-fs (loop5): Filesystem has been set read-only [ 2096.404845][T13953] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2096.420109][T13936] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2096.431229][T13936] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2096.440104][T13933] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 970769) [ 2096.509033][T13953] FAT-fs (loop3): Filesystem has been set read-only [ 2096.525676][T13953] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:32 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2096.613124][T13947] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:32 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2096.691014][T13947] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2096.721742][T13947] FAT-fs (loop3): error, invalid access to FAT (entry 0x000006ff) 00:14:32 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2096.741617][T13947] FAT-fs (loop3): error, invalid access to FAT (entry 0x000006ff) 00:14:33 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:33 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2096.989047][ T26] audit: type=1804 audit(1573258473.168:1157): pid=13965 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1870/file0/file0" dev="sda1" ino=16528 res=1 00:14:33 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2097.188557][T13959] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2097.258412][T13959] FAT-fs (loop4): Filesystem has been set read-only [ 2097.352188][T13959] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2097.361265][ T26] audit: type=1804 audit(1573258473.528:1158): pid=13974 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2055/file0/file0" dev="loop0" ino=2797 res=1 00:14:33 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2097.492430][T13974] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2097.519720][T13974] FAT-fs (loop0): Filesystem has been set read-only 00:14:33 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2097.560521][ T26] audit: type=1804 audit(1573258473.738:1159): pid=13985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2103/file0/file0" dev="loop3" ino=2800 res=1 [ 2097.592427][T13974] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2097.661899][ T26] audit: type=1804 audit(1573258473.768:1160): pid=13982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/1965/file0/file0" dev="sda1" ino=17137 res=1 00:14:33 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:34 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2097.794520][T13993] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:34 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:34 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2097.901747][T13993] FAT-fs (loop3): Filesystem has been set read-only [ 2097.973351][T13993] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2098.098027][T14007] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:14:34 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2098.218755][T14007] FAT-fs (loop4): Filesystem has been set read-only [ 2098.308497][T13985] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2098.376663][ T26] audit: type=1804 audit(1573258474.548:1161): pid=14020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1871/file0/file0" dev="loop2" ino=2804 res=1 [ 2098.412134][T14007] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970769) [ 2098.439071][T13985] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2098.554763][ T26] audit: type=1804 audit(1573258474.728:1162): pid=14030 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/1966/file0/file0" dev="sda1" ino=17057 res=1 [ 2098.583250][T14024] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:14:34 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2098.627926][T14036] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2098.637001][T14024] FAT-fs (loop2): Filesystem has been set read-only [ 2098.665145][T14024] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2098.686105][T14036] FAT-fs (loop0): Filesystem has been set read-only [ 2098.740304][T14036] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2098.757312][T14020] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:35 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2098.808988][T14020] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2098.826688][T14020] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2098.837487][T14020] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2098.884898][T14027] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2098.941422][T14027] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2098.983428][T14027] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:35 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2099.037983][ T26] audit: type=1804 audit(1573258475.208:1163): pid=14052 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1934/file0" dev="sda1" ino=17075 res=1 [ 2099.045605][T14027] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:35 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:35 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2099.482568][ T26] audit: type=1804 audit(1573258475.658:1164): pid=14057 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1872/file0/file0" dev="sda1" ino=16984 res=1 00:14:36 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2100.028764][ T26] audit: type=1804 audit(1573258476.198:1165): pid=14071 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/1967/file0/file0" dev="sda1" ino=16564 res=1 00:14:36 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2100.218083][ T26] audit: type=1804 audit(1573258476.388:1166): pid=14078 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1935/file0" dev="sda1" ino=16978 res=1 00:14:36 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:37 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2100.847895][T14085] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2100.928941][T14085] FAT-fs (loop3): Filesystem has been set read-only [ 2100.935835][T14085] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:37 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:37 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2101.149754][T14083] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2101.169749][T14083] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2101.178461][T14100] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2101.193387][T14100] FAT-fs (loop2): Filesystem has been set read-only [ 2101.212964][T14083] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2101.245357][T14100] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2101.307037][T14083] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2101.367795][T14109] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2101.403184][T14109] FAT-fs (loop0): Filesystem has been set read-only 00:14:37 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2101.420592][T14109] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:14:37 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2101.744561][T14096] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:38 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2101.788469][T14096] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2101.873868][T14096] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2101.895873][T14096] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:38 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2102.102697][T14128] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2102.117083][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 2102.117183][ T26] audit: type=1804 audit(1573258478.288:1171): pid=14126 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1874/file0" dev="sda1" ino=16996 res=1 [ 2102.167474][T14128] FAT-fs (loop3): Filesystem has been set read-only [ 2102.187352][T14128] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) 00:14:38 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:38 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2102.415862][T14120] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2102.454190][T14120] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2102.501417][T14120] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2102.537738][T14120] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2102.747182][T14147] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:14:39 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2102.823946][T14147] FAT-fs (loop0): Filesystem has been set read-only [ 2102.875606][T14147] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2103.045491][T14132] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2103.072380][T14132] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2103.095231][T14132] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2103.115100][T14148] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2103.143307][ T26] audit: type=1804 audit(1573258479.318:1172): pid=14152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2107/file0" dev="sda1" ino=16985 res=1 [ 2103.179561][T14132] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2103.202997][T14148] FAT-fs (loop5): Filesystem has been set read-only [ 2103.225435][T14148] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) 00:14:39 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:39 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:39 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2103.383399][T14145] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2103.409316][T14145] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 970771) [ 2103.481283][T14145] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2103.553282][T14145] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:39 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2103.742930][ T26] audit: type=1804 audit(1573258479.918:1173): pid=14163 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1938/file0/file0" dev="sda1" ino=16988 res=1 00:14:40 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:14:40 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:40 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:40 executing program 0: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000588ff8)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000040)) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x2, 0x0, 0x8, 0x73b}) [ 2104.873611][ T26] audit: type=1804 audit(1573258481.048:1174): pid=14195 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1939/file0/file0" dev="loop4" ino=2830 res=1 [ 2105.057074][T14195] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2105.062945][T14186] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2105.127326][T14195] FAT-fs (loop4): Filesystem has been set read-only 00:14:41 executing program 5: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x1420000a77, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001800110300000000000000000a200000000000000000000014000500fe80"], 0x1}}, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) write$P9_RLERROR(r1, &(0x7f0000000080)={0xa, 0x7, 0x0, {0x1, '\xde'}}, 0xa) 00:14:41 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r1 = dup(r0) connect$unix(r1, &(0x7f0000006780)=@file={0x0, './bus\x00'}, 0x6e) [ 2105.201385][T14195] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2105.216377][T14186] FAT-fs (loop3): Filesystem has been set read-only [ 2105.224225][ T26] audit: type=1804 audit(1573258481.398:1175): pid=14204 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2061/file0/file0" dev="loop0" ino=2833 res=1 [ 2105.277106][T14186] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 2105.394847][T14206] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2105.423890][T14199] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2105.433081][T14206] FAT-fs (loop0): Filesystem has been set read-only [ 2105.446731][T14206] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2105.476261][T14199] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2105.489650][T14199] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:14:41 executing program 2: creat(&(0x7f0000000040)='./file0\x00', 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) creat(&(0x7f0000000140)='./file0\x00', 0x0) 00:14:41 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="cc000000240007051700"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006e6574656d0000004c000200000000000000000000000000000000d703c94913f0f87a340c000d000000000000000000240005001a0001000000000000000b0000000000000000000c00030000000000000000000000010068742200000000000007030500000000007eff02000300000000000000000000000000000000008d1300000500000000000000050000000000000002000300000000000000000000000000000000000000000005000000000000000200030000000000000000000000001e00be0fe54043dc13dafc5aede4d6f8b352e1123c7aecd57de1a8e1dc8d26ea4aa0404fb8d32054815fc85689905a782aef00001000000000e06b10a820beb6e891b404226ad5823db68aa52ec04f012cbafcc67438ec00"/311], 0xcc}}, 0x0) r3 = socket(0x10, 0x800000000080002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$caif_stream(0x25, 0x1, 0x0) [ 2105.518495][T14199] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:41 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2105.598572][T14204] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2105.669096][T14204] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2105.689922][T14228] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2105.704231][T14204] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2105.767433][T14204] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:42 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="cc000000240007051700"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006e6574656d0000004c000200000000000000000000000000000000d703c94913f0f87a340c000d000000000000000000240005001a0001000000000000000b0000000000000000000c00030000000000000000000000010068742200000000000007030500000000007eff02000300000000000000000000000000000000008d1300000500000000000000050000000000000002000300000000000000000000000000000000000000000005000000000000000200030000000000000000000000001e00be0fe54043dc13dafc5aede4d6f8b352e1123c7aecd57de1a8e1dc8d26ea4aa0404fb8d32054815fc85689905a782aef00001000000000e06b10a820beb6e891b404226ad5823db68aa52ec04f012cbafcc67438ec00"/311], 0xcc}}, 0x0) r3 = socket(0x10, 0x800000000080002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$caif_stream(0x25, 0x1, 0x0) 00:14:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$netlink(0x10, 0x3, 0x0) syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{@jqfmt_vfsold='jqfmt=vfsold'}]}) [ 2105.925464][ T26] audit: type=1804 audit(1573258482.098:1176): pid=14232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1940/file0/file0" dev="loop4" ino=2836 res=1 [ 2105.996768][T14239] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.3'. 00:14:42 executing program 0: socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2800, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x649}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000000), 0x200) ftruncate(r0, 0x800799c) mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0) [ 2106.146067][T14243] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "" [ 2106.239230][T14249] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "" [ 2106.298226][T14232] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2106.332293][T14232] FAT-fs (loop4): Filesystem has been set read-only [ 2106.348615][T14232] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:43 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:43 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = add_key(&(0x7f0000000080)='user\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='V', 0x1, 0xfffffffffffffffe) request_key(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)='+\x00', r3) 00:14:43 executing program 2: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000d00)=ANY=[@ANYRESOCT], 0xfe08) splice(r0, 0x0, r2, 0x0, 0x30005, 0x0) 00:14:43 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$packet(0x11, 0x2000100000000a, 0x300) recvmsg(r1, &(0x7f0000000340)={&(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x0, @local}, 0x10) 00:14:43 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:43 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0) [ 2107.918905][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2107.924779][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2107.930629][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2107.936418][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2107.942388][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2107.948165][ C0] protocol 88fb is buggy, dev hsr_slave_1 00:14:44 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400400, 0x0, 0x1, 0x9}, 0x20) 00:14:44 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2800, 0x0, 0x10cda2f3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x40, &(0x7f0000000140)={'trans=unix,', {[], [{@fowner_eq={'fowner'}}, {@obj_type={'obj_type', 0x3d, 'user\x00'}}]}}) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0) r0 = memfd_create(&(0x7f0000000000), 0x200) ftruncate(r0, 0x800799c) mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0) [ 2108.084109][ T26] audit: type=1804 audit(1573258484.258:1177): pid=14277 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1941/file0/file0" dev="sda1" ino=17496 res=1 00:14:44 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r3, 0x0, 0xedc0) socket$inet_udp(0x2, 0x2, 0x0) 00:14:44 executing program 3: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0) 00:14:44 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) symlinkat(0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) unshare(0x40600) write$binfmt_script(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="01232cc4ae07682503beeb63634ee770f0546ad7eeeab9"], 0x17) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 00:14:44 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f0000000040)) 00:14:47 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:47 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00 \x00\x00\x00'], 0x8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) dup2(r2, r0) 00:14:47 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:47 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) unshare(0x40600) write$binfmt_script(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="01"], 0x1) 00:14:47 executing program 2: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0) 00:14:47 executing program 3: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0) 00:14:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') [ 2111.142256][ T26] audit: type=1804 audit(1573258487.318:1178): pid=14335 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1942/file0/file0" dev="sda1" ino=17514 res=1 00:14:47 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) unshare(0x40600) write$binfmt_script(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="01"], 0x1) 00:14:47 executing program 5: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, 0x0, 0x0) 00:14:48 executing program 5: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0) 00:14:48 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00 \x00\x00\x00'], 0x8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) dup2(r2, r0) 00:14:48 executing program 4: syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2112.317074][ T26] audit: type=1804 audit(1573258488.488:1179): pid=14367 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1943/file0/file0" dev="loop4" ino=2839 res=1 [ 2112.406413][T14372] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2112.441821][T14372] FAT-fs (loop4): Filesystem has been set read-only [ 2112.442091][T14367] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2112.458456][T14367] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2112.463724][T14372] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2112.479475][T14367] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2112.493837][T14367] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:50 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:50 executing program 3: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0) 00:14:50 executing program 2: r0 = dup(0xffffffffffffffff) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000440)=0x2) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') getgroups(0x0, 0x0) getgroups(0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000100)=[@sack_perm], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x200080, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x4000000) r3 = dup2(r2, r0) sendmsg$TIPC_NL_BEARER_GET(r3, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000510}, 0xc, &(0x7f0000000300)={&(0x7f0000000700)={0x170, 0x0, 0x202, 0x70bd27, 0x0, {}, [@TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8483}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffb}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x81}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x4}, @TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1f}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x8000}, 0x8904) mknodat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r8, 0x5452, &(0x7f0000b28000)=0x6) fcntl$setsig(r8, 0xa, 0x12) poll(&(0x7f0000000040)=[{r9}], 0x1, 0xffbffff6) 00:14:50 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x0, 0x0) 00:14:50 executing program 4: syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:50 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="25bca274769e620aa734fa0095e0612687463915e38802a9d8aea872943afd874e2f98b46dfd70e370146d0e02f8e63ba8863cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000280)={[{@data_err_abort='data_err=abort'}]}) [ 2114.128710][T14386] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities 00:14:50 executing program 0: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) [ 2114.217498][ T26] audit: type=1804 audit(1573258490.388:1180): pid=14383 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1944/file0/file0" dev="sda1" ino=17531 res=1 00:14:50 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000001c0)="25bca274769e620aa734fa0095e0612687463915e38802a9d8aea872943afd874e2f98b46dfd70e370146d0e02f8e63ba8863cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000280)={[{@data_err_abort='data_err=abort'}]}) 00:14:50 executing program 0: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000400)=ANY=[@ANYBLOB="020300021b0000000200000000000000"], 0x10}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x400006a, 0x0) [ 2114.683472][T14412] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities 00:14:50 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000a00)=[{{&(0x7f00000000c0)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 00:14:51 executing program 5: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x8001}) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x62000}], 0x300, 0x0) 00:14:51 executing program 2: r0 = dup(0xffffffffffffffff) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000440)=0x2) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') getgroups(0x0, 0x0) getgroups(0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000100)=[@sack_perm], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x200080, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x4000000) r3 = dup2(r2, r0) sendmsg$TIPC_NL_BEARER_GET(r3, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000510}, 0xc, &(0x7f0000000300)={&(0x7f0000000700)={0x170, 0x0, 0x202, 0x70bd27, 0x0, {}, [@TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8483}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffb}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x81}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x4}, @TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1f}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x8000}, 0x8904) mknodat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0, 0x0) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r8, 0x5452, &(0x7f0000b28000)=0x6) fcntl$setsig(r8, 0xa, 0x12) poll(&(0x7f0000000040)=[{r9}], 0x1, 0xffbffff6) 00:14:53 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:53 executing program 4: syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:53 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffa0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x21a, 0x0, 0x59, 0x0, 0x1d7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x800000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 00:14:53 executing program 3: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x80000000, 0x0) 00:14:53 executing program 5: r0 = socket(0x0, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) connect$inet6(r1, &(0x7f0000000380)={0xa, 0x4e24, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1a}}}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 00:14:53 executing program 2: ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000180)=""/166, 0xa6) [ 2117.272688][ T26] audit: type=1804 audit(1573258493.448:1181): pid=14446 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1945/file0/file0" dev="sda1" ino=16833 res=1 00:14:53 executing program 2: open(0x0, 0x200280, 0x203) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x1, 0x9, 0x0, 0x8}]}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000300)}], 0x1) r0 = socket$netlink(0x10, 0x3, 0x8000000004) syz_open_dev$dri(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d6000/0x1000)=nil) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='environ\x00[\xaaZ\xaf\xc0\x8c\xaa\xaf\xc1DP\xf0_\'\xaf\xeb\x19s\xf3\xafp\xcam\x14\x9cR\x8d\xefh\xbb\xca\xfc\xdeF4\xbbc\x93\xae\xbf\xe6\x7fJL]\xb7\xc0#;,F\xc2\xc8\x93<\x0f7\xe4\x01\xc0\xa6#\x82\x02\xcdT\x02l\x80\xff\xf8\xd8YQL\x06\xdexu!\xb32$\x04&e\\^\xe0nZ') preadv(r1, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) writev(r0, &(0x7f0000000000), 0x0) r2 = syz_open_dev$dri(0x0, 0x0, 0x0) dup(r2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) read$usbmon(0xffffffffffffffff, &(0x7f00000001c0)=""/21, 0x15) setsockopt$sock_timeval(r0, 0x1, 0x57, 0x0, 0x0) 00:14:53 executing program 0: clone(0x2102005ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() tkill(r0, 0xb) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r2, 0x709}, 0x14}}, 0x0) sched_setattr(0x0, 0x0, 0x0) 00:14:53 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) mount(0x0, &(0x7f0000000300)='./bus\x00', &(0x7f0000000340)='tmpfs\x00', 0x0, 0x0) 00:14:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000040)={0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x445a}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)) 00:14:54 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:54 executing program 2: r0 = socket$packet(0x11, 0x2000100000000a, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000000)=[{0x80000006}]}, 0x10) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r2, &(0x7f0000000d00)=ANY=[@ANYRESOCT], 0xfe08) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x30005, 0x0) [ 2118.378949][ T26] audit: type=1804 audit(1573258494.548:1182): pid=14496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1946/file0/file0" dev="loop4" ino=2843 res=1 [ 2118.505479][T14502] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2118.528941][T14502] FAT-fs (loop4): Filesystem has been set read-only [ 2118.535628][T14502] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2118.586917][T14496] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2118.605913][T14496] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2118.615217][T14496] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2118.625265][T14496] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:14:56 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:56 executing program 3: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x7, 0x1, {0xb, @sdr={0x0, 0xffffffff}}}) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x7, 0x1, {0xb, @sdr={0x0, 0xffffffff}}}) 00:14:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/pfkey\x00', 0x8040, 0x0) 00:14:56 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'gre0\x00', 0xf00}) 00:14:56 executing program 5: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000240)='h', 0x1) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xa5776b) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) dup(0xffffffffffffffff) splice(r0, 0x0, r2, 0x0, 0x10002, 0x0) pipe(0x0) 00:14:56 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:56 executing program 2: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x4014) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000000)) 00:14:56 executing program 3: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x7, 0x1, {0xb, @sdr={0x0, 0xffffffff}}}) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x7, 0x1, {0xb, @sdr={0x0, 0xffffffff}}}) 00:14:56 executing program 0: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000500)='sysfs\x00', 0x0, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') [ 2120.357806][ T26] audit: type=1804 audit(1573258496.528:1183): pid=14509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1947/file0/file0" dev="sda1" ino=17016 res=1 00:14:56 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, &(0x7f0000000680)) 00:14:56 executing program 2: pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000001200)=ANY=[@ANYBLOB='/'], 0x1) write(r1, &(0x7f0000000080)="24e8eb65f83abe9dcdc88fb9908ec0b909db5dd94de9d22d398dedf6a519ed357576466b07d258bc1baa5b1ea9ee899742f7c945868169907405d0930d291eb3be1f1a1a4ea3a15a706dcbec9d8ed6d49a762c7fe2b0f73e4760426f317cabb9d85fe25ea79c48aa7b8296e62634a9b218ac2d772a8a59f85e47deea", 0x55234523) read(r0, &(0x7f0000000200)=""/250, 0x50c7e5e2) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') sendfile(r1, r3, 0x0, 0x80000001) 00:14:56 executing program 0: syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x21a, 0x0, 0x59, 0x0, 0x1d7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x800000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 00:14:59 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:14:59 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$join(0x1, &(0x7f0000000240)={'syz', 0x1}) 00:14:59 executing program 0: 00:14:59 executing program 5: 00:14:59 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:14:59 executing program 2: 00:14:59 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pkey_free(0xffffffffffffffff) 00:14:59 executing program 2: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(0x0) 00:14:59 executing program 0: syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x21a, 0x0, 0x59, 0x0, 0x1d7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x800000) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) [ 2123.462676][ T26] audit: type=1804 audit(1573258499.638:1184): pid=14562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1948/file0/file0" dev="sda1" ino=17008 res=1 00:14:59 executing program 3: 00:14:59 executing program 5: 00:14:59 executing program 3: 00:15:02 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:02 executing program 2: 00:15:02 executing program 5: 00:15:02 executing program 0: syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x21a, 0x0, 0x59, 0x0, 0x1d7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x800000) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) 00:15:02 executing program 3: 00:15:02 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:02 executing program 5: 00:15:02 executing program 3: [ 2126.524102][ T26] audit: type=1804 audit(1573258502.698:1185): pid=14609 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1949/file0/file0" dev="loop4" ino=2846 res=1 00:15:02 executing program 2: [ 2126.648303][T14609] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2126.669282][T14609] FAT-fs (loop4): Filesystem has been set read-only [ 2126.689101][T14609] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) 00:15:03 executing program 0: syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x21a, 0x0, 0x59, 0x0, 0x1d7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x800000) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) 00:15:03 executing program 3: 00:15:03 executing program 5: [ 2126.963631][T14606] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2127.001781][T14606] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:15:03 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:03 executing program 2: [ 2127.039768][T14606] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:15:03 executing program 3: [ 2127.091324][T14606] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:15:03 executing program 0: syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x21a, 0x0, 0x59, 0x0, 0x1d7}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x800000) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) 00:15:03 executing program 3: 00:15:03 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:03 executing program 5: 00:15:03 executing program 2: 00:15:03 executing program 5: 00:15:03 executing program 3: 00:15:03 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) unshare(0x40600) gettid() write$binfmt_script(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="01232cc4ae07682503beeb63634ee770f0546ad7eeeab9372ef634f8a8f35343db0e291231655a0b21e0119c74662d1dff14f3b3a08602714b051ef8aca48e365fedd0d05c536e4e51a37ff45af8a5a54cf30eeb5da73aace9599d5a4d928f1c76278ad3432daa2cf86ffa9dff8226401098e72b631c0ccbec97e63039e6d95a2dd6a7924a3984b0b0c3e6338178b446db720c07a0a14d4a0d4615390c0175b5c7cc78098b0ba29a35d600000000000000"], 0xb1) timer_create(0x0, &(0x7f0000000000), &(0x7f0000000040)) 00:15:04 executing program 3: [ 2127.790981][ T26] audit: type=1804 audit(1573258503.968:1186): pid=14651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1950/file0/file0" dev="sda1" ino=17201 res=1 00:15:04 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:04 executing program 5: 00:15:04 executing program 0: 00:15:04 executing program 3: 00:15:04 executing program 2: 00:15:04 executing program 0: 00:15:04 executing program 3: 00:15:04 executing program 5: 00:15:04 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:04 executing program 2: 00:15:04 executing program 5: 00:15:04 executing program 3: [ 2128.850686][ T26] audit: type=1804 audit(1573258505.028:1187): pid=14693 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1951/file0/file0" dev="loop4" ino=2849 res=1 [ 2128.950958][T14700] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2128.959095][T14700] FAT-fs (loop4): Filesystem has been set read-only [ 2128.965819][T14700] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2128.997074][T14693] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2129.006343][T14693] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2129.019587][T14693] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2129.031622][T14693] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:15:05 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:05 executing program 0: 00:15:05 executing program 2: 00:15:05 executing program 5: 00:15:05 executing program 3: 00:15:05 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:05 executing program 0: 00:15:05 executing program 3: 00:15:05 executing program 5: 00:15:05 executing program 2: [ 2129.384512][ T26] audit: type=1804 audit(1573258505.558:1188): pid=14709 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1952/file0/file0" dev="loop4" ino=2852 res=1 00:15:05 executing program 0: [ 2129.556736][T14722] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2129.589008][T14722] FAT-fs (loop4): Filesystem has been set read-only 00:15:05 executing program 2: [ 2129.609529][T14722] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2129.863493][T14709] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2129.879512][T14709] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2129.897861][T14709] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2129.907890][T14709] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:15:06 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:06 executing program 3: 00:15:06 executing program 5: 00:15:06 executing program 0: 00:15:06 executing program 2: 00:15:06 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:06 executing program 5: 00:15:06 executing program 3: 00:15:06 executing program 0: 00:15:06 executing program 2: [ 2130.359260][ T26] audit: type=1804 audit(1573258506.538:1189): pid=14741 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1953/file0/file0" dev="loop4" ino=2855 res=1 00:15:06 executing program 5: [ 2130.515220][T14754] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2130.532060][T14754] FAT-fs (loop4): Filesystem has been set read-only 00:15:06 executing program 3: [ 2130.560874][T14754] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000500) [ 2130.791582][T14741] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2130.813383][T14741] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) [ 2130.839315][T14741] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2130.853090][T14741] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 970771) 00:15:07 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:07 executing program 2: 00:15:07 executing program 0: 00:15:07 executing program 5: 00:15:07 executing program 3: 00:15:07 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:07 executing program 0: 00:15:07 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_genetlink_get_family_id$team(0x0) open(0x0, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) pipe2(0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) creat(0x0, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r3}]]}}}]}, 0x38}}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400400, 0x0, 0x1, 0x9}, 0x20) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400400, 0x0, 0x1, 0x9}, 0x20) 00:15:07 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc), 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r2, 0x0, 0xedc0) 00:15:07 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setfsgid(0x0) [ 2131.363836][ T26] audit: type=1804 audit(1573258507.538:1190): pid=14770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1954/file0/file0" dev="sda1" ino=17538 res=1 00:15:07 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000100)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @empty, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 00:15:07 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_genetlink_get_family_id$team(0x0) open(0x0, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) pipe2(0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) creat(0x0, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r3}]]}}}]}, 0x38}}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400400, 0x0, 0x1, 0x9}, 0x20) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400400, 0x0, 0x1, 0x9}, 0x20) [ 2131.732899][T14800] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2131.752385][T14800] sit: non-ECT from 0.0.0.0 with TOS=0x3 [ 2131.759327][T14800] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. 00:15:08 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:08 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:08 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc), 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r2, 0x0, 0xedc0) 00:15:08 executing program 5: syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:08 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000100)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @empty, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 00:15:08 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:08 executing program 0: syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2132.390501][ T26] audit: type=1804 audit(1573258508.568:1191): pid=14814 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1910/file0/file0" dev="sda1" ino=17556 res=1 00:15:08 executing program 3: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2132.484998][ T26] audit: type=1804 audit(1573258508.598:1192): pid=14812 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2003/file0/file0" dev="sda1" ino=17551 res=1 [ 2132.934572][ T26] audit: type=1804 audit(1573258509.108:1193): pid=14843 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2092/file0/file0" dev="sda1" ino=17473 res=1 00:15:09 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2133.071721][ T26] audit: type=1804 audit(1573258509.248:1194): pid=14852 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2141/file0/file0" dev="sda1" ino=17063 res=1 00:15:09 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:09 executing program 5: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:09 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:15:09 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2133.680190][ T26] audit: type=1804 audit(1573258509.858:1195): pid=14871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1956/file0" dev="sda1" ino=16528 res=1 [ 2134.031811][ T26] audit: type=1804 audit(1573258510.208:1196): pid=14879 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2004/file0/file0" dev="sda1" ino=17045 res=1 00:15:10 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:10 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2134.279288][T14870] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2134.351308][T14870] FAT-fs (loop0): Filesystem has been set read-only [ 2134.410267][T14870] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) 00:15:10 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:11 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:15:11 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r3, r3, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2134.866396][ T26] audit: type=1804 audit(1573258511.038:1197): pid=14905 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1957/file0/file0" dev="sda1" ino=17560 res=1 00:15:11 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:15:11 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2135.625504][T14937] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:15:11 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:15:11 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:11 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2135.709529][T14937] FAT-fs (loop0): Filesystem has been set read-only [ 2135.747990][T14937] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2135.815967][T14923] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2135.869495][T14915] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2135.891674][T14923] FAT-fs (loop5): Filesystem has been set read-only [ 2135.916651][T14915] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2135.925678][T14923] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 970769) [ 2135.945255][T14915] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2135.972702][T14915] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970771) [ 2136.039733][ T26] audit: type=1804 audit(1573258512.218:1198): pid=14943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1958/file0" dev="sda1" ino=17564 res=1 00:15:12 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:12 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:12 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r2, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2136.614128][T14946] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2136.642761][T14946] FAT-fs (loop3): Filesystem has been set read-only [ 2136.789218][T14946] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 2136.804366][T14954] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2136.845745][T14954] FAT-fs (loop2): Filesystem has been set read-only [ 2136.871384][T14954] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2136.884177][T14972] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) 00:15:13 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2136.902286][T14972] FAT-fs (loop5): Filesystem has been set read-only [ 2136.922057][T14972] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) 00:15:13 executing program 5: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:13 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:13 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) [ 2137.174550][ T26] audit: type=1804 audit(1573258513.348:1199): pid=14984 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1959/file0" dev="sda1" ino=17565 res=1 00:15:13 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(0x0, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2137.711899][ T26] audit: type=1804 audit(1573258513.888:1200): pid=14997 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2007/file0" dev="sda1" ino=17067 res=1 [ 2137.964685][T15002] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2137.983497][T15002] FAT-fs (loop2): Filesystem has been set read-only 00:15:14 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', 0x0, 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2138.008163][T15002] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) 00:15:14 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 00:15:14 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:14 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2138.278785][ T26] audit: type=1804 audit(1573258514.448:1201): pid=15023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1960/file0" dev="sda1" ino=17068 res=1 00:15:14 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:15 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:15 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:15 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2139.381304][T15052] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 2139.390038][T15052] FAT-fs (loop5): Filesystem has been set read-only [ 2139.453260][T15052] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 0) [ 2139.455689][T15062] FAT-fs (loop4): bogus number of reserved sectors [ 2139.542683][T15062] FAT-fs (loop4): Can't find a valid FAT filesystem [ 2139.551798][T15050] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF 00:15:15 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:15 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2139.647879][ T26] audit: type=1804 audit(1573258515.818:1202): pid=15060 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1961/file0/file0" dev="sda1" ino=17043 res=1 00:15:16 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:16 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2140.233322][T15090] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:15:16 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2140.338920][T15090] FAT-fs (loop2): Filesystem has been set read-only [ 2140.347661][ T26] audit: type=1804 audit(1573258516.518:1203): pid=15082 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2009/file0/file0" dev="sda1" ino=17058 res=1 [ 2140.379202][T15090] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:15:16 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2140.608350][T15103] FAT-fs (loop4): bogus number of reserved sectors [ 2140.628896][T15103] FAT-fs (loop4): Can't find a valid FAT filesystem 00:15:16 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2140.661848][T15105] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2140.696778][T15105] FAT-fs (loop3): Filesystem has been set read-only 00:15:16 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2140.711866][ T26] audit: type=1804 audit(1573258516.888:1204): pid=15100 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1962/file0/file0" dev="sda1" ino=17045 res=1 [ 2140.717657][T15105] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2140.882678][T15093] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2140.939664][T15093] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) [ 2140.958677][T15093] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970771) 00:15:17 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2140.992505][T15093] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970771) 00:15:17 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2141.270802][ T26] audit: type=1804 audit(1573258517.448:1205): pid=15112 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2010/file0/file0" dev="sda1" ino=17584 res=1 [ 2141.377361][T15120] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2141.409109][T15120] FAT-fs (loop2): Filesystem has been set read-only 00:15:17 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:17 executing program 5: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2141.434997][T15120] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2141.638406][T15143] FAT-fs (loop4): bogus number of reserved sectors [ 2141.673384][T15143] FAT-fs (loop4): Can't find a valid FAT filesystem 00:15:17 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2141.757420][ T26] audit: type=1804 audit(1573258517.928:1206): pid=15147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1963/file0/file0" dev="sda1" ino=17574 res=1 [ 2141.905349][T15150] FAT-fs (loop5): bogus number of reserved sectors [ 2141.990066][T15150] FAT-fs (loop5): Can't find a valid FAT filesystem 00:15:18 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:18 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2142.498443][ T26] audit: type=1804 audit(1573258518.668:1207): pid=15159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1918/file0/file0" dev="sda1" ino=17586 res=1 00:15:18 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2142.570841][T15174] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 2142.594994][T15174] FAT-fs (loop0): Filesystem has been set read-only 00:15:18 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2142.648994][T15174] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 0) 00:15:18 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:18 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2142.742620][T15171] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2142.848927][T15180] FAT-fs (loop4): bogus number of reserved sectors 00:15:19 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2000000000f, &(0x7f0000f10000)=0x5, 0x4) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00f0", 0x4d}], 0x1) [ 2142.913556][T15180] FAT-fs (loop4): Can't find a valid FAT filesystem 00:15:19 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:19 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:19 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2143.875314][ T26] audit: type=1804 audit(1573258520.048:1208): pid=15218 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2101/file0/file0" dev="loop0" ino=2883 res=1 [ 2143.901374][T15225] FAT-fs (loop4): bogus number of reserved sectors [ 2143.918682][T15225] FAT-fs (loop4): Can't find a valid FAT filesystem [ 2143.971405][T15218] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) [ 2144.000425][T15218] FAT-fs (loop0): Filesystem has been set read-only 00:15:20 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:20 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:20 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2144.010072][ T26] audit: type=1804 audit(1573258520.188:1209): pid=15225 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1965/file0/file0" dev="sda1" ino=17208 res=1 [ 2144.043392][T15218] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000500) 00:15:20 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:20 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:21 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2144.781440][ T26] audit: type=1804 audit(1573258520.958:1210): pid=15251 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2102/file0/file0" dev="loop0" ino=2886 res=1 00:15:21 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2144.925753][ T26] audit: type=1804 audit(1573258520.958:1211): pid=15245 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2149/file0/file0" dev="sda1" ino=17592 res=1 [ 2144.973780][T15251] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2144.983056][T15251] FAT-fs (loop0): Filesystem has been set read-only [ 2144.994203][ T26] audit: type=1804 audit(1573258521.088:1212): pid=15258 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1920/file0/file0" dev="sda1" ino=17207 res=1 [ 2145.024143][T15251] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2145.045450][T15260] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2145.060681][T15269] FAT-fs (loop4): bogus number of reserved sectors [ 2145.067471][T15260] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) 00:15:21 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2145.076533][T15269] FAT-fs (loop4): Can't find a valid FAT filesystem [ 2145.153264][ T26] audit: type=1804 audit(1573258521.328:1213): pid=15273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1966/file0/file0" dev="sda1" ino=17044 res=1 00:15:21 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 00:15:21 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2145.522391][ T26] audit: type=1804 audit(1573258521.698:1214): pid=15276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2014/file0/file0" dev="loop5" ino=2888 res=1 00:15:21 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2145.702267][ T26] audit: type=1804 audit(1573258521.878:1215): pid=15285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1921/file0/file0" dev="sda1" ino=17066 res=1 [ 2145.756517][T15276] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2145.793224][T15276] FAT-fs (loop5): Filesystem has been set read-only [ 2145.818480][T15276] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 970769) [ 2145.875022][T15279] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:15:22 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:22 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2146.031791][T15279] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 970769) [ 2146.052107][ T26] audit: type=1804 audit(1573258522.218:1216): pid=15296 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2103/file0/file0" dev="sda1" ino=16525 res=1 00:15:22 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) [ 2146.202088][T15306] FAT-fs (loop4): bogus number of reserved sectors 00:15:22 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2146.265085][T15306] FAT-fs (loop4): Can't find a valid FAT filesystem [ 2146.394633][ T26] audit: type=1804 audit(1573258522.568:1217): pid=15313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1967/file0/file0" dev="sda1" ino=17219 res=1 00:15:22 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, 0x0, 0x0) 00:15:22 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2146.973774][T15330] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2146.991432][T15330] FAT-fs (loop5): Filesystem has been set read-only [ 2147.009316][T15330] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) 00:15:23 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:23 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:23 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:23 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2147.334644][T15345] FAT-fs (loop4): bogus number of reserved sectors [ 2147.420312][T15345] FAT-fs (loop4): Can't find a valid FAT filesystem 00:15:23 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, 0x0, 0x0) 00:15:24 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:24 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2148.361210][T15386] FAT-fs (loop4): bogus number of reserved sectors [ 2148.454423][T15386] FAT-fs (loop4): Can't find a valid FAT filesystem 00:15:24 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:24 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:24 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, 0x0, 0x0) 00:15:24 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2149.068745][T15396] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 2149.114254][T15396] FAT-fs (loop5): Filesystem has been set read-only [ 2149.139332][T15396] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 0) [ 2149.151861][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 2149.151888][ T26] audit: type=1804 audit(1573258525.328:1223): pid=15405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2105/file0/file0" dev="loop0" ino=2895 res=1 [ 2149.265822][T15394] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF 00:15:25 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2149.360838][T15405] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2149.397859][T15405] FAT-fs (loop0): Filesystem has been set read-only [ 2149.449551][T15405] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2149.457034][T15414] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) 00:15:25 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2149.493790][T15414] FAT-fs (loop3): Filesystem has been set read-only [ 2149.500129][T15407] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2149.504896][T15414] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2149.519442][T15414] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 0) [ 2149.536206][T15412] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2149.551312][T15421] FAT-fs (loop4): bogus number of reserved sectors [ 2149.581511][T15421] FAT-fs (loop4): Can't find a valid FAT filesystem 00:15:25 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2149.584982][T15407] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2149.612318][T15412] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 2149.675350][T15412] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:15:25 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0), 0x1c) [ 2149.729025][T15412] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 970769) [ 2149.884417][T15411] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 00:15:26 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) 00:15:26 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2150.103603][T15429] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2150.154737][T15429] FAT-fs (loop5): Filesystem has been set read-only [ 2150.167744][T15440] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2150.176807][T15429] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2150.264855][T15440] FAT-fs (loop2): Filesystem has been set read-only [ 2150.320877][ T26] audit: type=1804 audit(1573258526.498:1224): pid=15448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2106/file0/file0" dev="loop0" ino=2905 res=1 [ 2150.347136][T15440] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) 00:15:26 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2150.494441][T15436] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2150.515428][T15448] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:15:26 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2150.538477][T15436] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2150.547373][T15448] FAT-fs (loop0): Filesystem has been set read-only [ 2150.554883][T15448] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2150.578375][T15436] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970771) [ 2150.592545][T15436] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970771) [ 2150.623591][ T26] audit: type=1804 audit(1573258526.778:1225): pid=15455 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir160767152/syzkaller.qdKy3f/2153/file0/file0" dev="loop3" ino=2907 res=1 [ 2150.727347][T15455] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2150.759164][T15472] FAT-fs (loop4): bogus number of reserved sectors [ 2150.766941][T15455] FAT-fs (loop3): Filesystem has been set read-only 00:15:26 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2150.769322][T15472] FAT-fs (loop4): Can't find a valid FAT filesystem 00:15:27 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2150.805878][T15455] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000500) [ 2150.814328][ T26] audit: type=1804 audit(1573258526.988:1226): pid=15466 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1971/file0/file0" dev="sda1" ino=16913 res=1 00:15:27 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0), 0x1c) [ 2150.928094][ T26] audit: type=1804 audit(1573258527.098:1227): pid=15463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2019/file0/file0" dev="loop5" ino=2910 res=1 [ 2150.995496][T15463] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2151.003553][T15463] FAT-fs (loop5): Filesystem has been set read-only [ 2151.087318][T15463] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) 00:15:27 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2151.281022][ T26] audit: type=1804 audit(1573258527.458:1228): pid=15478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2107/file0/file0" dev="sda1" ino=17010 res=1 00:15:27 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0), 0x1c) 00:15:27 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2151.563224][ T26] audit: type=1804 audit(1573258527.738:1229): pid=15488 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1925/file0/file0" dev="loop2" ino=2913 res=1 00:15:27 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2151.851171][T15488] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2151.887193][ T26] audit: type=1804 audit(1573258528.058:1230): pid=15508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir042571702/syzkaller.JczqPZ/2020/file0/file0" dev="loop5" ino=2915 res=1 [ 2151.915700][T15488] FAT-fs (loop2): Filesystem has been set read-only [ 2151.971037][T15488] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) 00:15:28 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2152.043291][T15518] FAT-fs (loop4): bogus number of reserved sectors [ 2152.064820][T15518] FAT-fs (loop4): Can't find a valid FAT filesystem [ 2152.105575][ T26] audit: type=1804 audit(1573258528.278:1231): pid=15516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1972/file0/file0" dev="sda1" ino=16947 res=1 [ 2152.113211][T15511] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2152.143460][T15511] FAT-fs (loop5): Filesystem has been set read-only [ 2152.179442][T15511] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) 00:15:28 executing program 2: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2152.430851][ T26] audit: type=1804 audit(1573258528.598:1232): pid=15524 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2108/file0/file0" dev="loop0" ino=2918 res=1 00:15:28 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:28 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x3b2625ba) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x41) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f00000000c0), 0x1c) [ 2152.586926][T15524] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2152.619257][T15524] FAT-fs (loop0): Filesystem has been set read-only [ 2152.644466][T15524] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2152.654352][T15534] FAT-fs (loop2): bogus number of reserved sectors 00:15:28 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2152.688158][T15534] FAT-fs (loop2): Can't find a valid FAT filesystem 00:15:29 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:29 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2153.048298][T15558] FAT-fs (loop4): bogus number of reserved sectors [ 2153.108504][T15558] FAT-fs (loop4): Can't find a valid FAT filesystem [ 2153.442083][T15568] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2153.477814][T15568] FAT-fs (loop0): Filesystem has been set read-only [ 2153.510769][T15568] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2153.565795][T15566] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:15:29 executing program 1: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2153.613740][T15566] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) 00:15:30 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:30 executing program 2: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:30 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:30 executing program 3: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) 00:15:30 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2154.272824][T15589] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2154.289137][T15589] FAT-fs (loop0): Filesystem has been set read-only [ 2154.308280][T15589] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2154.315218][T15597] FAT-fs (loop4): bogus number of reserved sectors [ 2154.334465][T15597] FAT-fs (loop4): Can't find a valid FAT filesystem [ 2154.363931][T15582] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2154.389028][T15582] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2154.470114][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 2154.470141][ T26] audit: type=1804 audit(1573258530.648:1238): pid=15594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir686201060/syzkaller.Q3hKCb/1974/file0/file0" dev="sda1" ino=16897 res=1 [ 2154.605744][ T26] audit: type=1804 audit(1573258530.778:1239): pid=15588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir845259677/syzkaller.QvkTpd/1927/file0/file0" dev="loop2" ino=2924 res=1 00:15:30 executing program 0: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2154.805464][T15592] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 00:15:31 executing program 1: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2154.895061][T15592] FAT-fs (loop2): Filesystem has been set read-only [ 2154.907844][T15592] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) [ 2154.931248][T15588] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2154.945534][T15588] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 970769) 00:15:31 executing program 5: pipe(&(0x7f0000000000)) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fchdir(0xffffffffffffffff) r4 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r4, r4, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2155.150155][ T26] audit: type=1804 audit(1573258531.328:1240): pid=15622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir159454216/syzkaller.GWLBTj/2111/file0/file0" dev="loop0" ino=2926 res=1 [ 2155.309558][T15632] ================================================================== [ 2155.316020][T15622] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2155.317757][T15632] BUG: KCSAN: data-race in __mark_inode_dirty / writeback_single_inode [ 2155.335192][T15632] [ 2155.337546][T15632] write to 0xffff888125aafa90 of 8 bytes by task 15622 on cpu 0: [ 2155.345299][T15632] writeback_single_inode+0x214/0x310 [ 2155.350711][T15632] sync_inode_metadata+0x74/0xa0 00:15:31 executing program 4: ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340), 0xc, 0x0}, 0x800) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e15194cf5d912e2249d01df969730978d73e59162f3bcae3b0000000d008801cf03"], 0x15) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f"], 0x56) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) [ 2155.355755][T15632] __generic_file_fsync+0x122/0x190 [ 2155.360970][T15632] fat_file_fsync+0x58/0x120 [ 2155.365671][T15632] vfs_fsync_range+0x82/0x150 [ 2155.370370][T15632] generic_file_write_iter+0x318/0x390 [ 2155.375842][T15632] do_iter_readv_writev+0x487/0x5b0 [ 2155.381056][T15632] do_iter_write+0x13b/0x3c0 [ 2155.385673][T15632] vfs_iter_write+0x5c/0x80 [ 2155.390189][T15632] iter_file_splice_write+0x4c0/0x7f0 [ 2155.395593][T15632] direct_splice_actor+0xa0/0xc0 [ 2155.400547][T15632] splice_direct_to_actor+0x215/0x510 [ 2155.404967][T15622] FAT-fs (loop0): Filesystem has been set read-only [ 2155.405956][T15632] do_splice_direct+0x161/0x1e0 [ 2155.405989][T15632] do_sendfile+0x384/0x7f0 [ 2155.422000][T15632] __x64_sys_sendfile64+0xbe/0x140 [ 2155.427125][T15632] do_syscall_64+0xcc/0x370 [ 2155.431671][T15632] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2155.437567][T15632] [ 2155.439919][T15632] read to 0xffff888125aafa90 of 8 bytes by task 15632 on cpu 1: [ 2155.447569][T15632] __mark_inode_dirty+0xb8/0x940 [ 2155.452544][T15632] fat_update_time+0x1ac/0x1c0 [ 2155.457310][T15632] touch_atime+0x172/0x190 [ 2155.461740][T15632] generic_file_splice_read+0x4e7/0x500 [ 2155.467293][T15632] do_splice_to+0xf2/0x130 [ 2155.471271][T15622] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 970769) [ 2155.471735][T15632] splice_direct_to_actor+0x1a1/0x510 [ 2155.485434][T15632] do_splice_direct+0x161/0x1e0 [ 2155.490339][T15632] do_sendfile+0x384/0x7f0 [ 2155.494775][T15632] __x64_sys_sendfile64+0xbe/0x140 [ 2155.500479][T15632] do_syscall_64+0xcc/0x370 [ 2155.505003][T15632] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2155.510896][T15632] [ 2155.513223][T15632] Reported by Kernel Concurrency Sanitizer on: [ 2155.519497][T15632] CPU: 1 PID: 15632 Comm: syz-executor.0 Not tainted 5.4.0-rc6+ #0 [ 2155.527395][T15632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2155.537453][T15632] ================================================================== [ 2155.545545][T15632] Kernel panic - not syncing: panic_on_warn set ... [ 2155.552156][T15632] CPU: 1 PID: 15632 Comm: syz-executor.0 Not tainted 5.4.0-rc6+ #0 [ 2155.560164][T15632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2155.570221][T15632] Call Trace: [ 2155.573546][T15632] dump_stack+0xf5/0x159 [ 2155.577815][T15632] panic+0x210/0x640 [ 2155.581734][T15632] ? vprintk_func+0x8d/0x140 [ 2155.586347][T15632] kcsan_report.cold+0xc/0xe [ 2155.591012][T15632] kcsan_setup_watchpoint+0x3fe/0x410 [ 2155.596484][T15632] __tsan_read8+0x145/0x1f0 [ 2155.600994][T15632] __mark_inode_dirty+0xb8/0x940 [ 2155.605948][T15632] ? fat_truncate_time+0x207/0x2e0 [ 2155.611089][T15632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2155.617411][T15632] fat_update_time+0x1ac/0x1c0 [ 2155.622366][T15632] ? __read_once_size.constprop.0+0x20/0x20 [ 2155.628288][T15632] touch_atime+0x172/0x190 [ 2155.632743][T15632] generic_file_splice_read+0x4e7/0x500 [ 2155.638496][T15632] do_splice_to+0xf2/0x130 [ 2155.642929][T15632] ? add_to_pipe+0x1a0/0x1a0 [ 2155.647559][T15632] ? add_to_pipe+0x1a0/0x1a0 [ 2155.652182][T15632] splice_direct_to_actor+0x1a1/0x510 [ 2155.657571][T15632] ? generic_pipe_buf_nosteal+0x20/0x20 [ 2155.663135][T15632] do_splice_direct+0x161/0x1e0 [ 2155.668278][T15632] do_sendfile+0x384/0x7f0 [ 2155.672732][T15632] __x64_sys_sendfile64+0xbe/0x140 [ 2155.678050][T15632] do_syscall_64+0xcc/0x370 [ 2155.682583][T15632] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2155.688495][T15632] RIP: 0033:0x45a219 [ 2155.692411][T15632] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2155.712023][T15632] RSP: 002b:00007fe1e80f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2155.720886][T15632] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219 [ 2155.728873][T15632] RDX: 00000000200001c0 RSI: 0000000000000006 RDI: 0000000000000006 [ 2155.737099][T15632] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2155.745332][T15632] R10: 00008080fffffffe R11: 0000000000000246 R12: 00007fe1e80f86d4 [ 2155.753317][T15632] R13: 00000000004c7f94 R14: 00000000004de3b0 R15: 00000000ffffffff [ 2155.763200][T15632] Kernel Offset: disabled [ 2155.767535][T15632] Rebooting in 86400 seconds..