x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:05 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="100000000600"/15, 0xf}]) [ 1641.964081][T29563] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:05 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:05 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x0, 0x0) 15:18:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5416, &(0x7f0000000000)={0x13}) 15:18:05 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x46c, 0x0, 0x369e5d84) [ 1642.162283][ T26] audit: type=1804 audit(1567610285.264:80): pid=29675 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3577/file0/file0" dev="loop2" ino=554 res=1 15:18:05 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="100000000600"/15, 0xf}]) 15:18:05 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) [ 1642.224758][T29676] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:05 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:05 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x0, 0x0) 15:18:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5418, &(0x7f0000000000)={0x13}) [ 1642.384207][ T26] audit: type=1804 audit(1567610285.484:81): pid=29788 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3578/file0/file0" dev="loop2" ino=555 res=1 15:18:05 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x46d, 0x0, 0x369e5d84) 15:18:05 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1642.455470][T29795] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:05 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x0, 0x0) 15:18:05 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x541d, &(0x7f0000000000)={0x13}) 15:18:05 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) [ 1642.624206][ T26] audit: type=1804 audit(1567610285.724:82): pid=29901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3579/file0/file0" dev="loop2" ino=556 res=1 15:18:05 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x46e, 0x0, 0x369e5d84) 15:18:05 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1642.707248][T29908] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:05 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x541e, &(0x7f0000000000)={0x13}) 15:18:05 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x0, &(0x7f0000000440)) [ 1642.879105][T30019] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:06 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x46f, 0x0, 0x369e5d84) [ 1642.934825][ T26] audit: type=1804 audit(1567610286.034:83): pid=30027 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3580/file0/file0" dev="loop2" ino=558 res=1 15:18:06 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x0, &(0x7f0000000440)) 15:18:06 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:06 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x541f, &(0x7f0000000000)={0x13}) 15:18:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1643.116940][T30100] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:06 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x0, &(0x7f0000000440)) 15:18:06 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x470, 0x0, 0x369e5d84) 15:18:06 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) fallocate(0xffffffffffffffff, 0x3, 0x0, 0x369e5d84) [ 1643.294089][T30307] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5421, &(0x7f0000000000)={0x13}) 15:18:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:06 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) [ 1643.487073][T30409] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:06 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x1, &(0x7f0000000440)=[0x0]) 15:18:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5423, &(0x7f0000000000)={0x13}) 15:18:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:06 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x471, 0x0, 0x369e5d84) 15:18:06 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) fallocate(0xffffffffffffffff, 0x3, 0x0, 0x369e5d84) [ 1643.629822][T30568] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:06 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x1, &(0x7f0000000440)=[0x0]) 15:18:06 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(0x0, 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5424, &(0x7f0000000000)={0x13}) 15:18:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:07 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) fallocate(0xffffffffffffffff, 0x3, 0x0, 0x369e5d84) 15:18:07 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x472, 0x0, 0x369e5d84) 15:18:07 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x1, &(0x7f0000000440)=[0x0]) 15:18:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5425, &(0x7f0000000000)={0x13}) 15:18:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:07 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(0x0, 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:07 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)="100000000600"/16, 0x10}]) 15:18:07 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:07 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x473, 0x0, 0x369e5d84) 15:18:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5427, &(0x7f0000000000)={0x13}) 15:18:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:07 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)="100000000600"/16, 0x10}]) 15:18:07 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(0x0, 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:07 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:07 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x474, 0x0, 0x369e5d84) 15:18:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5428, &(0x7f0000000000)={0x13}) 15:18:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:07 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r0, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)="100000000600"/16, 0x10}]) 15:18:08 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:08 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:08 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5437, &(0x7f0000000000)={0x13}) 15:18:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:08 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x475, 0x0, 0x369e5d84) 15:18:08 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:08 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5441, &(0x7f0000000000)={0x13}) 15:18:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:08 executing program 5 (fault-call:2 fault-nth:0): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1645.465704][T31684] FAULT_INJECTION: forcing a failure. [ 1645.465704][T31684] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.480725][T31684] CPU: 0 PID: 31684 Comm: syz-executor.5 Not tainted 5.3.0-rc7 #0 [ 1645.489265][T31684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1645.499335][T31684] Call Trace: [ 1645.502633][T31684] dump_stack+0x172/0x1f0 [ 1645.506971][T31684] should_fail.cold+0xa/0x15 [ 1645.512858][T31684] ? fault_create_debugfs_attr+0x180/0x180 [ 1645.518656][T31684] ? page_to_nid.part.0+0x20/0x20 [ 1645.523667][T31684] ? ___might_sleep+0x163/0x280 [ 1645.528506][T31684] __should_failslab+0x121/0x190 [ 1645.533441][T31684] should_failslab+0x9/0x14 [ 1645.538037][T31684] kmem_cache_alloc+0x2aa/0x710 [ 1645.542875][T31684] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1645.549102][T31684] ? _copy_from_user+0x12c/0x1a0 [ 1645.554029][T31684] io_submit_one+0x10f/0x2ef0 [ 1645.558704][T31684] ? perf_trace_lock_acquire+0xf5/0x530 [ 1645.564357][T31684] ? aio_poll_complete_work+0xfb0/0xfb0 [ 1645.569900][T31684] __x64_sys_io_submit+0x1bd/0x570 [ 1645.574997][T31684] ? __x64_sys_io_submit+0x1bd/0x570 [ 1645.580270][T31684] ? __ia32_sys_io_destroy+0x420/0x420 [ 1645.585712][T31684] ? __ia32_sys_read+0xb0/0xb0 [ 1645.590557][T31684] ? switch_fpu_return+0x1fa/0x4f0 [ 1645.595657][T31684] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1645.601724][T31684] ? trace_hardirqs_off_caller+0x65/0x230 [ 1645.607434][T31684] do_syscall_64+0xfd/0x6a0 [ 1645.611941][T31684] ? do_syscall_64+0xfd/0x6a0 [ 1645.616609][T31684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1645.622493][T31684] RIP: 0033:0x459879 [ 1645.626383][T31684] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1645.645970][T31684] RSP: 002b:00007f5ab8b0bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 1645.654379][T31684] RAX: ffffffffffffffda RBX: 00007f5ab8b0bc90 RCX: 0000000000459879 15:18:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1645.662340][T31684] RDX: 0000000020000440 RSI: 0000000000000001 RDI: 00007f5ab8aeb000 [ 1645.670296][T31684] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1645.678252][T31684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5ab8b0c6d4 [ 1645.686219][T31684] R13: 00000000004c0c79 R14: 00000000004d3d00 R15: 0000000000000004 15:18:08 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5450, &(0x7f0000000000)={0x13}) 15:18:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:09 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:09 executing program 0: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:09 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x476, 0x0, 0x369e5d84) 15:18:09 executing program 5 (fault-call:2 fault-nth:1): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5451, &(0x7f0000000000)={0x13}) 15:18:09 executing program 0: mkdir(0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0x60, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:09 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x477, 0x0, 0x369e5d84) [ 1646.158788][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 1646.158800][ T26] audit: type=1804 audit(1567610289.254:90): pid=32236 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3588/file0/file0" dev="sda1" ino=18630 res=1 15:18:09 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:09 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x2, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5452, &(0x7f0000000000)={0x13}) 15:18:09 executing program 0: mkdir(0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:09 executing program 0: mkdir(0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x3, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1646.506385][ T26] audit: type=1804 audit(1567610289.604:91): pid=32374 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3589/file0/file0" dev="loop2" ino=561 res=1 15:18:09 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x2, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:09 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:09 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x478, 0x0, 0x369e5d84) 15:18:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x545d, &(0x7f0000000000)={0x13}) 15:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x5, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:09 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x4, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x6, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:09 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:09 executing program 0: syz_mount_image$vfat(0x0, &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1646.863034][ T26] audit: type=1804 audit(1567610289.964:92): pid=32527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3590/file0/file0" dev="loop2" ino=564 res=1 15:18:10 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x479, 0x0, 0x369e5d84) 15:18:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5460, &(0x7f0000000000)={0x13}) 15:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x25, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x9, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:10 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x60, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:10 executing program 0: syz_mount_image$vfat(0x0, &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0xc, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x6364, &(0x7f0000000000)={0x13}) [ 1647.227625][ T26] audit: type=1804 audit(1567610290.324:93): pid=368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3591/file0" dev="sda1" ino=16728 res=1 15:18:10 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x48a, 0x0, 0x369e5d84) 15:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x300, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:10 executing program 0: syz_mount_image$vfat(0x0, &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x300, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x386, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:10 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) [ 1647.442705][ T26] audit: type=1804 audit(1567610290.544:94): pid=522 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3592/file0/file0" dev="loop2" ino=565 res=1 15:18:10 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x48b, 0x0, 0x369e5d84) 15:18:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x8912, &(0x7f0000000000)={0x13}) 15:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x3b4, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x2, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:10 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', 0x0, 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x2f00, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x8933, &(0x7f0000000000)={0x13}) 15:18:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x3, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1647.791481][ T26] audit: type=1804 audit(1567610290.894:95): pid=850 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3593/file0/file0" dev="sda1" ino=18230 res=1 15:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x18cd0a, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:10 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', 0x0, 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:11 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x48c, 0x0, 0x369e5d84) 15:18:11 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x400454ca, &(0x7f0000000000)={0x13}) 15:18:11 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x4, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', 0x0, 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1648.125408][ T26] audit: type=1804 audit(1567610291.224:96): pid=1082 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3594/file0/file0" dev="sda1" ino=18636 res=1 15:18:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x40049409, &(0x7f0000000000)={0x13}) 15:18:11 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x48d, 0x0, 0x369e5d84) 15:18:11 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x5, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:11 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) [ 1648.415519][ T1380] FAT-fs (loop0): bogus number of reserved sectors [ 1648.429105][ T1380] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1648.487779][ T26] audit: type=1804 audit(1567610291.584:97): pid=1429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3595/file0/file0" dev="loop2" ino=566 res=1 15:18:11 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1ffffa, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x4020940d, &(0x7f0000000000)={0x13}) 15:18:11 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x7, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:11 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x48e, 0x0, 0x369e5d84) 15:18:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1648.705359][ T1536] FAT-fs (loop0): bogus number of reserved sectors [ 1648.721728][ T1536] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1648.729320][ T26] audit: type=1804 audit(1567610291.824:98): pid=1539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3596/file0/file0" dev="loop2" ino=569 res=1 15:18:11 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x48f, 0x0, 0x369e5d84) 15:18:11 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x8, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x80045432, &(0x7f0000000000)={0x13}) 15:18:12 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x490, 0x0, 0x369e5d84) [ 1648.927093][ T26] audit: type=1804 audit(1567610292.024:99): pid=1746 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3597/file0/file0" dev="loop2" ino=570 res=1 15:18:12 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) [ 1649.035079][ T1750] FAT-fs (loop0): bogus number of reserved sectors [ 1649.055574][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1649.057392][ T1750] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:12 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0xc, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1649.084083][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x7ffffff2, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x80045440, &(0x7f0000000000)={0x13}) 15:18:12 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:12 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x491, 0x0, 0x369e5d84) 15:18:12 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x38, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x7ffffff8, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1649.459952][ T1989] FAT-fs (loop0): bogus number of reserved sectors [ 1649.482364][ T1989] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:12 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x300, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:12 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x492, 0x0, 0x369e5d84) 15:18:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x800454d2, &(0x7f0000000000)={0x13}) 15:18:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x7ffffff9, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:12 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:12 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0xffffff1f, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:12 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x500, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:12 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x493, 0x0, 0x369e5d84) 15:18:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x80086301, &(0x7f0000000000)={0x13}) 15:18:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0xffffc90000000000, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1649.903593][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1649.937192][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:13 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x494, 0x0, 0x369e5d84) 15:18:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x700, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1649.949281][ T2323] FAT-fs (loop0): bogus number of reserved sectors [ 1649.956523][ T2323] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x3, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0xc0045878, &(0x7f0000000000)={0x13}) 15:18:13 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:13 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x2f, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0xc00, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:13 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x495, 0x0, 0x369e5d84) 15:18:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0xc0045878, &(0x7f0000000000)={0x13}) 15:18:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x30, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1650.299917][ T2656] FAT-fs (loop0): bogus number of reserved sectors [ 1650.333098][ T2656] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x3800, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:13 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x25f2, 0x0, 0x369e5d84) 15:18:13 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0xc0189436, &(0x7f0000000000)={0x13}) 15:18:13 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x60, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x4000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1650.627807][ T2888] FAT-fs (loop0): bogus number of reserved sectors [ 1650.666734][ T2888] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x90, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:13 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:13 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x25f5, 0x0, 0x369e5d84) 15:18:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x1000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0xc020660b, &(0x7f0000000000)={0x13}) 15:18:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x10a, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1650.941141][ T3123] FAT-fs (loop0): bogus number of reserved sectors [ 1650.947751][ T3123] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:14 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x2642, 0x0, 0x369e5d84) 15:18:14 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x2000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1651.163831][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 1651.163845][ T26] audit: type=1804 audit(1567610294.264:108): pid=3397 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3606/file0/file0" dev="loop2" ino=581 res=1 [ 1651.225847][ T3396] FAT-fs (loop0): bogus number of reserved sectors [ 1651.234419][ T3396] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:14 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x11}) 15:18:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x123, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:14 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1fffff, 0x0, 0x369e5d84) 15:18:14 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x3000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x127, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1651.399670][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1651.411256][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1651.509995][ T3574] FAT-fs (loop0): bogus number of reserved sectors [ 1651.525507][ T26] audit: type=1804 audit(1567610294.624:109): pid=3622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3607/file0/file0" dev="sda1" ino=18649 res=1 [ 1651.529912][ T3574] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x7d}) 15:18:14 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x4000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:14 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0xfffffff, 0x0, 0x369e5d84) 15:18:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x12b, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x7e}) [ 1651.845435][ T26] audit: type=1804 audit(1567610294.944:110): pid=3953 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3608/file0/file0" dev="loop2" ino=582 res=1 15:18:15 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x5000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x12d, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x2}) 15:18:15 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x2, 0x369e5d84) 15:18:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x160, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1652.017209][ T3965] FAT-fs (loop0): bogus number of reserved sectors [ 1652.039812][ T3965] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x7000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x3}) 15:18:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x20000230, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:15 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1652.280110][ T4190] FAT-fs (loop0): bogus number of reserved sectors [ 1652.300717][ T4190] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x8000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x4}) [ 1652.468868][ T4400] xt_check_target: 14 callbacks suppressed [ 1652.468881][ T4400] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1652.502060][ T4403] FAT-fs (loop0): bogus number of reserved sectors 15:18:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1652.523055][ T4403] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1652.703961][ T4610] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1652.716214][ T26] audit: type=1804 audit(1567610295.814:111): pid=4612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3609/file0/file0" dev="loop2" ino=583 res=1 15:18:15 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x3, 0x369e5d84) 15:18:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0xc000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x5}) 15:18:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:16 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x38000000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1652.886725][ T4618] FAT-fs (loop0): bogus number of reserved sectors [ 1652.896000][ T4675] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1652.902513][ T4618] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1652.960498][ T4675] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:16 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x6}) 15:18:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1653.075970][ T26] audit: type=1804 audit(1567610296.174:112): pid=4830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3610/file0/file0" dev="sda1" ino=16731 res=1 15:18:16 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x7, 0x369e5d84) 15:18:16 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x40000000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1653.127339][ T4833] FAT-fs (loop0): bogus number of reserved sectors [ 1653.132221][ T4837] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1653.146354][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1653.149706][ T4833] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1653.167907][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x7}) 15:18:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1653.298245][ T5054] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:16 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x7ffffffff000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1653.407275][ T26] audit: type=1804 audit(1567610296.504:113): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3611/file0/file0" dev="sda1" ino=18618 res=1 [ 1653.438924][ T5062] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:16 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xd, 0x369e5d84) [ 1653.454686][ T5063] FAT-fs (loop0): bogus number of reserved sectors [ 1653.470337][ T5063] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:16 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x8}) 15:18:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:16 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0xf0ffffff7f0000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1653.669399][ T5271] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1653.725918][ T26] audit: type=1804 audit(1567610296.824:114): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3612/file0" dev="sda1" ino=17178 res=1 15:18:16 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x12, 0x369e5d84) 15:18:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x300}) [ 1653.805993][ T5383] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1653.850229][ T5387] FAT-fs (loop0): bogus number of reserved sectors [ 1653.869274][ T5390] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x100000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1653.911125][ T5387] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:17 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x500}) 15:18:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x200000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1654.079162][ T26] audit: type=1804 audit(1567610297.174:115): pid=5604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3613/file0/file0" dev="sda1" ino=17702 res=1 15:18:17 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x300, 0x369e5d84) 15:18:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1654.162580][ T5607] FAT-fs (loop0): bogus number of reserved sectors [ 1654.171470][ T5607] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:17 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) 15:18:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x600}) 15:18:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x300000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1654.390265][ T5824] FAT-fs (loop0): invalid media value (0x00) [ 1654.397170][ T5824] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x400000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x700}) 15:18:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1654.696675][ T6038] FAT-fs (loop0): invalid media value (0x00) [ 1654.741172][ T6038] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1654.845262][ T26] audit: type=1804 audit(1567610297.944:116): pid=6249 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3614/file0/file0" dev="loop2" ino=586 res=1 15:18:18 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x700, 0x369e5d84) 15:18:18 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:18 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x500000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:18 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x5dd8a814d78739d1) 15:18:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x4000}) [ 1655.241467][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1655.250112][ T6253] FAT-fs (loop0): invalid media value (0x00) [ 1655.255742][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1655.261852][ T6253] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1655.265266][ T9855] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF 15:18:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1655.296254][ T9855] FAT-fs (loop2): Filesystem has been set read-only 15:18:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0xff00}) 15:18:18 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x700000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:18 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x1000000}) [ 1655.590807][ T6561] FAT-fs (loop0): invalid media value (0x00) [ 1655.608238][ T6561] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1655.953466][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1655.962112][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:19 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xd00, 0x369e5d84) 15:18:19 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x800000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x2000000}) 15:18:19 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x5dd8a814d78739d1) [ 1656.008575][ T26] audit: type=1804 audit(1567610299.104:117): pid=6783 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3615/file0/file0" dev="loop2" ino=590 res=1 15:18:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:19 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0xc00000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x3000000}) 15:18:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1656.241002][ T6793] FAT-fs (loop0): invalid media value (0x00) [ 1656.265518][ T6793] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:19 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x5dd8a814d78739d1) 15:18:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1656.504682][ T26] audit: type=1804 audit(1567610299.604:118): pid=7123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3616/file0" dev="sda1" ino=17282 res=1 [ 1656.543699][ T7112] FAT-fs (loop0): invalid media value (0x00) 15:18:19 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x1200, 0x369e5d84) 15:18:19 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x3800000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x4000000}) 15:18:19 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) [ 1656.561457][ T7112] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:19 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x4000000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x5000000}) [ 1656.836286][ T26] audit: type=1804 audit(1567610299.934:119): pid=7345 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3617/file0" dev="sda1" ino=18617 res=1 15:18:20 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x3f00, 0x369e5d84) 15:18:20 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x8000000000000000, 0x0, 0x0, 0x0, r0, 0x0}]) 15:18:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1656.949717][ T7342] FAT-fs (loop0): invalid media value (0x00) [ 1656.976870][ T7342] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x6000000}) 15:18:20 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:20 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:20 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0xffffffff00000000, 0x0, 0x0, 0x0, r0, 0x0}]) [ 1657.248820][ T26] audit: type=1804 audit(1567610300.344:120): pid=7569 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3618/file0/file0" dev="sda1" ino=18618 res=1 [ 1657.250739][ T7567] FAT-fs (loop0): invalid media value (0x00) [ 1657.289244][ T7567] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:20 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x4000, 0x369e5d84) 15:18:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x7000000}) 15:18:20 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:20 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x2, 0x0, 0x0, r0, 0x0}]) [ 1657.511817][ T7786] xt_check_target: 17 callbacks suppressed [ 1657.511829][ T7786] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1657.573282][ T7787] FAT-fs (loop0): invalid media value (0x00) [ 1657.596206][ T7787] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x8000000}) 15:18:20 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1657.718116][ T7993] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:20 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x3, 0x0, 0x0, r0, 0x0}]) 15:18:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:21 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5dd8a814d78739d1) [ 1657.947684][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1657.967579][ T8103] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1657.991874][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:21 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xf6ff, 0x369e5d84) 15:18:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x40000000}) 15:18:21 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x4, 0x0, 0x0, r0, 0x0}]) 15:18:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1658.028546][ T26] audit: type=1804 audit(1567610301.124:121): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3619/file0/file0" dev="loop2" ino=592 res=1 [ 1658.126908][ T8119] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:21 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x5, 0x0, 0x0, r0, 0x0}]) 15:18:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0xfdfdffff}) 15:18:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1658.278815][ T8324] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1658.377316][ T26] audit: type=1804 audit(1567610301.474:122): pid=8327 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3620/file0/file0" dev="sda1" ino=18683 res=1 15:18:21 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x7, 0x0, 0x0, r0, 0x0}]) 15:18:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0xff000000}) [ 1658.481844][ T8436] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:21 executing program 3 (fault-call:8 fault-nth:0): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:21 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xfff6, 0x369e5d84) 15:18:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0xfffffdfd}) 15:18:21 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x8, 0x0, 0x0, r0, 0x0}]) [ 1658.803969][ T8544] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1658.825788][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 15:18:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x100000000000000}) 15:18:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1658.861379][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) 15:18:22 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0xc, 0x0, 0x0, r0, 0x0}]) [ 1659.005295][ T8760] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x200000000000000}) [ 1659.146394][ T8781] FAULT_INJECTION: forcing a failure. [ 1659.146394][ T8781] name failslab, interval 1, probability 0, space 0, times 0 [ 1659.200146][ T8900] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1659.222919][ T8781] CPU: 0 PID: 8781 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1659.230797][ T8781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1659.240865][ T8781] Call Trace: [ 1659.244184][ T8781] dump_stack+0x172/0x1f0 [ 1659.248543][ T8781] should_fail.cold+0xa/0x15 [ 1659.253155][ T8781] ? lock_downgrade+0x920/0x920 [ 1659.258033][ T8781] ? fault_create_debugfs_attr+0x180/0x180 [ 1659.263862][ T8781] ? page_to_nid.part.0+0x20/0x20 [ 1659.268926][ T8781] ? ___might_sleep+0x163/0x280 [ 1659.273804][ T8781] __should_failslab+0x121/0x190 [ 1659.278784][ T8781] should_failslab+0x9/0x14 [ 1659.283336][ T8781] kmem_cache_alloc+0x2aa/0x710 [ 1659.288193][ T8781] ? __schedule+0x75d/0x1580 [ 1659.292800][ T8781] getname_flags+0xd6/0x5b0 [ 1659.297339][ T8781] getname+0x1a/0x20 [ 1659.301242][ T8781] do_sys_open+0x2c9/0x5d0 [ 1659.305675][ T8781] ? filp_open+0x80/0x80 [ 1659.310156][ T8781] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1659.310175][ T8781] ? trace_hardirqs_off_caller+0x65/0x230 [ 1659.321953][ T8781] __x64_sys_creat+0x61/0x80 [ 1659.321971][ T8781] do_syscall_64+0xfd/0x6a0 [ 1659.321987][ T8781] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1659.322002][ T8781] RIP: 0033:0x459879 [ 1659.340842][ T8781] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1659.360624][ T8781] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1659.369078][ T8781] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1659.377063][ T8781] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1659.377070][ T8781] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1659.377076][ T8781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 15:18:22 executing program 3 (fault-call:8 fault-nth:1): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) [ 1659.377082][ T8781] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000007 [ 1659.550102][ T26] audit: type=1804 audit(1567610302.644:123): pid=9078 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3621/file0/file0" dev="loop2" ino=596 res=1 [ 1659.557228][ T9079] FAULT_INJECTION: forcing a failure. [ 1659.557228][ T9079] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1659.588004][ T9079] CPU: 1 PID: 9079 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 15:18:22 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x1fffff, 0x369e5d84) 15:18:22 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x38, 0x0, 0x0, r0, 0x0}]) 15:18:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x300000000000000}) 15:18:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) [ 1659.595752][ T9079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1659.605820][ T9079] Call Trace: [ 1659.609119][ T9079] dump_stack+0x172/0x1f0 [ 1659.613461][ T9079] should_fail.cold+0xa/0x15 [ 1659.618067][ T9079] ? fault_create_debugfs_attr+0x180/0x180 [ 1659.623888][ T9079] ? __this_cpu_preempt_check+0x3a/0x210 [ 1659.629543][ T9079] ? retint_kernel+0x2b/0x2b [ 1659.634149][ T9079] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1659.640438][ T9079] should_fail_alloc_page+0x50/0x60 [ 1659.645652][ T9079] __alloc_pages_nodemask+0x1a1/0x900 [ 1659.651037][ T9079] ? retint_kernel+0x2b/0x2b [ 1659.655683][ T9079] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1659.660010][ T9085] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1659.661376][ T9079] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1659.661393][ T9079] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1659.661418][ T9079] ? __this_cpu_preempt_check+0x3a/0x210 [ 1659.681179][ T9079] ? fault_create_debugfs_attr+0x180/0x180 [ 1659.681197][ T9079] cache_grow_begin+0x90/0xd20 15:18:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1659.681219][ T9079] ? getname_flags+0xd6/0x5b0 [ 1659.697393][ T9079] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1659.697415][ T9079] kmem_cache_alloc+0x64e/0x710 [ 1659.713156][ T9079] ? __kasan_check_write+0x14/0x20 [ 1659.718288][ T9079] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1659.723865][ T9079] getname_flags+0xd6/0x5b0 [ 1659.728388][ T9079] getname+0x1a/0x20 [ 1659.732299][ T9079] do_sys_open+0x2c9/0x5d0 [ 1659.736736][ T9079] ? filp_open+0x80/0x80 [ 1659.741002][ T9079] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe 15:18:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x400000000000000}) [ 1659.747194][ T9079] ? trace_hardirqs_off_caller+0x65/0x230 [ 1659.752934][ T9079] __x64_sys_creat+0x61/0x80 [ 1659.757551][ T9079] do_syscall_64+0xfd/0x6a0 [ 1659.762160][ T9079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1659.768071][ T9079] RIP: 0033:0x459879 [ 1659.771980][ T9079] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1659.791595][ T9079] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 15:18:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(0x0, 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1659.800016][ T9079] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1659.808607][ T9079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1659.816593][ T9079] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1659.824589][ T9079] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1659.832573][ T9079] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000006 15:18:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x300, 0x0, 0x0, r0, 0x0}]) 15:18:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:23 executing program 3 (fault-call:8 fault-nth:2): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) [ 1660.376865][ T26] audit: type=1804 audit(1567610303.474:124): pid=9509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3622/file0/file0" dev="loop2" ino=597 res=1 15:18:23 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x1000000, 0x369e5d84) 15:18:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x500000000000000}) 15:18:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:23 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(0x0, 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x500, 0x0, 0x0, r0, 0x0}]) 15:18:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:23 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(0x0, 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x700, 0x0, 0x0, r0, 0x0}]) 15:18:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x600000000000000}) 15:18:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:23 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x3, 0x0, 0x369e5d84) [ 1660.750606][ T9630] FAULT_INJECTION: forcing a failure. [ 1660.750606][ T9630] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.853640][ T9630] CPU: 1 PID: 9630 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1660.861505][ T9630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1660.872642][ T9630] Call Trace: [ 1660.875983][ T9630] dump_stack+0x172/0x1f0 [ 1660.880337][ T9630] should_fail.cold+0xa/0x15 [ 1660.884957][ T9630] ? fault_create_debugfs_attr+0x180/0x180 [ 1660.890770][ T9630] ? retint_kernel+0x2b/0x2b [ 1660.895400][ T9630] ? ___might_sleep+0x163/0x280 [ 1660.900285][ T9630] __should_failslab+0x121/0x190 [ 1660.905330][ T9630] should_failslab+0x9/0x14 [ 1660.910120][ T9630] kmem_cache_alloc+0x2aa/0x710 [ 1660.915006][ T9630] ? __this_cpu_preempt_check+0x3a/0x210 [ 1660.920640][ T9630] ? retint_kernel+0x2b/0x2b [ 1660.925232][ T9630] __alloc_file+0x27/0x340 [ 1660.929648][ T9630] alloc_empty_file+0x72/0x170 [ 1660.934414][ T9630] path_openat+0xef/0x4630 [ 1660.938836][ T9630] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1660.944504][ T9630] ? kasan_slab_alloc+0xf/0x20 [ 1660.949286][ T9630] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1660.954761][ T9630] ? __this_cpu_preempt_check+0x3a/0x210 [ 1660.960422][ T9630] ? retint_kernel+0x2b/0x2b [ 1660.965035][ T9630] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1660.971030][ T9630] ? expand_files+0xea/0x810 [ 1660.975639][ T9630] ? write_comp_data+0x68/0x70 [ 1660.980421][ T9630] do_filp_open+0x1a1/0x280 [ 1660.984939][ T9630] ? may_open_dev+0x100/0x100 [ 1660.989653][ T9630] ? lock_downgrade+0x920/0x920 [ 1660.994522][ T9630] ? rwlock_bug.part.0+0x90/0x90 [ 1660.999492][ T9630] ? __kasan_check_read+0x11/0x20 [ 1661.004528][ T9630] ? do_raw_spin_unlock+0x57/0x270 [ 1661.009660][ T9630] do_sys_open+0x3fe/0x5d0 [ 1661.014101][ T9630] ? filp_open+0x80/0x80 [ 1661.018381][ T9630] __x64_sys_creat+0x61/0x80 [ 1661.022977][ T9630] do_syscall_64+0xfd/0x6a0 [ 1661.027496][ T9630] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1661.033388][ T9630] RIP: 0033:0x459879 [ 1661.037286][ T9630] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1661.057027][ T9630] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1661.065889][ T9630] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1661.074308][ T9630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1661.084286][ T9630] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1661.092262][ T9630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1661.100242][ T9630] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000004 [ 1661.178559][ T26] audit: type=1804 audit(1567610304.274:125): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3623/file0/file0" dev="loop2" ino=598 res=1 15:18:24 executing program 3 (fault-call:8 fault-nth:3): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:24 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0xc00, 0x0, 0x0, r0, 0x0}]) 15:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:24 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x3, 0x0, 0x369e5d84) 15:18:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x700000000000000}) 15:18:24 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x2000000, 0x369e5d84) 15:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1661.349816][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1661.369721][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:24 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x3, 0x0, 0x369e5d84) 15:18:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x800000000000000}) 15:18:24 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x3800, 0x0, 0x0, r0, 0x0}]) 15:18:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1661.544351][ T26] audit: type=1804 audit(1567610304.644:126): pid=10006 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3624/file0/file0" dev="sda1" ino=18705 res=1 15:18:24 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x3000000, 0x369e5d84) [ 1661.719172][T10003] FAULT_INJECTION: forcing a failure. [ 1661.719172][T10003] name failslab, interval 1, probability 0, space 0, times 0 [ 1661.750192][T10003] CPU: 0 PID: 10003 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1661.758039][T10003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1661.758046][T10003] Call Trace: [ 1661.758068][T10003] dump_stack+0x172/0x1f0 [ 1661.758090][T10003] should_fail.cold+0xa/0x15 [ 1661.758107][T10003] ? fault_create_debugfs_attr+0x180/0x180 [ 1661.758131][T10003] ? page_to_nid.part.0+0x20/0x20 [ 1661.775841][T10003] ? ___might_sleep+0x163/0x280 [ 1661.786193][T10003] __should_failslab+0x121/0x190 [ 1661.786208][T10003] should_failslab+0x9/0x14 [ 1661.786218][T10003] kmem_cache_alloc+0x2aa/0x710 [ 1661.786231][T10003] ? memcg_kmem_put_cache+0x3e/0x50 [ 1661.786242][T10003] ? kmem_cache_alloc+0x314/0x710 [ 1661.786262][T10003] security_file_alloc+0x39/0x170 [ 1661.825574][T10003] __alloc_file+0xde/0x340 [ 1661.830003][T10003] alloc_empty_file+0x72/0x170 [ 1661.834858][T10003] path_openat+0xef/0x4630 [ 1661.839276][T10003] ? save_stack+0x23/0x90 [ 1661.843610][T10003] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1661.849443][T10003] ? kasan_slab_alloc+0xf/0x20 [ 1661.854230][T10003] ? kmem_cache_alloc+0x121/0x710 [ 1661.859269][T10003] ? getname_flags+0xd6/0x5b0 [ 1661.863964][T10003] ? getname+0x1a/0x20 [ 1661.868038][T10003] ? do_sys_open+0x2c9/0x5d0 [ 1661.872777][T10003] ? __x64_sys_creat+0x61/0x80 [ 1661.877567][T10003] ? do_syscall_64+0xfd/0x6a0 [ 1661.882262][T10003] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1661.888340][T10003] ? debug_smp_processor_id+0x3c/0x214 [ 1661.893817][T10003] ? perf_trace_lock_acquire+0xf5/0x530 [ 1661.899389][T10003] ? __kasan_check_read+0x11/0x20 [ 1661.904430][T10003] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1661.909815][T10003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1661.916423][T10003] ? debug_smp_processor_id+0x3c/0x214 [ 1661.921906][T10003] ? perf_trace_lock_acquire+0xf5/0x530 [ 1661.927455][T10003] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1661.933090][T10003] ? retint_kernel+0x2b/0x2b [ 1661.937767][T10003] do_filp_open+0x1a1/0x280 [ 1661.942311][T10003] ? may_open_dev+0x100/0x100 [ 1661.947007][T10003] ? retint_kernel+0x2b/0x2b [ 1661.951601][T10003] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1661.957231][T10003] ? rwlock_bug.part.0+0x90/0x90 [ 1661.962179][T10003] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1661.967665][T10003] ? __this_cpu_preempt_check+0x3a/0x210 [ 1661.973318][T10003] do_sys_open+0x3fe/0x5d0 [ 1661.977748][T10003] ? filp_open+0x80/0x80 [ 1661.982006][T10003] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1661.988354][T10003] ? trace_hardirqs_off_caller+0x65/0x230 [ 1661.994083][T10003] __x64_sys_creat+0x61/0x80 [ 1661.998721][T10003] do_syscall_64+0xfd/0x6a0 [ 1662.003235][T10003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1662.009128][T10003] RIP: 0033:0x459879 [ 1662.013026][T10003] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1662.032634][T10003] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1662.041060][T10003] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1662.041086][T10003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1662.041093][T10003] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1662.041100][T10003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1662.041108][T10003] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000007 15:18:25 executing program 3 (fault-call:8 fault-nth:4): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x4000000000000000}) 15:18:25 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x4000, 0x0, 0x0, r0, 0x0}]) 15:18:25 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x369e5d84) 15:18:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1662.258825][ T26] audit: type=1804 audit(1567610305.354:127): pid=10118 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3625/file0" dev="sda1" ino=17570 res=1 15:18:25 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x7000000, 0x369e5d84) 15:18:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:25 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x369e5d84) 15:18:25 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x1000000, 0x0, 0x0, r0, 0x0}]) 15:18:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0xfdfdffff00000000}) 15:18:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:25 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x369e5d84) [ 1662.607719][T10240] FAULT_INJECTION: forcing a failure. [ 1662.607719][T10240] name failslab, interval 1, probability 0, space 0, times 0 [ 1662.625750][T10350] xt_check_target: 11 callbacks suppressed [ 1662.625764][T10350] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1662.645484][T10240] CPU: 1 PID: 10240 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1662.653332][T10240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1662.663394][T10240] Call Trace: [ 1662.666706][T10240] dump_stack+0x172/0x1f0 [ 1662.671055][T10240] should_fail.cold+0xa/0x15 [ 1662.675668][T10240] ? fault_create_debugfs_attr+0x180/0x180 [ 1662.681493][T10240] ? ___might_sleep+0x163/0x280 [ 1662.686351][T10240] __should_failslab+0x121/0x190 [ 1662.691289][T10240] should_failslab+0x9/0x14 [ 1662.697178][T10240] __kmalloc+0x2e0/0x770 [ 1662.701428][T10240] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 1662.707151][T10240] tomoyo_realpath_from_path+0xcd/0x7b0 [ 1662.712715][T10240] tomoyo_path_number_perm+0x1dd/0x520 [ 1662.718182][T10240] ? tomoyo_path_number_perm+0x193/0x520 [ 1662.723823][T10240] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1662.729640][T10240] ? retint_kernel+0x2b/0x2b [ 1662.734239][T10240] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1662.739891][T10240] ? d_alloc_parallel+0x7de/0x1c30 [ 1662.745018][T10240] ? __kasan_check_read+0x11/0x20 [ 1662.750063][T10240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1662.756316][T10240] ? d_alloc_parallel+0xa78/0x1c30 [ 1662.761438][T10240] ? retint_kernel+0x2b/0x2b [ 1662.766037][T10240] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1662.771678][T10240] tomoyo_path_mknod+0x12d/0x1b0 [ 1662.776619][T10240] ? tomoyo_path_chown+0x1c0/0x1c0 [ 1662.781739][T10240] security_path_mknod+0x119/0x180 [ 1662.786876][T10240] lookup_open+0x86b/0x1a50 [ 1662.791392][T10240] ? vfs_link+0xb90/0xb90 [ 1662.795745][T10240] ? path_openat+0x1445/0x4630 [ 1662.800528][T10240] path_openat+0x14ac/0x4630 [ 1662.805116][T10240] ? save_stack+0x23/0x90 [ 1662.809447][T10240] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1662.815260][T10240] ? kasan_slab_alloc+0xf/0x20 [ 1662.820028][T10240] ? kmem_cache_alloc+0x121/0x710 [ 1662.825054][T10240] ? getname_flags+0xd6/0x5b0 [ 1662.829736][T10240] ? getname+0x1a/0x20 [ 1662.833817][T10240] ? __this_cpu_preempt_check+0x11/0x210 [ 1662.839457][T10240] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1662.844835][T10240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1662.851082][T10240] ? debug_smp_processor_id+0x3c/0x214 [ 1662.856548][T10240] ? retint_kernel+0x2b/0x2b [ 1662.861138][T10240] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1662.866779][T10240] do_filp_open+0x1a1/0x280 [ 1662.871308][T10240] ? may_open_dev+0x100/0x100 [ 1662.876008][T10240] ? __alloc_fd+0x487/0x620 [ 1662.880517][T10240] ? __kasan_check_read+0x11/0x20 [ 1662.885548][T10240] ? do_raw_spin_unlock+0x57/0x270 [ 1662.890673][T10240] do_sys_open+0x3fe/0x5d0 [ 1662.895101][T10240] ? filp_open+0x80/0x80 [ 1662.899348][T10240] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1662.905440][T10240] ? trace_hardirqs_off_caller+0x65/0x230 [ 1662.911355][T10240] __x64_sys_creat+0x61/0x80 [ 1662.915948][T10240] do_syscall_64+0xfd/0x6a0 [ 1662.920454][T10240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1662.926346][T10240] RIP: 0033:0x459879 [ 1662.930239][T10240] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1662.949842][T10240] RSP: 002b:00007f9b16accc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1662.958286][T10240] RAX: ffffffffffffffda RBX: 00007f9b16accc90 RCX: 0000000000459879 [ 1662.966256][T10240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1662.974241][T10240] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1662.982559][T10240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16acd6d4 [ 1662.990527][T10240] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000004 [ 1663.003042][T10240] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1663.016095][ T26] audit: type=1804 audit(1567610306.114:128): pid=10451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3626/file0/file0" dev="loop2" ino=603 res=1 15:18:26 executing program 3 (fault-call:8 fault-nth:5): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:26 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x2000000, 0x0, 0x0, r0, 0x0}]) 15:18:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0xff00000000000000}) 15:18:26 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:26 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xd000000, 0x369e5d84) 15:18:26 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1663.199941][T10520] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x2}) 15:18:26 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x0) 15:18:26 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x3000000, 0x0, 0x0, r0, 0x0}]) [ 1663.326932][T10667] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:26 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1663.470254][T10672] FAULT_INJECTION: forcing a failure. [ 1663.470254][T10672] name failslab, interval 1, probability 0, space 0, times 0 [ 1663.512509][T10781] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1663.530733][T10672] CPU: 0 PID: 10672 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1663.538574][T10672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1663.538580][T10672] Call Trace: [ 1663.538599][T10672] dump_stack+0x172/0x1f0 [ 1663.538624][T10672] should_fail.cold+0xa/0x15 [ 1663.560968][T10672] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1663.566450][T10672] ? fault_create_debugfs_attr+0x180/0x180 [ 1663.572259][T10672] ? ___might_sleep+0x163/0x280 [ 1663.572277][T10672] __should_failslab+0x121/0x190 [ 1663.572292][T10672] should_failslab+0x9/0x14 [ 1663.572303][T10672] __kmalloc+0x2e0/0x770 [ 1663.572320][T10672] ? tomoyo_encode2.part.0+0x82/0x400 [ 1663.572330][T10672] ? tomoyo_encode2.part.0+0xf5/0x400 [ 1663.572351][T10672] tomoyo_encode2.part.0+0xf5/0x400 [ 1663.590835][T10672] tomoyo_encode+0x2b/0x50 [ 1663.590847][T10672] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 1663.590866][T10672] tomoyo_path_number_perm+0x1dd/0x520 [ 1663.590878][T10672] ? tomoyo_path_number_perm+0x193/0x520 [ 1663.590896][T10672] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1663.590911][T10672] ? perf_trace_lock_acquire+0xf5/0x530 [ 1663.590924][T10672] ? d_alloc+0x1d0/0x280 [ 1663.590942][T10672] ? d_alloc_parallel+0x7de/0x1c30 [ 1663.606845][T10672] ? __kasan_check_read+0x11/0x20 [ 1663.606873][T10672] ? __this_cpu_preempt_check+0x3a/0x210 [ 1663.622386][T10672] ? retint_kernel+0x2b/0x2b [ 1663.622405][T10672] ? tomoyo_path_mknod+0xce/0x1b0 [ 1663.622420][T10672] tomoyo_path_mknod+0x12d/0x1b0 [ 1663.622434][T10672] ? tomoyo_path_chown+0x1c0/0x1c0 [ 1663.622453][T10672] security_path_mknod+0x119/0x180 [ 1663.622475][T10672] lookup_open+0x86b/0x1a50 [ 1663.688577][T10672] ? vfs_link+0xb90/0xb90 [ 1663.692924][T10672] ? __this_cpu_preempt_check+0x3a/0x210 [ 1663.698589][T10672] path_openat+0x14ac/0x4630 [ 1663.703234][T10672] ? save_stack+0x23/0x90 [ 1663.707572][T10672] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 15:18:26 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x4000000, 0x0, 0x0, r0, 0x0}]) 15:18:26 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1663.713390][T10672] ? kasan_slab_alloc+0xf/0x20 [ 1663.718153][T10672] ? kmem_cache_alloc+0x121/0x710 [ 1663.723191][T10672] ? getname_flags+0xd6/0x5b0 [ 1663.727882][T10672] ? getname+0x1a/0x20 [ 1663.731966][T10672] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1663.737602][T10672] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1663.742983][T10672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1663.749245][T10672] ? debug_smp_processor_id+0x3c/0x214 [ 1663.754721][T10672] ? retint_kernel+0x2b/0x2b [ 1663.759336][T10672] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1663.764988][T10672] do_filp_open+0x1a1/0x280 [ 1663.765007][T10672] ? may_open_dev+0x100/0x100 [ 1663.774177][T10672] ? __kasan_check_read+0x11/0x20 [ 1663.779201][T10672] ? do_raw_spin_unlock+0x57/0x270 [ 1663.779228][T10672] do_sys_open+0x3fe/0x5d0 [ 1663.788733][T10672] ? filp_open+0x80/0x80 [ 1663.792993][T10672] __x64_sys_creat+0x61/0x80 [ 1663.797626][T10672] do_syscall_64+0xfd/0x6a0 [ 1663.802146][T10672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1663.808043][T10672] RIP: 0033:0x459879 [ 1663.811948][T10672] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1663.831565][T10672] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1663.831579][T10672] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1663.831587][T10672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1663.831593][T10672] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1663.831599][T10672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1663.831606][T10672] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000008 [ 1663.833127][ T26] audit: type=1804 audit(1567610306.894:129): pid=10674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3627/file0/file0" dev="sda1" ino=18724 res=1 [ 1663.847964][T10786] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1663.880482][T10672] ERROR: Out of memory at tomoyo_realpath_from_path. 15:18:27 executing program 3 (fault-call:8 fault-nth:6): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x3}) 15:18:27 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xfffffff, 0x369e5d84) 15:18:27 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x0) 15:18:27 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x5000000, 0x0, 0x0, r0, 0x0}]) 15:18:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1664.078416][T10790] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:27 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x7000000, 0x0, 0x0, r0, 0x0}]) 15:18:27 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x0) 15:18:27 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x12000000, 0x369e5d84) [ 1664.242463][ T26] audit: type=1804 audit(1567610307.334:130): pid=10990 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3628/file0/file0" dev="sda1" ino=18721 res=1 [ 1664.278603][T10992] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x4}) 15:18:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1664.390075][T10958] FAULT_INJECTION: forcing a failure. [ 1664.390075][T10958] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1664.403759][T10958] CPU: 1 PID: 10958 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1664.411572][T10958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1664.421634][T10958] Call Trace: [ 1664.425023][T10958] dump_stack+0x172/0x1f0 [ 1664.429369][T10958] should_fail.cold+0xa/0x15 [ 1664.433979][T10958] ? fault_create_debugfs_attr+0x180/0x180 [ 1664.439894][T10958] ? arch_stack_walk+0x97/0xf0 [ 1664.444675][T10958] should_fail_alloc_page+0x50/0x60 [ 1664.449888][T10958] __alloc_pages_nodemask+0x1a1/0x900 [ 1664.455275][T10958] ? stack_trace_save+0xac/0xe0 [ 1664.460139][T10958] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1664.465880][T10958] ? __this_cpu_preempt_check+0x3a/0x210 [ 1664.471534][T10958] ? fault_create_debugfs_attr+0x180/0x180 [ 1664.477352][T10958] ? save_stack+0x5c/0x90 [ 1664.481781][T10958] cache_grow_begin+0x90/0xd20 [ 1664.486558][T10958] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 1664.492394][T10958] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1664.498648][T10958] __kmalloc+0x6b2/0x770 [ 1664.502902][T10958] ? mark_held_locks+0xf0/0xf0 [ 1664.507671][T10958] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 1664.513487][T10958] tomoyo_realpath_from_path+0xcd/0x7b0 [ 1664.519051][T10958] ? tomoyo_path_number_perm+0x193/0x520 [ 1664.524700][T10958] tomoyo_path_number_perm+0x1dd/0x520 [ 1664.530164][T10958] ? tomoyo_path_number_perm+0x193/0x520 [ 1664.535801][T10958] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1664.541610][T10958] ? perf_trace_lock_acquire+0xf5/0x530 [ 1664.547153][T10958] ? d_alloc+0x1d0/0x280 [ 1664.551398][T10958] ? d_alloc_parallel+0x7de/0x1c30 [ 1664.556506][T10958] ? __kasan_check_read+0x11/0x20 [ 1664.561547][T10958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1664.567805][T10958] ? d_alloc_parallel+0xa78/0x1c30 [ 1664.572916][T10958] ? retint_kernel+0x2b/0x2b [ 1664.577503][T10958] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1664.583141][T10958] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1664.588602][T10958] tomoyo_path_mknod+0x12d/0x1b0 [ 1664.593537][T10958] ? tomoyo_path_chown+0x1c0/0x1c0 [ 1664.598650][T10958] security_path_mknod+0x119/0x180 [ 1664.603764][T10958] lookup_open+0x86b/0x1a50 [ 1664.608270][T10958] ? vfs_link+0xb90/0xb90 [ 1664.612788][T10958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1664.619027][T10958] ? __mnt_want_write+0x1f1/0x2f0 [ 1664.624143][T10958] path_openat+0x14ac/0x4630 [ 1664.628745][T10958] ? finish_task_switch+0x147/0x720 [ 1664.633941][T10958] ? __kasan_check_read+0x11/0x20 [ 1664.638977][T10958] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1664.644346][T10958] ? __kasan_check_read+0x11/0x20 [ 1664.649376][T10958] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1664.654576][T10958] ? finish_task_switch+0x147/0x720 [ 1664.659774][T10958] ? finish_task_switch+0x119/0x720 [ 1664.664978][T10958] do_filp_open+0x1a1/0x280 [ 1664.669540][T10958] ? may_open_dev+0x100/0x100 [ 1664.674242][T10958] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1664.679702][T10958] ? preempt_schedule_irq+0xf3/0x160 [ 1664.684984][T10958] ? retint_kernel+0x2b/0x2b [ 1664.689588][T10958] do_sys_open+0x3fe/0x5d0 [ 1664.694004][T10958] ? filp_open+0x80/0x80 [ 1664.698245][T10958] ? retint_kernel+0x2b/0x2b [ 1664.702853][T10958] __x64_sys_creat+0x61/0x80 [ 1664.707465][T10958] do_syscall_64+0xfd/0x6a0 [ 1664.711971][T10958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1664.717872][T10958] RIP: 0033:0x459879 [ 1664.721770][T10958] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1664.741376][T10958] RSP: 002b:00007f9b16accc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1664.749786][T10958] RAX: ffffffffffffffda RBX: 00007f9b16accc90 RCX: 0000000000459879 [ 1664.757782][T10958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1664.765767][T10958] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1664.773738][T10958] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16acd6d4 [ 1664.781705][T10958] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000004 15:18:28 executing program 3 (fault-call:8 fault-nth:7): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:28 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x0) 15:18:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x5}) 15:18:28 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x8000000, 0x0, 0x0, r0, 0x0}]) 15:18:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:28 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0xc000000, 0x0, 0x0, r0, 0x0}]) 15:18:28 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x0) 15:18:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x6}) [ 1665.085153][T11491] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1665.211557][T11534] FAULT_INJECTION: forcing a failure. [ 1665.211557][T11534] name failslab, interval 1, probability 0, space 0, times 0 [ 1665.273574][T11534] CPU: 0 PID: 11534 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1665.281435][T11534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1665.291517][T11534] Call Trace: [ 1665.294818][T11534] dump_stack+0x172/0x1f0 [ 1665.299177][T11534] should_fail.cold+0xa/0x15 [ 1665.302362][T11543] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1665.303927][T11534] ? fault_create_debugfs_attr+0x180/0x180 [ 1665.303948][T11534] ? ___might_sleep+0x163/0x280 [ 1665.323215][T11534] __should_failslab+0x121/0x190 [ 1665.328161][T11534] should_failslab+0x9/0x14 [ 1665.328174][T11534] __kmalloc+0x2e0/0x770 [ 1665.328194][T11534] ? tomoyo_encode2.part.0+0x78/0x400 [ 1665.342299][T11534] ? tomoyo_encode2.part.0+0x82/0x400 [ 1665.347672][T11534] ? tomoyo_encode2.part.0+0xf5/0x400 [ 1665.347688][T11534] tomoyo_encode2.part.0+0xf5/0x400 [ 1665.347707][T11534] tomoyo_encode+0x2b/0x50 [ 1665.362674][T11534] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 1665.368335][T11534] tomoyo_path_number_perm+0x1dd/0x520 [ 1665.373808][T11534] ? tomoyo_path_number_perm+0x193/0x520 [ 1665.379456][T11534] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1665.385276][T11534] ? perf_trace_lock_acquire+0xf5/0x530 [ 1665.390923][T11534] ? d_alloc+0x1d0/0x280 [ 1665.395178][T11534] ? d_alloc_parallel+0x7de/0x1c30 [ 1665.400288][T11534] ? __kasan_check_read+0x11/0x20 [ 1665.405429][T11534] ? __this_cpu_preempt_check+0x3a/0x210 [ 1665.411079][T11534] ? retint_kernel+0x2b/0x2b [ 1665.415690][T11534] tomoyo_path_mknod+0x12d/0x1b0 [ 1665.420648][T11534] ? tomoyo_path_chown+0x1c0/0x1c0 [ 1665.425783][T11534] ? lookup_open+0x2c2/0x1a50 [ 1665.430473][T11534] security_path_mknod+0x119/0x180 [ 1665.435580][T11534] lookup_open+0x86b/0x1a50 [ 1665.435598][T11534] ? vfs_link+0xb90/0xb90 [ 1665.435623][T11534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1665.435635][T11534] ? __mnt_want_write+0x1f1/0x2f0 [ 1665.435652][T11534] path_openat+0x14ac/0x4630 [ 1665.435664][T11534] ? save_stack+0x23/0x90 [ 1665.435677][T11534] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1665.435688][T11534] ? kasan_slab_alloc+0xf/0x20 [ 1665.435697][T11534] ? kmem_cache_alloc+0x121/0x710 [ 1665.435707][T11534] ? getname_flags+0xd6/0x5b0 [ 1665.435724][T11534] ? getname+0x1a/0x20 [ 1665.489114][T11534] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1665.494502][T11534] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1665.500141][T11534] ? debug_smp_processor_id+0x3c/0x214 [ 1665.506821][T11534] ? retint_kernel+0x2b/0x2b [ 1665.512369][T11534] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1665.518008][T11534] do_filp_open+0x1a1/0x280 [ 1665.522510][T11534] ? may_open_dev+0x100/0x100 [ 1665.527188][T11534] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1665.532843][T11534] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1665.538340][T11534] ? __this_cpu_preempt_check+0x3a/0x210 [ 1665.543981][T11534] ? do_sys_open+0x3ec/0x5d0 [ 1665.548577][T11534] do_sys_open+0x3fe/0x5d0 [ 1665.552998][T11534] ? filp_open+0x80/0x80 [ 1665.557252][T11534] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1665.563349][T11534] ? trace_hardirqs_off_caller+0x65/0x230 [ 1665.569136][T11534] __x64_sys_creat+0x61/0x80 [ 1665.573778][T11534] do_syscall_64+0xfd/0x6a0 [ 1665.578297][T11534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1665.584198][T11534] RIP: 0033:0x459879 [ 1665.588104][T11534] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1665.607722][T11534] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1665.616162][T11534] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1665.624172][T11534] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1665.632152][T11534] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1665.640129][T11534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1665.648104][T11534] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000006 15:18:28 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x369e5d84, 0x369e5d84) 15:18:28 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x38000000, 0x0, 0x0, r0, 0x0}]) 15:18:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1665.700920][T11534] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1665.744003][T11649] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:29 executing program 3 (fault-call:8 fault-nth:8): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x7}) 15:18:29 executing program 0 (fault-call:4 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:29 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:29 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x40000000, 0x0, 0x0, r0, 0x0}]) [ 1665.970779][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 15:18:29 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:29 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1666.024061][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x8}) 15:18:29 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x7ffffffff000, 0x0, 0x0, r0, 0x0}]) [ 1666.338261][T11772] FAULT_INJECTION: forcing a failure. [ 1666.338261][T11772] name failslab, interval 1, probability 0, space 0, times 0 [ 1666.352237][T11772] CPU: 0 PID: 11772 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1666.360075][T11772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1666.370145][T11772] Call Trace: [ 1666.373453][T11772] dump_stack+0x172/0x1f0 [ 1666.377800][T11772] should_fail.cold+0xa/0x15 [ 1666.382409][T11772] ? __might_sleep+0x95/0x190 [ 1666.387101][T11772] ? fault_create_debugfs_attr+0x180/0x180 [ 1666.392921][T11772] ? perf_trace_lock_acquire+0xf5/0x530 [ 1666.398472][T11772] ? retint_kernel+0x2b/0x2b [ 1666.403083][T11772] ? ___might_sleep+0x163/0x280 [ 1666.407955][T11772] __should_failslab+0x121/0x190 [ 1666.412911][T11772] ? ratelimit_state_init+0xb0/0xb0 [ 1666.418121][T11772] should_failslab+0x9/0x14 [ 1666.422637][T11772] kmem_cache_alloc+0x2aa/0x710 [ 1666.427520][T11772] ? retint_kernel+0x2b/0x2b [ 1666.432154][T11772] ? ratelimit_state_init+0xb0/0xb0 [ 1666.437351][T11772] ext4_alloc_inode+0x1f/0x640 [ 1666.442205][T11772] ? ratelimit_state_init+0xb0/0xb0 [ 1666.447403][T11772] alloc_inode+0x68/0x1e0 [ 1666.451736][T11772] new_inode_pseudo+0x19/0xf0 [ 1666.456415][T11772] new_inode+0x1f/0x40 [ 1666.460487][T11772] __ext4_new_inode+0x3d5/0x4e50 [ 1666.465444][T11772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1666.471684][T11772] ? __dquot_initialize+0x525/0xd80 [ 1666.476883][T11772] ? ext4_free_inode+0x1490/0x1490 [ 1666.482084][T11772] ? __kasan_check_read+0x11/0x20 [ 1666.487110][T11772] ? do_raw_spin_unlock+0x57/0x270 [ 1666.492232][T11772] ? dqget+0x10d0/0x10d0 [ 1666.496475][T11772] ? _raw_spin_unlock+0x2d/0x50 [ 1666.501331][T11772] ? d_splice_alias+0x506/0xcc0 [ 1666.506184][T11772] ? retint_kernel+0x2b/0x2b [ 1666.510775][T11772] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1666.516417][T11772] ext4_create+0x236/0x5e0 [ 1666.520841][T11772] ? ext4_mknod+0x5f0/0x5f0 [ 1666.525370][T11772] ? lookup_open+0x777/0x1a50 [ 1666.530250][T11772] ? ext4_mknod+0x5f0/0x5f0 [ 1666.534762][T11772] lookup_open+0x12be/0x1a50 [ 1666.539358][T11772] ? vfs_link+0xb90/0xb90 [ 1666.543706][T11772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1666.549948][T11772] ? __mnt_want_write+0x1f1/0x2f0 [ 1666.555077][T11772] path_openat+0x14ac/0x4630 [ 1666.559685][T11772] ? save_stack+0x23/0x90 [ 1666.564017][T11772] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1666.569823][T11772] ? kasan_slab_alloc+0xf/0x20 [ 1666.574589][T11772] ? kmem_cache_alloc+0x121/0x710 [ 1666.579620][T11772] ? retint_kernel+0x2b/0x2b [ 1666.584223][T11772] ? calibrate_delay.cold+0x49f/0x4ae [ 1666.589601][T11772] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1666.594976][T11772] ? retint_kernel+0x2b/0x2b [ 1666.599575][T11772] do_filp_open+0x1a1/0x280 [ 1666.604078][T11772] ? may_open_dev+0x100/0x100 [ 1666.608762][T11772] ? __kasan_check_read+0x11/0x20 [ 1666.613787][T11772] ? do_raw_spin_unlock+0x57/0x270 [ 1666.618918][T11772] do_sys_open+0x3fe/0x5d0 [ 1666.623341][T11772] ? filp_open+0x80/0x80 [ 1666.627591][T11772] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1666.633669][T11772] ? trace_hardirqs_off_caller+0x65/0x230 [ 1666.639481][T11772] __x64_sys_creat+0x61/0x80 [ 1666.644074][T11772] do_syscall_64+0xfd/0x6a0 [ 1666.648584][T11772] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1666.654479][T11772] RIP: 0033:0x459879 [ 1666.658395][T11772] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1666.678011][T11772] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1666.686437][T11772] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1666.694673][T11772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1666.702650][T11772] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1666.710647][T11772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1666.718619][T11772] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000004 [ 1666.740460][ T26] audit: type=1804 audit(1567610309.834:131): pid=11879 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3630/file0/file0" dev="loop2" ino=608 res=1 15:18:29 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x3f000000, 0x369e5d84) 15:18:29 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:29 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x2, 0x0, 0x369e5d84) 15:18:29 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0xf0ffffff7f0000, 0x0, 0x0, r0, 0x0}]) 15:18:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x300}) 15:18:29 executing program 3 (fault-call:8 fault-nth:9): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:29 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:30 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x100000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:30 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x500}) 15:18:30 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$VIDIOC_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000340)={0x6, 0x0, [], {0x0, @bt={0x8001, 0x3ff, 0x0, 0x3, 0xeaab, 0x80, 0x9, 0x0, 0x6, 0x101, 0x5, 0x4, 0x5, 0x4, 0x272a0304cdf82993, 0x4}}}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000040)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8401, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x80000) pipe(&(0x7f0000000040)={0xffffffffffffffff}) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r7 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) splice(r6, 0x0, r7, 0x0, 0x20000000003, 0x0) r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r8, 0x8008af00, &(0x7f0000000740)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) geteuid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r12, 0x0) setresuid(0x0, r10, r10) r13 = geteuid() mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='9p\x00', 0x242020, &(0x7f0000000780)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d0cd08c2a0d302417899970a5f6c665047cba561d8a58efeb58d25e66c3044ab4c4c4db51a4cfd1eac73eeab5de732c997135a0135a1b975b2c149d140000a54375cd7c8d8fcd4b8e7f4a1e236aa549fb984ae8b55f1009c41a2761946cc335d9f8f154", @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB=',cachetag=]cpuset!em0em1vmnet0,,access=', @ANYRESDEC=r10, @ANYBLOB="2c616e616d653d76666174002c6163636573733d636c69656e742c70726976706f72742c616669643d3078303030303030303030303031303030302c63616368653d6d6d61702c63616368657461673d47504c242ce12d6b657972696e677573657247504c2c63616368653d6d6d61702c646f6e745f686173682c7065726d69745f646972656374696f2c666f776e65723e", @ANYRESDEC=r13, @ANYBLOB="2c6f626a5f726f6c653d2f6465762f7a65726f002c646f6e745f686173682c66736d616769633d3078303030303030303030303030303034342c6673757569643d36366600e06615372d395062002d343363642d003831362d3565630c646130532c6673636f6e746578743d73746166665f752c00"]) openat$audio(0xffffffffffffff9c, &(0x7f0000000600)='/dev/audio\x00', 0x400000, 0x0) splice(r3, 0x0, r5, 0x0, 0x20000000003, 0x0) perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0xd4e, 0x801, 0x2, 0x7, 0x0, 0xff, 0x10201, 0x1, 0xffffffffffffffe1, 0x9, 0x6f, 0x837, 0x4, 0x0, 0x2, 0x8, 0x0, 0x9, 0x1f, 0x0, 0xfffffffffffffffd, 0x7fff, 0x80000001, 0x5, 0x7, 0x401, 0x6, 0x4, 0x100, 0x6, 0x1000, 0x2, 0x400, 0x0, 0x478, 0x5, 0x0, 0xfff, 0x0, @perf_config_ext={0x5, 0x1ff}, 0x8, 0x5, 0x7, 0x7, 0xba, 0x4, 0x47d}, 0xffffffffffffffff, 0x0, r3, 0x1) fallocate(r2, 0x5f, 0xffffffffffffffff, 0x329e5d84) uselib(&(0x7f0000000100)='./file0\x00') 15:18:30 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1667.246949][T12107] FAULT_INJECTION: forcing a failure. [ 1667.246949][T12107] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1667.260236][T12107] CPU: 1 PID: 12107 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1667.268074][T12107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1667.278146][T12107] Call Trace: [ 1667.283144][T12107] dump_stack+0x172/0x1f0 [ 1667.287508][T12107] should_fail.cold+0xa/0x15 [ 1667.292152][T12107] ? fault_create_debugfs_attr+0x180/0x180 [ 1667.297980][T12107] ? retint_kernel+0x2b/0x2b [ 1667.302584][T12107] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1667.308327][T12107] should_fail_alloc_page+0x50/0x60 [ 1667.313538][T12107] __alloc_pages_nodemask+0x1a1/0x900 [ 1667.318932][T12107] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1667.324769][T12107] ? fault_create_debugfs_attr+0x180/0x180 [ 1667.330592][T12107] cache_grow_begin+0x90/0xd20 [ 1667.335457][T12107] ? fat_parse_long+0x921/0xb70 [ 1667.340324][T12107] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1667.346948][T12107] kmem_cache_alloc+0x64e/0x710 [ 1667.351818][T12107] fat_parse_long+0x921/0xb70 [ 1667.356605][T12107] fat_search_long+0x3a9/0x1350 [ 1667.361547][T12107] ? __this_cpu_preempt_check+0x3a/0x210 [ 1667.367179][T12107] ? retint_kernel+0x2b/0x2b [ 1667.371799][T12107] ? fat_parse_short+0x2320/0x2320 [ 1667.376911][T12107] ? __mutex_lock+0x45d/0x13c0 [ 1667.381674][T12107] ? retint_kernel+0x2b/0x2b [ 1667.386275][T12107] ? vfat_lookup+0xe6/0x530 [ 1667.390779][T12107] ? retint_kernel+0x2b/0x2b [ 1667.395465][T12107] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1667.401099][T12107] ? mutex_lock_io_nested+0x1260/0x1260 [ 1667.406644][T12107] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1667.412106][T12107] ? __this_cpu_preempt_check+0x3a/0x210 [ 1667.417833][T12107] ? retint_kernel+0x2b/0x2b [ 1667.422431][T12107] vfat_find+0x10e/0x140 [ 1667.426701][T12107] vfat_lookup+0xf6/0x530 [ 1667.431031][T12107] ? vfat_find_form+0x110/0x110 [ 1667.435890][T12107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1667.442137][T12107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1667.448473][T12107] ? security_inode_permission+0xcb/0x100 [ 1667.454542][T12107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1667.460982][T12107] ? security_inode_create+0xe4/0x120 [ 1667.466359][T12107] ? vfat_find_form+0x110/0x110 [ 1667.471211][T12107] lookup_open+0x6cd/0x1a50 [ 1667.475728][T12107] ? vfs_link+0xb90/0xb90 [ 1667.480254][T12107] ? path_openat+0x1445/0x4630 [ 1667.485023][T12107] path_openat+0x14ac/0x4630 [ 1667.489614][T12107] ? save_stack+0x23/0x90 [ 1667.493945][T12107] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1667.499750][T12107] ? kasan_slab_alloc+0xf/0x20 [ 1667.504513][T12107] ? kmem_cache_alloc+0x121/0x710 [ 1667.509539][T12107] ? getname_flags+0xd6/0x5b0 [ 1667.514218][T12107] ? getname+0x1a/0x20 [ 1667.518297][T12107] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1667.523694][T12107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1667.530383][T12107] ? debug_smp_processor_id+0x3c/0x214 [ 1667.535848][T12107] ? perf_trace_lock_acquire+0xf5/0x530 [ 1667.541659][T12107] ? retint_kernel+0x2b/0x2b [ 1667.546264][T12107] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1667.551897][T12107] do_filp_open+0x1a1/0x280 [ 1667.556404][T12107] ? may_open_dev+0x100/0x100 [ 1667.561095][T12107] ? __kasan_check_read+0x11/0x20 [ 1667.566214][T12107] ? do_raw_spin_unlock+0x57/0x270 [ 1667.571345][T12107] do_sys_open+0x3fe/0x5d0 [ 1667.575763][T12107] ? filp_open+0x80/0x80 [ 1667.580017][T12107] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1667.586087][T12107] ? trace_hardirqs_off_caller+0x65/0x230 [ 1667.591807][T12107] __x64_sys_creat+0x61/0x80 [ 1667.596398][T12107] do_syscall_64+0xfd/0x6a0 [ 1667.600903][T12107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1667.606802][T12107] RIP: 0033:0x459879 [ 1667.610699][T12107] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1667.630320][T12107] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1667.638846][T12107] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 [ 1667.646824][T12107] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1667.654797][T12107] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1667.662767][T12107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1667.670740][T12107] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000006 [ 1668.017992][ T26] audit: type=1804 audit(1567610311.114:132): pid=12312 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3631/file0/file0" dev="loop2" ino=611 res=1 [ 1668.054307][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 15:18:31 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x40000000, 0x369e5d84) 15:18:31 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x200000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:31 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x100) fallocate(r1, 0x3, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r4}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r4, 0x7ff}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f00000000c0)={r5, 0xa1}, 0x8) 15:18:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x600}) 15:18:31 executing program 3 (fault-call:8 fault-nth:10): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) [ 1668.070697][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1668.081004][ T26] audit: type=1804 audit(1567610311.144:133): pid=12313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3631/file0/file0" dev="loop2" ino=611 res=1 15:18:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1668.163382][T12317] xt_check_target: 6 callbacks suppressed [ 1668.163395][T12317] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x700}) 15:18:31 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x300000000000000, 0x0, 0x0, r0, 0x0}]) [ 1668.327135][T12530] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:31 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) fallocate(r2, 0x0, 0x0, 0x369e5d84) [ 1668.452728][T12529] FAULT_INJECTION: forcing a failure. [ 1668.452728][T12529] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1668.468312][T12529] CPU: 0 PID: 12529 Comm: syz-executor.3 Not tainted 5.3.0-rc7 #0 [ 1668.475768][T12540] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1668.476142][T12529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1668.476148][T12529] Call Trace: [ 1668.476171][T12529] dump_stack+0x172/0x1f0 15:18:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1668.502499][T12529] should_fail.cold+0xa/0x15 [ 1668.507135][T12529] ? fault_create_debugfs_attr+0x180/0x180 [ 1668.512946][T12529] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1668.518421][T12529] should_fail_alloc_page+0x50/0x60 [ 1668.523637][T12529] __alloc_pages_nodemask+0x1a1/0x900 [ 1668.529027][T12529] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1668.534767][T12529] ? should_fail+0x56/0x852 [ 1668.539289][T12529] ? fault_create_debugfs_attr+0x180/0x180 [ 1668.539310][T12529] ? __kasan_check_write+0x14/0x20 [ 1668.550288][T12529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1668.556544][T12529] cache_grow_begin+0x90/0xd20 [ 1668.561324][T12529] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 1668.567061][T12529] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1668.573319][T12529] __kmalloc+0x6b2/0x770 [ 1668.577658][T12529] ? trace_hardirqs_on_caller+0x6a/0x240 [ 1668.577677][T12529] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 1668.577696][T12529] tomoyo_realpath_from_path+0xcd/0x7b0 [ 1668.594574][T12529] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1668.596489][T12642] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1668.600845][T12529] tomoyo_check_open_permission+0x2a8/0x3f0 [ 1668.600862][T12529] ? tomoyo_path_number_perm+0x520/0x520 [ 1668.600876][T12529] ? retint_kernel+0x2b/0x2b [ 1668.600915][T12529] ? tomoyo_domain+0x10/0x160 [ 1668.630404][T12529] ? tomoyo_domain+0x55/0x160 [ 1668.635102][T12529] tomoyo_file_open+0xa9/0xd0 [ 1668.639807][T12529] security_file_open+0x71/0x300 [ 1668.644845][T12529] do_dentry_open+0x373/0x1250 [ 1668.644863][T12529] ? chown_common+0x5c0/0x5c0 [ 1668.644877][T12529] ? inode_permission+0xb4/0x560 [ 1668.644891][T12529] vfs_open+0xa0/0xd0 [ 1668.644904][T12529] path_openat+0x10e9/0x4630 [ 1668.644921][T12529] ? save_stack+0x23/0x90 [ 1668.654337][T12529] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1668.672126][T12529] ? kasan_slab_alloc+0xf/0x20 [ 1668.672137][T12529] ? kmem_cache_alloc+0x121/0x710 [ 1668.672150][T12529] ? getname_flags+0xd6/0x5b0 [ 1668.672168][T12529] ? getname+0x1a/0x20 [ 1668.682718][T12529] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1668.682733][T12529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1668.682749][T12529] ? debug_smp_processor_id+0x3c/0x214 [ 1668.682764][T12529] ? retint_kernel+0x2b/0x2b [ 1668.682778][T12529] do_filp_open+0x1a1/0x280 [ 1668.682788][T12529] ? may_open_dev+0x100/0x100 [ 1668.682806][T12529] ? __kasan_check_read+0x11/0x20 [ 1668.682824][T12529] ? do_raw_spin_unlock+0x57/0x270 [ 1668.708244][T12529] do_sys_open+0x3fe/0x5d0 [ 1668.718267][T12529] ? filp_open+0x80/0x80 [ 1668.727410][T12529] __x64_sys_creat+0x61/0x80 [ 1668.737515][T12529] do_syscall_64+0xfd/0x6a0 [ 1668.755208][T12529] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1668.761107][T12529] RIP: 0033:0x459879 [ 1668.765030][T12529] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1668.785291][T12529] RSP: 002b:00007f9b16aabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1668.793797][T12529] RAX: ffffffffffffffda RBX: 00007f9b16aabc90 RCX: 0000000000459879 15:18:31 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x845d9e36, 0x369e5d84) 15:18:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x4000}) 15:18:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1668.801767][T12529] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1668.809731][T12529] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1668.817698][T12529] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b16aac6d4 [ 1668.825670][T12529] R13: 00000000004bfee4 R14: 00000000004d1de0 R15: 0000000000000006 15:18:32 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x400000000000000, 0x0, 0x0, r0, 0x0}]) [ 1668.908929][T12648] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:32 executing program 3 (fault-call:8 fault-nth:11): mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:32 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0xff00}) 15:18:32 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x500000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:32 executing program 0: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x9, 0x0, &(0x7f0000000140), 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) fchdir(r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x3, 0x0, 0x369e5d84) 15:18:32 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xf6ff0000, 0x369e5d84) [ 1669.135610][T12861] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1669.144726][ T26] audit: type=1804 audit(1567610312.234:134): pid=12863 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3633/file0" dev="sda1" ino=17688 res=1 15:18:32 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:32 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x700000000000000, 0x0, 0x0, r0, 0x0}]) [ 1669.319370][ T26] audit: type=1804 audit(1567610312.414:135): pid=12917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3634/file0/file0" dev="loop2" ino=614 res=1 15:18:32 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xffff1f00, 0x369e5d84) 15:18:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x1000000}) [ 1669.387986][T12947] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:32 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:32 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:18:32 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000280)='./file0\x00', 0x40) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x100, 0x0) memfd_create(&(0x7f0000000100)='/dev/sequencer2\x00', 0x3) write$FUSE_NOTIFY_POLL(r2, &(0x7f00000000c0)={0x18, 0x1, 0x0, {0x9}}, 0x18) fallocate(r1, 0x3, 0x0, 0x369e5d84) accept4$packet(r2, &(0x7f00000001c0), &(0x7f0000000200)=0x14, 0x1000) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) write$apparmor_exec(r3, &(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/16], 0x10) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f00000004c0)=0xe8) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r6, 0x400454ce, r8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r10, 0x0) r11 = geteuid() mount$fuse(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='fuse\x00', 0x10000, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r8, @ANYBLOB="2c626c6b73697a653d3078303030303030303030303030306530302c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c6673757569643d63610061643065392d363436332d353753342d3837642b2d39663c34403914392c7569643c", @ANYRESDEC=r10, @ANYBLOB=',obj_type=/dev/sequencer2\x00,func=FIRMWARE_CHECK,seclabel,subj_type=vfat\x00,uid=', @ANYRESDEC=r11, @ANYBLOB=',ob\x00\x00\x00\x00le=/dev/sequencer2\x00,\x00']) [ 1669.548185][T13088] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:32 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x800000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x2000000}) [ 1669.658061][T13137] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006500) 15:18:32 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:32 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xffffff0f, 0x369e5d84) [ 1669.693786][ T26] audit: type=1804 audit(1567610312.794:136): pid=13199 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3635/file0/file0" dev="sda1" ino=18747 res=1 [ 1669.699840][T13137] FAT-fs (loop0): Filesystem has been set read-only [ 1669.795147][T13208] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x3000000}) 15:18:32 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0xc00000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:33 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000640)) accept$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000000), 0xc, &(0x7f00000009c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB, @ANYBLOB="04002abd7000fcdbdf25", @ANYRES32, @ANYBLOB], 0x4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) openat$cgroup_ro(r1, &(0x7f0000000b00)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xedV\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) lseek(r2, 0x203ffffd, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) write$P9_RXATTRWALK(r2, &(0x7f0000000080)={0xf}, 0x20000357) mremap(&(0x7f0000433000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f000007f000/0x1000)=nil) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mq_notify(r2, &(0x7f0000000600)) fchown(r3, 0x0, 0x0) memfd_create(&(0x7f0000000680)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80', 0xd862eb6f7b1edd05) mq_notify(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) fchdir(r0) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r4, 0x3, 0x0, 0x369e5d84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040)={r6}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000024c0)={r6, 0x7}, &(0x7f0000002500)=0x8) creat(&(0x7f0000000040)='./file0\x00', 0x1) r7 = getuid() syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x7ff, 0x5, &(0x7f0000002380)=[{&(0x7f0000000340)="e46587074bfe9e7e56d3f099ff95d600bd2193fbcaec67e8227c293f5f1740dc7f10395508ad4293a64a486443bbd8963104c74662ae2d9007b33332d2e47e5715a9e91e1b70202b62c332706e0ba227b637d3bcc8c3e53c18b0f487839c804980aa891f9135243955239d728ae260f5e599e6a17e121afb626e2fdf32ff7b68916fab9ba435a609a09a9369c7a0493e85ff892ad7ea716ca384a3d64e9611470513a19b78efc7c685d298aaf46d93eac5e415fc2cb36d02c5b717bbdb6c635bebd47d5e6f6f0372f411b61a5b378f47485311d77b1d3f2cd9f707b342aefdba83dcacd0eb1d9e8ef508b455cb87b76cf2efc6ffc03ead6e15fd4f370ab823d4aec3f64d6a9cd0ad4ef2018c114f098b7609609e0a09c8aff41ed48ef433d2f0b71978f6483058a3c6cd57ccef4980ca639a4bb22a6bc1e3356fded89d69a336484fa44a4ecef553aa271f70290b166cd8df6f45708cd3c90194e9073626482960062aa0f876f2cccb0856f286ec2398b746638ee29eb052fd073f8745308f53be48273fdcf5f631c9e50f936783702edd990cdc86a9b50c8c2530157b38034a97c1842a7ea5fcfbacecba2b9ed93f49505d4090236ea0b1f58e9efd149458c0aa21a8ef867f5db4b802fb54ae5669bc20b736d06b8c2a68ba423b38e4a14eabcd96045a937d75ed9f6ee2e61a6967bb838360ce84673cf2816ed17fef699b4039b8434aa92dac0d7b129d923a5f2f474d12294f2af306434a6ac247a47f34126e9fb9f44dd7d560083842f07820c9e5a9a94c909e4882bebae332f7e1bee1edc9beccfc6018647a166e3e4244b7ad3aaf93f78249758df537a6d6e76de964fad260e6bb430e0a2a9df12de89d0c26064bf301f48d5f5e1448f548b60ac7c8a2a8f19b6c3b2432569c456b83421dc6c157868e8aed0a86fde5fd17e178e5da86d7c6b8274ca7d418cfbf959f211d5fba826a7d4ded63e214aba0733ec71f23bff4d97cd1c547a7f5d5930129e075893d5991c32601a07bbf22e8e12e5429bffb2ccb52db051296ca034dab03d92ee0d4aa56c0dc4404e919724344317c2bb06ccf241ed9bd4c2dc2c41918c6ec825460254eb470fd172f72c592ce78fe9dbb1a1bcb7198bf2d66fa5400841d7f33c67d667f7735118c03af570fec859e76da4dc2567a37ae3dd778c66e39fd7f992ad3dc8fbe8d3a0d877a7865a548fa678b5bfda5e1621e1922dbe73832e7377675da0432fff1c50cbdff487180221b70fddd1fc4e94924e60325e29fc138ff8a922c3df3a3c5d7fc0767c67b1d08ece6540f10fbd0dc59e25e3024046e41ed8e52b266470c28b42071d5acb8c6cbc56947c0c1ac0b75c3e02fae1d0293f92aeab7db0558675f707599a5fc141a465970c9488680d0a01cf7d145a4327c49b1c5579c9438a7d985ba1e23ef3463273bdd7977952f813f8240ff96062d6ee30bbc7500ca0fb442485dfe235063162d5a4542fe82cd3e3af05acbe874c0e77ccf685adbd2529bdc25e996203d903969bfcdde94136ada0ab2877aa31d3af606ef05315dd02225fe9fea2f58e698ed29671ada648b1fd968bae71b028d16f7dfa72aafd96e26f50b55255d6c46aa80d7666b89e37abe264dc89a6cc6388b61f943e555a7876b548892a7a5bd091597a3f6e0775beb09f003de3c771dd604bd61bf992003a3077e1952e6d795d6faecdb2b518924124c025036bf4a0ec7daa063d8eb7092b4c3a199d522f477a365b89ec0f38d60cca1c4a383a2cc36ea68975c64203121ce150bbdaaa2f4b642bc13f42e8b4b2f634c60f38159d3ede285d384449b97fbe2127c6fa26455ab37796b36022e7b6ada47e17a8af053d3b6518cf7a3e4839c8f45f43fda6b1aeed156ee3ba68e6387a7252ea0efbbb39a6ee89312979fa289ebd4461e0f9ca1ede6626b7331a0720182effce24bccacf472ff5edaabbb7bffb3408fd67fe959e1955b8ef67d6344cba5e0bfb438bc20b16dcbc7ff0a2de8ef63f2f338d9cc49c3d6241100701e3317fd01a302c6691f6b2b4213163d21b454eaa9962a1165b6f0837b4db7c94bf51ea9846a9d3374c2bfce09e22351a02c8d56123ec75cf4be937f48fcbcd4d6c98f579e0cc580d847d717659eb7285220cb5470679ca08b0a93b107708442b930411d9ff264a008d319bbb0fe0083813db27670741514f22f7fa6a95198ee8c5b58a8ee883f4fd11372adca739621ba0981c241a651f0249550e8d098e6676c2c091d5fe51037acb1be204d9fa000fe2bf7c04effb35b0edfa3ced10fcfef101637b96c13c85f0e32a71a5545772fa7a03d103732444049f0fd58892cb91feebafdcdf17b7f314ad2cea17dd85e5ed83f171e40bde59dcfdc5d42a73486cde9c2fc5a3dfda6c0546f67fecc2a0006a27c043a23ff42edf6c20604196b7a3117854073c31151112d6844067b5bf4e1782564459e8fc0c390e108694ee0498edb84a74b7d5f0662c8baf61fe14140a2297d50fbab269f6d259551ecaf089498a0ad0bd4447445d918a9e0986e69301d63bcd3499bb9444a789eaa14a78b2a520ca550ff78c0abd45e00f759470d2a845e1f0f1b49875d614449b6d865683389ae1ad62287e42af4bd5a7fb9802dfd06988dfb1f281d90b32c63f37b3342ce2b4c2d8f442142800d2efbc129a256546b870cf94a36dbb52db5b96920868b47a5ab117a84f2b1bc34941da74fe480cf9ea38b4a43c13155eb4b38a32590b87eedc25fe63c4de1aca0516a4a46d6bacc266f73add0a05c0c43614156ca6a3f5ca079a3fef336064b0f9aea340563f31736ac173880039a903b6a0efe9f9572d8582644ca440453c87ce3424fd3314eeb7777cbe7993fb639d2ab8c901a30e2b15ed5417b519eaeed098c91c194ffc545b54df498b46b6f85ab8f082c5be526327c12816658b339ecb80c376cb3f7cbddcb7f99fc633d401c9f93f2803f5604e1004dee76ad280f0836a91b611c761d9186a97a6f468a2384b5fe510c872a0470b636daaa9b118cbe9986461fa47a34c54f69fea3ffb93656733daea26b7a3b45e1c7e0b4e7d2752b8741276734931cac01af2cd3bc2a44a2e1c9e50577e7cae73ccbada8aa29d269029c0a58f1c430b97c18b91f353b013cba7ff4391c56a5aadd3ca72d1ae469bc1a75085cab0fe16e0341b6b336267a4694ff9742be321d1306f0aae42afb83cbda0d39b07b78f4d1b0973e620a01e9f098584084f608b81bd53974252597e6768d42138a5d4530e853dada7c9e51e09be3cb9295daff79f75d3a8e685bc6bc80b313d40fa8b6da08aba277c604e873fc7d9a15a1ba93405ab94f26e47ac243a2e55a8a11628096a60b7e9dea22d4c87c2dcbfb0710240ab63234b54fb3bacffc9d5fdfe97bf05b21d3730a23465455d73637305ac630a487d1f5b9fd1cc0650bb5743407e978a5bfa400d7fcfe6f30d76fd1f700cd9cc7a65b1c854f5aa155385f3c499e85a5e4d080c9c6ccd0c7b985956690868c33935b06a9a8fe4077bc0f6bb6411ddb72ab1131e936f163f69a9771d4de29e33757871915bc3aa6e7e3afdbb1a6e6273e02bbb6913beda65b516f1713b15e4033f6e193107e7aafecae8a4102a3875ab0d4de8a48e745c682a329d8cf99ddf59ca1d162f6d9ceb3a49cef35ce0098f8cd17b0a374730e6cf656f8ebc11173a51a8f322eef6dbbcb57b0f0dfbfe9e8d3097fb7d18437c02430fc154e71eba5414432f57c4df9ef88d0c2d108be8c8f06d56ac00427cc69ba22407a8ca58c3acfa123d73454d962d77f410ee46ea3e351910e70066bf11d3a5cdc049fa7f4745eed59a60c927785250d7766818a321476eb2e4e4fd58bcbd97e260b37b048d0c88a159b075a7461dd5d85520bdb853500c1f9e3c4054da7b877ce2f4c1958ac9816b78cd8129e1dc4d82122d8993c12bdffe3593646e97865ea8ac478c1b71ecef2263e866339e51678c4540b216ca22370ed73fa4d2fb3b6b128680a363cbfdd005ab11b31750129303ebe9ee12c44edd60ba51218aa0ff42eeb31efcd11beca16e01ea14e599d0aefc2310524718cec99eb40ca6d5277bdb44849492044e0f08b2454f146a95c570aa6895861fc48ea722d85cf57c99841696ca59c9b53668f80ccc8fb9290283077a3f38d60b534f1a9a9ce7aab1ade4b4b7bbea8f9105e7792ecc7bf2c506bdf7effc25f29b856f5f5946424aa7d9959ed8aa4327c91433881a1618204243f86a97bc36a169ac3c124ace80e117dbab63334bc893c364c65a548cbd87e036a671d8283a4812142243ed65c8daf0e9d8df5b090f3d09909af85a53e75bc964419bb23ea00c1603dc4b3c2a6084d2f0aacd0fe5abb9ca8f8d6b6ccf41ca24c702a73c0941f4b53173288128c9b5123d9f8c4c7b0937d0a0f7c445d25bacf5351f7d7ddc7e396b438fdccd196afdc3c00f95c5ed945b783b2c0e27a7e5048e702646b3f8a4ceca89f90c56aae9dd88b6fdefa337f59f13ff1e58c448f7ca8257c3cdd59a2739d334c34a631703d6ea1fc1e866f8eb59fd45a4e81dcd8bee767e536fc3b5b7d92e2e367f649bd4cf7ed749cdb944d344acffa9b27ea11b21e9905691cbe9263bf0c9819a341a6884e6edf61c6240769f6516965e4fbe03de774553af741192a2d2087de74154e36ca9b3ec74422212b99f580307ee4e2ee043433aa045b321a26e40ff5ded3f513018870c240c65b9b499229c7d94eca017caf0d673222093540d1a8bacf9a90fa6a4a04e7f9a30cad78f8ec2eea15ea9e3a6fe7b119e6a049cf90c80f5f9e946ba448b93b819c56889ab5822a230a58fae9c15279bdb16afbb159a622ae5575cb7ffb9eb38cd449c088ab85a0eb7786e013dab5a01db8d26085362cc8f03256a827b819aa280f496f845bfd6315c5d2bf970bacece1b875b3262cc0f439c1a745105f249a7e45847cc272d26f8b4b3b04f653447e4365ecaf3092ba6dc8adba687bb7da6fd5c15a2eb7269b19e56b3c3819769e5704b9b1681e2a43130fb2768c57c6bfa0b6b5ea123a8c9719ca3cd57b86367bbdc606814be4f0ea75c5e3098d6b9d8e2034a98eafac691d91963f55fa38400e193e033072350c534d73c15ddc7f3765409cefac466c8d364e029a730ffed4b2226a7c478ecfba1d2a0446a29aadd7fcdd62aada70e2d9404db59e135102e862745f6b9c17e8d87935edca12a529f36e2277186c06a4a9305deea2721717f026117320f495149fdd0eb27812d803ecd27967cd4c4f6a95b2712515ed26fb78aff188eff2df23bd58ca34ab74aefb9704084bbafd2c36d9eca36fb811f02d13c390d908917024610398da3ae8138f65323fb1c2bfdeef227746b15729628df8f4b8c97735f761045a424a56a8abd9159525c6936e513d7979c4efe8715df33dfcbcdb11337df41ef48e638888cc68fad25751143bcb1ade8b115fd69528277107aadfc70c4dbb4582c1d23dc8a36917a2d53d466c27c39f72374954fe4551d4725c81b51ada66f36bab6351d13dab3c9bf7448ca8e0834feb9c0fe735a6cfe082013995c50055f2ce1e21aab215d972aba23aba06e5aa119f5284b7cc8f55365ba145814dadd74d6300f77f9ddd621cd71fb480ce6c8e00cec7239d164d47eb9eec6007171be033a4120fba81916eb5b4318dde778d94a5e77cd48da65e704d10c2bab5b6ae86ddfb9af8e48491ebcbc6506523c81a1ca901ef0f601afcee450650f8832245141cea68790800511ba7a31cc812e7ba535f676f071c153fb78502", 0x1000, 0x177000}, {&(0x7f00000001c0)="81bc18d87a01608ef5efc78e7fda9e8c7e1fad7815bd3ec36b5ed44b53bf193f11df01e1dd6c3af6c473565e68", 0x2d, 0x8fc}, {&(0x7f0000000200)="ae8b5207b281eabfe0560b117428116cc75466fe0d36e738cc577327f962fec6d78cd06ec4b0801874a1435e01b7aac744716a7383655e76a5ea55e88ce9a56b2c3cf2fd5e1214e1944bc7ba77f790f2c7ba3b0e9b669b6a8f9bb1143e429cfc0e9d27ab2bd20dc537c32444c801963a78f9f4208159b0230b837ad029149c2af660650ddbd547e733cf52de7088da27bc5a58b63aea3d6bfc9c8112dd3a705ab9dcbafab8b46722381ee8c0bf6d1d44d38ddac78e107e662efcc9ca982b0bbbf20a77ac299c1b7ccb10d7bc8e4d31dc697e6e6aa1dc6b96875b9580a9b28393d0b257f36068bac3b21ce452ec2ad7", 0xef, 0x6}, {&(0x7f0000001340)="abe97ccd09d3baaa55a13258c8ce99a8bfd5ba4ef7af2e353afd41ec04cbcba1695b1dd49407cd503a44e9bc735a8c70bf6f043552457e4b763992f26b5b80248715409b134b09e07fb714ffb6ed3456a2261a0f02f8bdca2f1293f0db6535a7671327e51f3916f8acaacc2dada7b9feb76ca83ad84d0b83ce44dc92ed12483aba436c07a4a74501965b3aceecc23ea2046239e4f6257264cea310a0710560608c13778806ad80b60928d594a7bcb7326adb485eb8593191bb3fc647dd88c2dc517e6f800987ad1f75345fb3c07ed99dcafff89cb17efb2609834886b05e28fe2ac1da3b5ee87e4903e78bef5b6a059ac1ef2872275cd00fd64baded5c59e36fc9d5bfa062eaa2e4aef9c131cf783e9404ab3a9774acef82bd3c5b85b7303da0c4d51571d4f9250c718293beea717e513997ddd9ec6d81ceb0c83ad98401da670f4cee24e2ca5a3b893aa4f0c6b6af3f3ec6271f9df428751a757b88561555616617083417719f4cbade9de5f88de71f67476a32f69462286574ff332bbadda03784c41b62d1af0949a5d1ad00b2c3c8522ee4b065a55ef0c8dacda54170289c18a94d8fcd830e18d0fbe0039dd0187441215e3e427da410a8d1e210a24323529df976f973f79bce8ecaddeef3085bd0a1894294c4d1884459ee2e54d341d78ac1d583726ddb929850ffe3ae948c3370e65d912d1acf705970bf42e4a695554205bd8ca985049641698f2868e7140d4b9102f3a8612158c02881869bf85d88bdfb33a804620dd8fb3daf47d332e1cc591d90e6ed2d634757e9db0002288b4eeae8c0f3725a961f0562817b91cde569952ac268d377cff532b8a5ed32c7e2b35b28bb9430f2589f7d174ccd4456efbd15372166ffe445a6da4afccaa1b1c32f507b841bfe39c3e49c6d4e31728eb82b9c103cba1661e01c2542db983c0980d64add93caf7fb6e86dda7ddd9849276c7cac332b950878a4e3d2a63ecbb68d2777f8769067e77597651bb75ff90b75c42dabf45344e477e7a69136a5cca013b4215130d90e63b0ad21ea094bd1b1712e3dbedfaba7a97e040613c60a055b3f4ecc0835de698da9b857a824554eaa05dc8bf1e4d1b4403b796528030d606f0a9f05fc90182fc2f0f40cef588354619d1fb53bcf4d059835e33e17e8636f8325ae0f61af8cc44d5acac4b3f74ca5b6d2d260fda10331ace2aa5f550106ed7ebb054336aea63cbbd19b3a32b79d6bcab0677b807635308dde2da5cba73d28574949081ea4d933bf90a51185cddbab413301568e8585e086cbb929565a727b67469203be8ff609de1bc1ca55fe7cc5ff3b8c0151104b267eb23e4a15223663099e8d72de1cb67d0c126d7081bc749e4494ff2dfc6f19bfc12da81dbc6baa82b4b95fd795f83619620f688c40fe4175c7cc4039544f7bdf58c99fa9bf96d39fe8b3faffc853a8a87fda6f8105d1c643d25cc682ee1e19b28157fab2e4c6455f72ec3b065b994478e3c9e85241c5d1eca0e4c7992e80b9547ceb8539abc24dc0888f15cbd2840673d3515f684e16235ca8465cbc654ac25e61446061c0b815871f1c2702bcc66bab81f656b0e84797856ecf8fbe6355d92c4ec16dadc25b115ce1934c373ebaf68b516b5dd180c0146046740edad12d03ac19e41613bf35de0e340611bfd28dccbb89e8bc0f516e039f49bdefe4afd51d2d86cd6eed54b4c1a9441a614e9d0a535a5bf8ba1fcee2067bd1f57fd0e4f48ca4b1567002104e669faa878a06d63e2f0d5c0f776ef29f72d37e376310eb61999c3773d1ccba0a72020dd530ee1280eeeb9641276a179d3f2cb745209732f3e8a11124be4237449d8cc109d4bf097e85f13828cd167a34bf50d53709e6fabeee38f0db608998f7827200551618da078f1d151a1d7f32e793ff41b6ccd49b8e3bafe1d757633e581b7e9be71264e233a44ff8299c188625f6cf9cfba828f79e8abbd6fb6b8ec3f5b7f6900dc57c4e8b75ac2d32de4d0655af82fa015877f67bc08eb1349975c9f42f9785f473708a5de15106e4a8ca0afbeb94d116671f50e5cf79ae34381110585b725a5f0116934601c90f2207a194e2109c69ab85f1b4c23ae12889ae85b70c0a6dc51b0d9e75ce283c45667805dfebf9a7c2bbee189c6c1ea5c91538cdc9751aea2a003b21a0d17b77b7f94e37cb36d0614d99d681fe6db75dadc49b4c9c5df038cb44c80eb3e960f4b38e95400ebbd2e211c037c12e133e572ed046797224c7640a251e9fef30d850386967b187da7d5a4e408e6a6845e6e7e6a4c3cd0616878cb33cb685384426ab7a51686d44f49bfddb5279f082fbf635a7f2ec80dedb8569abd7f1f3b23c177e75cf5dbd4495d258eb57a6f40d07eff287a27c7a0f442638121fcd2b0bfcef93e000acd79bed50d7ede2a0d8bb4cbc5295674679722082fab0f82923d5cc91416004e52058b7edca31da0d746c6c72509a6ccfd9fcb64f023fa5d2c4bcab4d9c4c865b3f45db7c40d1c3f5debb796a42105b7a273badea3dbde46bb0a65927988e85248a3bcd1464a809e4eaf6ce0ef23516d692ec9ce0148baee8638c51b8135667e46a2ea2d9c22e3b15bd03309e224b3390a58e655b8d79abc71dff4d208a56964f3918f50835ab7d45f9f188dd0fc40a2621bc09ec8b3f7f3ea0fb47317d391e1eeb5a35334ed1d3d3e97920f537d02893afa1e2715d07a011737f18fd2e5e650956b58e2c5aa0b5cefca2a0750859e648e6a4d717d2bdf170710b8c24f51c9521af51a34367eedee468a937acd17b3773db2fb76becbef057831c5f9ca47c318fcc9f78f01fe6591110c26078684cdb83b91610be7dc807565bffe2189f9368a9c62f9c494913881dd9307d39fed0e5fc2523757302454544703c9cca6126c92575231732cb5424f3bca665c2c5dcc69634d2974f6eb3a920782108970e144cb87b850d2949c011909d35c732e09cf4edab6629009edd3bd98b7b2b7cd388c3396091881d1e3957b4637a1de2e99f8f6408be33df2245e69ef6db6cf084f90241f1688c7b2a1505f13d0ea2a4ef41c45abb395a6e0e8399e297c2ea15b8b66568926b84c4931d3f713f96ad602c0ea4ee7b7b8ce2268fbf45ae3d8af0ad61c197d0c1123166234c6bd8b6e2740ba9d06227b5d92ff6a4a5542caccfe31722e3a4b8dfbba5474f38f0ea8f028534a758b25e9824d2abf7e84cd35cd9deee279a88c85ef87999c57f0b5363dfe4a0420fe2a91a45c45b58e0a319d620012a0f7dbd8812844d60f4e62e0fcce8ef5fd86d32a7a5a611e3b37d48d97937b732cac1f6fefcb0618148c11d8ce49359316ad416a531c41f58ff92d65d4873537f66f8243376e279d262d30a8504e56d9d3f02fa751e8bb5cb0295186abca1b6716eb419afd5c298872c2ac195b4da6f359bdf952e8e48a0f6d8fd798d8eb6c5fb47263e795e031c9c499956e5d8611c60ec471af707b7024e3ee44d707cc737b6c25dedf77073c29da3c5a947270a8ac4b797e343dabdad60d551ed572ff85fad29b8cbcc6cf917f1da788edd5da207b34fc693469b4118bce750bc7ff38c30e399a0af77ecb48f7351b6e4ff83c1d238d470813daf76db279b35e006ef88c4f14563af445c5dadb32a4d495c5172f18c618358ed4f8e710c515c793a5f599d5b915829d21095c6084cd49e0b39f1aff40e5e7b0d0fab3e39989f2d0d7f0d32ecaa04aa36417b0d22e10d7c16ca82722455631d57b8f9e4bf27a7434711cf46845654881d9c514709e00641bed08f77834804f8fc4725215c204ca2f29e5bd87372545b1a3ba7926118799aaf44b1a762f024d194a25e91f9d81314c2114544a53425b7ac7f14d53b95f347c78e6fa0d74636669c2b5f96087432bc74b4178f83c6f9894bd045e7b276c68eec09d4d7a1617473f516daf79b9bbd0051c7735abe18b868fecb6fe435ec6880432d53a84f88782c2af4deeb0f32a765127a747f43fa6c41424fd0dcfe73f71ea6e953947ed1a79b551d8c4442588e69f61c349a2460063c28a8e4c5b0355237083ce49e34b443b6c1f6f331bdf089b7eae518dfd78e8716ca058934f3a893f280ed53ad84fc8cbdc47c05c6660394275236cbac81a212eb3fdbf65ad9a545a71030012f2ef188fc2db3ae450a8738dfcaf687b242453ef3f5bcb8a66a1d4dd99795f78d335789098cee4b008203eec6e322a8310e5b146848872c20f4ccd2a819a78ed273a82e9ac62834dfd7c0be6e046934e11f9b6fe63c5eb3d6c23335d8715f134d2b536c280794713cb0bfe0441da2dfd01ec7affdc20823774134e2a2d8c2d3e4470533af60a5ddbe131a39d8fd0a551a6a9d767f9c9eb76c8ec4dbfe8c1d053936dbddb01c0ffd31a250514e4e9f48f0be379d74084e358e2ecae76bc79813e7d9faf35cd779c1a1ad10f1d22a847dc827e553bb937676668374d5893bbcb741a4481fb4b630d0b0c03998aae219b244e2f89bc10a2229c8f0a35ce078d538580e050b002abe4d02bc262e700679cd6cb0871b5b1cb379b681ef154419bc967bc090b04bf390eae24f093a4b48a4c8e4273801bf4b07fb6df18f80058165a4dc8661787c11426beb48ac1029c9e8fe1328d8303c27277f4ecfde127d3e83d0b82914945c2d61801ff71ee62876cd2796cf8fbe8653bf26e2453a5a9f98cf5a32c043a934a020aa1d4f5449b4c42e0789186cbcd02e758b09441661f1576cbb3c6090f4029aec34cfd0c18150a2a3ac89002055298061e7bfa878ef4d581376ea6232ab828ae345d119dbdb49233af2d2008263f228475df78e159144ff8e3cbd50a0017eb0626185992ad9f803b02c0b3c10996204970ddf24c7483f9435ae21269a93f0ee86667c218f1d52fcbd6f6cb8144123b91f740d381e6d26bceb080211043ddd520fe537a71b970029229c6e0a57a78a418cd5de9ae30bcb389c524dd0a3f5c63b50de517185b6d23c5d12368ea95cb858179d45809e532059cb081d04a1d45dffd56c79d5f8bded63b646130d68088a08e617fa2d44f88dbe6e4a6aee48894b749ecfa8e633f13dc240f0588de4abe1bbcc519eea220c636c42f08b3147078308635562ca0274666a9c4ddac7c07730615ec306f31699f2afc5f0d7ec7c586cbe01aea86f98ccfcf027e385b202207d9abe6a87060c8eb40c071f39d73431c4a7f5f57111b7ee9e4f5498974ac71f9e1d77cee05a7519561508f952d719c0b561f1c8b02f761596deed366c58b41e9c3f2404953708ead4fb10a53967bb61289d7ab1211e39e097ab3ab33fe774bfc153d87678ac8ca4d2ccd06440b61a1c6dbb123da618238dedd4eae145367c74ffe85529def4ce663fa774a5203b89a98766951a497bbf1e599a2737c894200ce111799bfe58fb3cc79a0a2216a3bda40c2ae3c857036780412287526192eff7d443600cb138663982a3771d86ca0650cd2427a79a4afa5bc64c5a66296361833eba87b21540ec7fa2fa3b4466ff5c1ca491f16eba25d93f00bfd75cb0579b02ac1bd4e3f3d2ca3855cc4a5aa3d95b46d09e34dba9eb5fc142d2038037a69414604a22ff498773b935fb0a9109384ed9ba8a5237afb1dbd5cc09b19209833c33511749a171290ec36daa45d7a89ef446998f84f52e6112521e1fede2a5cbcbbd896ffb724f36bf7ee015d7e813efe8e37033c55e0f937674a892f8dba0515f7c2104c8e1526d60631223830c07dfca6d53865ed14b5e021162ed06d16d347cad52a6eaa24257d8d5db44a22948ccd20d5ee106a13309fffb55ea3", 0x1000, 0xffffffff}, {&(0x7f0000002340)="2533a0f22c8ed74d5331598b", 0xc, 0x6fc}], 0x2, &(0x7f0000002400)={[{@numtail='nonumtail=0'}, {@shortname_winnt='shortname=winnt'}, {@utf8no='utf8=0'}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}], [{@fscontext={'fscontext', 0x3d, 'root'}}, {@fowner_lt={'fowner<', r7}}, {@obj_user={'obj_user', 0x3d, 'vfat\x00'}}, {@smackfshat={'smackfshat', 0x3d, 'vfat\x00'}}, {@seclabel='seclabel'}]}) 15:18:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:33 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x100000000000000, 0x369e5d84) [ 1669.992246][ T26] audit: type=1804 audit(1567610313.094:137): pid=13413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3636/file0/file0" dev="loop2" ino=618 res=1 15:18:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x4000000}) [ 1670.095077][T13519] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1670.215145][ T26] audit: type=1804 audit(1567610313.314:138): pid=13627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3637/file0/file0" dev="loop2" ino=619 res=1 15:18:33 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x2) 15:18:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:33 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x3800000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:33 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0xfffffffffffffe01, 0x80) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:33 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x200000000000000, 0x369e5d84) 15:18:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x5000000}) [ 1670.342215][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1670.374598][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:33 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x4000000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:33 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000040)={0x0, 0xffffffffffffffe0, 0x1, [0x100000000000]}, &(0x7f00000000c0)=0xa) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1670.549839][ T26] audit: type=1804 audit(1567610313.644:139): pid=13868 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3638/file0" dev="sda1" ino=17683 res=1 15:18:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x6000000}) 15:18:33 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x300000000000000, 0x369e5d84) [ 1670.816924][ T26] audit: type=1804 audit(1567610313.914:140): pid=14148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3674/file0" dev="sda1" ino=17282 res=1 15:18:34 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x3) 15:18:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:34 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x8000000000000000, 0x0, 0x0, r0, 0x0}]) 15:18:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x7000000}) 15:18:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) fallocate(r1, 0x3, 0x0, 0x369e5d84) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f0000000040), &(0x7f00000000c0)=0xc) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)={0x0, 0x0}) fcntl$setown(r2, 0x8, r3) 15:18:34 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x700000000000000, 0x369e5d84) 15:18:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x8000000}) 15:18:34 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0xffffffff00000000, 0x0, 0x0, r0, 0x0}]) 15:18:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x20000000003, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000007c0)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, r6, 0x5, 0x0, 0x0, {0x12}}, 0x14}}, 0x0) sendmsg$TIPC_NL_NET_GET(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xeb9e99aadd326461}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0xfc, r6, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9e1}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK={0x24, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffffffffffc00}]}, @TIPC_NLA_LINK={0x84, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x60850000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x782417dc}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffffffff}]}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4008014}, 0x20040951) 15:18:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:34 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4) 15:18:34 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xd00000000000000, 0x369e5d84) 15:18:34 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x2, 0x0, r0, 0x0}]) 15:18:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x40000000}) 15:18:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xffffffff80000001, 0x80) write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202e2f66696c65302070707031776c616e30656d313a202f6465562f696e7075742f6d6f7573652300207d2d267070703120232e25202f6465762f696e7075742f6d6f7573652300200ae2cbdbb16b861f8ab5e938578b2d38c8fd7585dd547d58cfd3be294e28a082fff6da9394d615ea9e2c71b1dc7bb8b7fb8475feb16e0926478253a7d2000234cf6eed0e4e53c7c90b62b21e9ab33b34d329c8ded030dff11d7125096afcaa41a46e39078b1b722dbaf40ef5347eed6d7ac104a26c6918d1a1b546afcb28c4c3ec3466ed623081c319826c42ce9d056688cf53305ced5909ba831e60364478afdaeb96ee58d039c8cd46c04f3592bf60c926ccd8add43cea8aabea"], 0x106) 15:18:34 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x1200000000000000, 0x369e5d84) 15:18:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x2, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:34 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x3, 0x0, r0, 0x0}]) 15:18:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0xfdfdffff}) 15:18:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x3, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x110) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) splice(r4, 0x0, r6, 0x0, 0x20000000003, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) splice(r7, 0x0, r9, 0x0, 0x20000000003, 0x0) close(r9) getpeername$tipc(r9, &(0x7f00000002c0), &(0x7f0000000200)=0x10) bind$alg(r2, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ecb-cipher_null,sha512-generic)\x00'}, 0x58) r10 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r10, 0x0, 0x20000000003, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r11, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r11, 0x40045532, &(0x7f00000001c0)=0x8000) write$nbd(r1, &(0x7f0000000340)={0x67446698, 0x0, 0x2, 0x2, 0x1, "363a6d0c86329d0325e5cb50ffa060c61e10a5f2143f1497248790c400198954b508488934c1eb62d0eb27b62cb2e10b660baa79777dd8c2b5faf70d0dcfc8f144800c010fe76d4155ca81cdd82427086657a1b1bec56c2ba8635f1a75646522134eb8c72e3b06ba914816b7745123b63b94428b2cc04f9a73de7920e105154cd290b6e0d83a9a3da3e04f14d56022d50494e222363e2636e84fd58a83736cc14762984c5bd2cd38d6c64913675a693fe651d9e35df280c9fdf0fc77c9d2887048d715d067774cce760561e3fc8f14c156c4606aede8eb2429e2825b9ed42bbe12a013db6a58d79a8822c08db4ceb621549680986ba4370a"}, 0x108) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f00000000c0)=0x20) prctl$PR_GET_TSC(0x19, &(0x7f0000000040)) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1671.830226][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 1671.830240][ T26] audit: type=1804 audit(1567610314.924:145): pid=14813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3642/file0/file0" dev="loop2" ino=626 res=1 [ 1672.008647][T14938] FAT-fs (loop0): bogus number of reserved sectors [ 1672.019256][T14938] FAT-fs (loop0): Can't find a valid FAT filesystem [ 1672.155784][ T26] audit: type=1804 audit(1567610315.254:146): pid=15040 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3676/file0/file0" dev="loop3" ino=623 res=1 [ 1672.185566][T15040] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1672.194750][T15040] FAT-fs (loop3): Filesystem has been set read-only 15:18:35 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5) 15:18:35 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x3f00000000000000, 0x369e5d84) 15:18:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0xff000000}) 15:18:35 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x4, 0x0, r0, 0x0}]) 15:18:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:35 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000180)={{0xff, 0x442c, 0x4, 0x80000000, 0x8, 0x8}, 0x2cbf, 0x2, 0x1, 0x6, 0x40, "5d4f6759e58bc3f3a0969acf483e1a6d60b47189b66598a68c4ce35549da2d5918a28c4015a70f11d700113bd926ad4ac5fcacf974d5c716e02ef90c40a12230c1176f7cb34bb6d6d8e7bc4fa482b25bca3722ee5343930c4340586a598b191a25d9547da22e192203ddb945e697291ec8cdd510d01a4f917a0a6f46d2b0b806"}) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x5, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:35 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x4000000000000000, 0x369e5d84) [ 1672.491572][ T26] audit: type=1804 audit(1567610315.594:147): pid=15075 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3643/file0/file0" dev="loop2" ino=627 res=1 15:18:35 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 15:18:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0xfffffdfd}) 15:18:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:35 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0) ioctl$VFIO_CHECK_EXTENSION(r1, 0x3b65, 0x7) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x3, 0x0, 0x369e5d84) [ 1672.711468][ T26] audit: type=1804 audit(1567610315.814:148): pid=15268 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3644/file0/file0" dev="loop2" ino=630 res=1 [ 1673.019006][ T26] audit: type=1804 audit(1567610316.114:149): pid=15477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3677/file0/file0" dev="loop3" ino=629 res=1 15:18:36 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x6) 15:18:36 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x845d9e3600000000, 0x369e5d84) 15:18:36 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x7, 0x0, r0, 0x0}]) 15:18:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x100000000000000}) 15:18:36 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x85dd6f4a5eb72a2a) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x3, 0x0, 0x369e5d84) [ 1673.273656][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1673.282604][T15484] xt_check_target: 13 callbacks suppressed [ 1673.282615][T15484] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1673.303051][T15484] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1673.313831][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x8, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1673.332858][ T26] audit: type=1804 audit(1567610316.434:150): pid=15634 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3645/file0/file0" dev="loop2" ino=632 res=1 15:18:36 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x88000, 0x0) fchdir(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x20000000003, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000180)={0x6, 0xc9, 0x7f, 0x0, 0x11}) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r4, 0x3, 0x0, 0x369e5d84) setxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f00000002c0)=@v2={0x2000000, [{0x7fffffff, 0x6}, {0x10000, 0x4}]}, 0x14, 0x3) 15:18:36 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xf6ff000000000000, 0x369e5d84) 15:18:36 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x8, 0x0, r0, 0x0}]) 15:18:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x200000000000000}) 15:18:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0xa, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1673.451950][T15696] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1673.612208][T15712] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1673.638686][ T26] audit: type=1804 audit(1567610316.734:151): pid=15763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3646/file0/file0" dev="loop2" ino=633 res=1 15:18:36 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x7) 15:18:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x300000000000000}) 15:18:36 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xffff1f0000000000, 0x369e5d84) 15:18:36 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0xc, 0x0, r0, 0x0}]) 15:18:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x11, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:36 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000240)='/dev/swradio#\x00', 0x1, 0x2) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000280)) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000040)=[{&(0x7f00000000c0)="eb3c906d6b66732e666174000204010002000270fff8", 0x16, 0x8000810000000000}], 0x2000000, 0x0) r1 = syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x2, 0x0) fsetxattr$security_selinux(r1, &(0x7f0000000140)='security.selinux\x00', &(0x7f00000001c0)='system_u:object_r:dpkg_exec_t:s0\x00', 0x21, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r2) ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, &(0x7f0000000100)) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x3, 0x0, 0x369e5d84) [ 1673.734282][ T26] audit: type=1804 audit(1567610316.784:152): pid=15827 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3678/file0/file0" dev="sda1" ino=17693 res=1 15:18:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x48, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1673.820029][T15923] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x400000000000000}) 15:18:37 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x38, 0x0, r0, 0x0}]) [ 1673.973933][T16035] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4c, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1674.025222][ T26] audit: type=1804 audit(1567610317.124:153): pid=16047 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3647/file0" dev="sda1" ino=18799 res=1 15:18:37 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0xffffff0f00000000, 0x369e5d84) 15:18:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x500000000000000}) [ 1674.149268][T16249] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1674.296819][ T26] audit: type=1804 audit(1567610317.394:154): pid=16355 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3679/file0/file0" dev="sda1" ino=17720 res=1 15:18:37 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x8) 15:18:37 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = timerfd_create(0x9, 0x80c00) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x6ea67ad8da24e120, 0x0, 0x369e5d84) 15:18:37 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x300, 0x0, r0, 0x0}]) 15:18:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x60, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x600000000000000}) 15:18:37 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d83) 15:18:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x68, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1674.391107][T16362] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:37 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c9000100002000270fff800"/22, 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:37 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x500, 0x0, r0, 0x0}]) 15:18:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x700000000000000}) [ 1674.534076][T16571] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6c, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1674.697423][T16584] FAT-fs (loop0): bogus number of reserved sectors [ 1674.707381][T16584] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:37 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x700, 0x0, r0, 0x0}]) [ 1674.780167][T16739] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:38 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf) 15:18:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x800000000000000}) 15:18:38 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x74, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='sit0\x00', 0x10) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)={0x14, r4, 0xd01cb83f3faa9aff}, 0x14}}, 0x0) r5 = syz_open_dev$mouse(&(0x7f0000000380)='/dev/input/mouse#\x00', 0xffff, 0x2) setsockopt$inet_sctp_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f00000003c0)={0x1, 0x4, 0x2, 0x7, 0x0, 0x80000000, 0x4, 0x9, 0x5, 0xd1, 0x4}, 0xb) sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x44, r4, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x2}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}]}, 0x44}}, 0x40) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r6, 0x3, 0x0, 0x369e5d84) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r7, 0x8008af00, &(0x7f0000000740)) r8 = dup2(r7, 0xffffffffffffffff) setsockopt$inet_dccp_buf(r8, 0x21, 0x0, &(0x7f00000001c0)="8867a88e404915517eae5017dbdb36d7fac6b8e20116df750fcc08033343be01c34bd75e7ece0fb751cf56dbf3c5f7f131a84739e7b5be393b0baaf424b2416a8ed7730729d95e79a3a231e94e8e", 0x4e) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000040)={0x7, [0x6, 0x2, 0xffffffffffffffff, 0xffffffff, 0x4, 0x81, 0x200]}, 0x12) 15:18:38 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7a, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x4000000000000000}) 15:18:38 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d85) 15:18:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x12100, 0x0) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r3, 0x800455d1, &(0x7f0000000100)) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000040)=r2) fchdir(r0) r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) fallocate(r4, 0x3, 0x0, 0x369e5d84) ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f00000001c0)={0x0, @bt={0x5, 0x6, 0x0, 0x757ba46b00f8ca18, 0x4, 0x4196, 0x1c, 0x976f, 0xfffffffffffffffc, 0x1f, 0x2b29, 0x4, 0xffffffff, 0x9, 0x10}}) 15:18:38 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x88, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0xfdfdffff00000000}) 15:18:38 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) close(r2) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f00000001c0)={0x2}, 0x4) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r4, 0x3, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) splice(r5, 0x0, r7, 0x0, 0x20000000003, 0x0) close(r7) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r10 = accept4(r9, 0x0, 0x0, 0x0) splice(r8, 0x0, r10, 0x0, 0x20000000003, 0x0) close(r10) getsockopt$inet_sctp_SCTP_ASSOCINFO(r10, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x1d03, 0x2735cc90, 0x6, 0x200, 0x2d}, &(0x7f00000000c0)=0x14) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r11, 0x7fffffff, 0x8}, 0xc) [ 1676.861705][ T4572] device bridge_slave_1 left promiscuous mode [ 1676.867942][ T4572] bridge0: port 2(bridge_slave_1) entered disabled state [ 1676.915269][ T4572] device bridge_slave_0 left promiscuous mode [ 1676.921701][ T4572] bridge0: port 1(bridge_slave_0) entered disabled state [ 1678.901122][ T4572] device hsr_slave_0 left promiscuous mode [ 1678.940760][ T4572] device hsr_slave_1 left promiscuous mode [ 1679.005552][ T4572] team0 (unregistering): Port device team_slave_1 removed [ 1679.019207][ T4572] team0 (unregistering): Port device team_slave_0 removed [ 1679.037284][ T4572] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1679.118152][ T4572] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1679.229518][ T4572] bond0 (unregistering): Released all slaves [ 1679.357389][T17423] IPVS: ftp: loaded support on port[0] = 21 [ 1679.455275][T17423] chnl_net:caif_netlink_parms(): no params data found [ 1679.536565][T17423] bridge0: port 1(bridge_slave_0) entered blocking state [ 1679.560721][T17423] bridge0: port 1(bridge_slave_0) entered disabled state [ 1679.568704][T17423] device bridge_slave_0 entered promiscuous mode [ 1679.592172][T17423] bridge0: port 2(bridge_slave_1) entered blocking state [ 1679.599290][T17423] bridge0: port 2(bridge_slave_1) entered disabled state [ 1679.609389][T17423] device bridge_slave_1 entered promiscuous mode [ 1679.653449][T17423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1679.672541][T17423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1679.713734][T17423] team0: Port device team_slave_0 added [ 1679.721098][T17423] team0: Port device team_slave_1 added [ 1679.783163][T17423] device hsr_slave_0 entered promiscuous mode [ 1679.820979][T17423] device hsr_slave_1 entered promiscuous mode [ 1679.880688][T17423] debugfs: Directory 'hsr0' with parent '/' already present! [ 1679.908586][T17423] bridge0: port 2(bridge_slave_1) entered blocking state [ 1679.915709][T17423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1679.923122][T17423] bridge0: port 1(bridge_slave_0) entered blocking state [ 1679.930189][T17423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1680.050828][T17423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1680.074252][ T7080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1680.082701][ T7080] bridge0: port 1(bridge_slave_0) entered disabled state [ 1680.100937][ T7080] bridge0: port 2(bridge_slave_1) entered disabled state [ 1680.123530][T17423] 8021q: adding VLAN 0 to HW filter on device team0 [ 1680.145507][ T7054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1680.155962][ T7054] bridge0: port 1(bridge_slave_0) entered blocking state [ 1680.163060][ T7054] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1680.182990][ T7080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1680.192328][ T7080] bridge0: port 2(bridge_slave_1) entered blocking state [ 1680.199712][ T7080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1680.213461][ T7080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1680.239218][T17423] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1680.270726][T17423] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1680.283907][T29135] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1680.297094][T29135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1680.306137][T29135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1680.319846][T29135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1680.329030][T29135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1680.349708][T17423] 8021q: adding VLAN 0 to HW filter on device batadv0 15:18:43 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x400000, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:18:43 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x300, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:43 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0xc00, 0x0, r0, 0x0}]) 15:18:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0xff00000000000000}) 15:18:43 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x13) 15:18:43 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) keyctl$chown(0x4, 0x0, 0x0, 0xee00) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) prctl$PR_SET_UNALIGN(0x6, 0x1) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x98) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000500)='veno\x00', 0x5) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000740)) syz_open_dev$media(&(0x7f0000000340)='/dev/media#\x00', 0x1ff, 0x2002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r5, 0x0) sysinfo(&(0x7f0000000240)=""/147) setuid(r5) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x40042409, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000540)) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) r7 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f0000000400)="585ccbc4ed83b836c1a6474914dc5500b602c02bc7218a91690000000042e3d35228897507000000000000006ff0022b8753a1fa748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec24c53d86571ff5ff70e48884ca000018cea71fcfac1700b986f40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000"/192, 0xc0, r7) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xe172, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000004c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='-lowerdir=.:file0']) r8 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r7) keyctl$search(0xa, 0x0, &(0x7f0000000040)='trusted\x00', &(0x7f00000000c0)={'syz', 0x1}, r8) creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0xb187f319be900d5f, 0xfffffffffffffffe, 0x369e5d84) 15:18:43 executing program 2: mkdir(0x0, 0xa39378cf9050c367) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3b00000001000000ff"], 0x14}, 0x1, 0x68}, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000000c0)={0x1968, 0x100000000}) fallocate(r1, 0x488ad0d0c4d7499c, 0x0, 0x369e5d84) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) pause() r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0xfffffffffffffffa}) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000200)=r3) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) [ 1680.669240][T17441] xt_check_target: 3 callbacks suppressed [ 1680.669253][T17441] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:43 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x500, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:43 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x2}) 15:18:44 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x3800, 0x0, r0, 0x0}]) [ 1680.917610][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 1680.917624][ T26] audit: type=1804 audit(1567610324.014:160): pid=17660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3682/file0/file0" dev="sda1" ino=18828 res=1 [ 1680.959509][T17659] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:44 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x600, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:44 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x300) [ 1681.113296][T17808] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x3}) 15:18:44 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x4000, 0x0, r0, 0x0}]) 15:18:44 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x44000) io_setup(0x3, &(0x7f0000000100)=0x0) io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r3 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x1, 0x6200) getsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000340)=""/82, &(0x7f00000002c0)=0x52) io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f00000001c0)="20032f48ff868cf9751ba20379b883ea310ae40632a7e4455975b79b969eb4c3952f9ecfdb92a2aead30236e3246f5c8ef23d6ed92640b6ffea490a17ba5f398f076c98d68b22b2c88b33522b52e5d1bfdfecba82eff6bc55cd9f0693880ee0e5023f2dd7f571d082631c8a1c3251cc07db8f2f03634f62e5796c6ebea19b32be9ef1da319709cb2a58343354d911d0334df3aedf14a40d2721595b10c4fe8dabaddd06f33c099611ac0275b147197592367aeb08d60f17844a935c9467a6e7a1837217d073eaddc07fd51e2c1778540c6202d552d62896d08a505e0a95d4a", 0xdf, 0x75ae, 0x0, 0x2}]) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r5, 0xc0305602, &(0x7f00000003c0)={0x0, 0xfffffffffffffffb, 0x2008, 0x1}) fallocate(r4, 0x3, 0x0, 0x369e5d84) 15:18:44 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x700, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x4}) [ 1681.305747][T17962] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1681.475835][T17985] attempt to access beyond end of device [ 1681.490762][T17985] loop0: rw=2049, want=130, limit=112 [ 1681.508347][T17985] buffer_io_error: 249 callbacks suppressed [ 1681.508358][T17985] Buffer I/O error on dev loop0, logical block 129, lost async page write [ 1681.553956][T17985] attempt to access beyond end of device [ 1681.559718][T17985] loop0: rw=2049, want=131, limit=112 [ 1681.574312][T17985] Buffer I/O error on dev loop0, logical block 130, lost async page write [ 1681.600745][T17985] attempt to access beyond end of device [ 1681.606482][T17985] loop0: rw=2049, want=132, limit=112 [ 1681.615856][T17985] Buffer I/O error on dev loop0, logical block 131, lost async page write [ 1681.624761][T17985] attempt to access beyond end of device [ 1681.630469][T17985] loop0: rw=2049, want=133, limit=112 [ 1681.642697][T17985] Buffer I/O error on dev loop0, logical block 132, lost async page write [ 1681.654649][T17985] attempt to access beyond end of device [ 1681.660377][T17985] loop0: rw=2049, want=142, limit=112 [ 1681.666536][T17985] Buffer I/O error on dev loop0, logical block 141, lost async page write [ 1681.678853][T17985] attempt to access beyond end of device [ 1681.689744][T17985] loop0: rw=2049, want=143, limit=112 [ 1681.698417][T17985] Buffer I/O error on dev loop0, logical block 142, lost async page write [ 1681.712599][T17985] attempt to access beyond end of device [ 1681.723239][T17985] loop0: rw=2049, want=144, limit=112 [ 1681.731393][T17985] Buffer I/O error on dev loop0, logical block 143, lost async page write 15:18:44 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) 15:18:44 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0xa00, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:44 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x1000000, 0x0, r0, 0x0}]) 15:18:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x5}) 15:18:44 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x500) [ 1681.774116][T17985] attempt to access beyond end of device [ 1681.793102][T17985] loop0: rw=2049, want=145, limit=112 [ 1681.818860][T17985] Buffer I/O error on dev loop0, logical block 144, lost async page write [ 1681.827839][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1681.841484][T17985] attempt to access beyond end of device [ 1681.844293][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1681.847353][T18198] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1681.867752][T17985] loop0: rw=2049, want=1697, limit=112 15:18:45 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x1100, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:45 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x2000000, 0x0, r0, 0x0}]) 15:18:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x6}) 15:18:45 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$void(0xffffffffffffffff, 0xc0045878) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) link(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00') [ 1682.012722][T18308] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:45 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x2000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1682.116861][ T26] audit: type=1804 audit(1567610325.214:161): pid=18327 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3684/file0/file0" dev="sda1" ino=18831 res=1 15:18:45 executing program 2: r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) ioctl$RTC_AIE_ON(r0, 0x7001) mkdir(0x0, 0x20) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) tee(0xffffffffffffffff, r2, 0x2, 0x2) fchdir(r1) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r3, 0x1, 0x0, 0x369e5d84) 15:18:45 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x600) 15:18:45 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x3000000, 0x0, r0, 0x0}]) 15:18:45 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000040)={0x80000001, 0x2, 0x800}) fallocate(r1, 0x3, 0x0, 0x369e5d84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000380)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@remote}}, &(0x7f0000000480)=0xe8) getresuid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) syz_mount_image$erofs(&(0x7f00000000c0)='erofs\x00', &(0x7f0000000100)='./file0\x00', 0xf81, 0x2, &(0x7f0000000340)=[{&(0x7f00000001c0)="1878d7deef5fe3df", 0x8, 0x7}, {&(0x7f0000000200)="2f8185453336f25d769118d593237ffd755238617af1c6eb4432cd2e7f43e6794007df408a3efb930480b11fe3cf8dd2d99cd3b96ac8735de4005a72239fbbd9787cbb863dacc8fa93bc428333acb5b402652a97a4ccdc7be8e006a5e0457fc0b74723111027789dabf53ee63d0c8d750c160b0998bcd318aa2ffbe910ba7635785615db5b6032f4848bb450059b40dec31f29f00d8f7a3b924b4121530e3e16a3d481fd13e0df0cec56d60b3e8825738c4fd97aac4201aaf94f03f37e7e12d0ed786a9d4c3db4eb65e368c9c404b88bf12123c4df5be4bbc822b226cf015c66", 0xe0, 0x400}], 0x8, &(0x7f0000000580)={[{@fault_injection={'fault_injection', 0x3d, 0x80}}, {@nouser_xattr='nouser_xattr'}], [{@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@euid_lt={'euid<', r3}}, {@smackfsdef={'smackfsdef', 0x3d, 'vmnet1vboxnet1'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@hash='hash'}, {@euid_gt={'euid>'}}, {@measure='measure'}, {@fowner_eq={'fowner', 0x3d, r4}}, {@measure='measure'}, {@audit='audit'}]}) [ 1682.200197][T18471] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x7}) 15:18:45 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x3f00, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:45 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1682.441452][T18533] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x8}) 15:18:45 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x4000000, 0x0, r0, 0x0}]) [ 1682.558955][ T26] audit: type=1804 audit(1567610325.654:162): pid=18525 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3654/file0" dev="sda1" ino=18811 res=1 15:18:45 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d83) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) readv(r2, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/170, 0xaa}, {&(0x7f0000000340)=""/222, 0xde}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/123, 0x7b}], 0x4) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000740)) fchdir(r3) 15:18:45 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x5, 0x42) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) [ 1682.641722][T18746] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x300}) 15:18:45 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4800, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1682.756943][ T26] audit: type=1804 audit(1567610325.854:163): pid=18745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3685/file0" dev="sda1" ino=17784 res=1 [ 1682.851591][T18927] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:46 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x700) 15:18:46 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4c00, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:46 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x5000000, 0x0, r0, 0x0}]) 15:18:46 executing program 0: fcntl$setsig(0xffffffffffffffff, 0xa, 0x34) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x2, 0xb75dedde65740e7d) r1 = socket$bt_bnep(0x1f, 0x3, 0x4) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0x1, 0x204041) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000700)=ANY=[@ANYBLOB="060000000000000000f00000000000000300000000000000", @ANYPTR=&(0x7f0000000800)=ANY=[@ANYBLOB="2126f55475be96e85b7ddd17c2007ed2b62d3f19572e0f5a7b768a43198e0ebb0cecbe79e303dfcc0c1fc9165a31e953595ded71424120d9ec97dc093082b5bfdf61f0ffbfe4efe7747f0ce9c15bc5698347c6ccbc3a75f4bc5f1efce4909beb7bf9b3a23c02a0fd3d74f704d25a26111059916eb8cf9b0cef6965c4baf6d93c59b6337d6fbd30a7ce2389fe02afe49937438377c7c5c979ca01afa45ceac4ca1bfe1b1fc72494e47f9063568150914ce7e5439d3553be746e5949a2b1d889e04c952ab10e0dcc6d9fc1"], @ANYBLOB="00000000000000000030010000000000db00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/219], @ANYBLOB="00000000000000000000000000000000a600000000000000", @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/166], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000500)=ANY=[@ANYBLOB='\x00'/64], @ANYBLOB="00000000000000000100000000000000b400000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/180], @ANYBLOB="00000000000000000030000000000000fe00000000000000", @ANYPTR=&(0x7f0000000600)=ANY=[@ANYBLOB='\x00'/254], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)={0x0, 0x3, 0x2, 0x2f2c}) fchdir(r0) syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x60000) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x4, 0x5, 0xf7}, &(0x7f0000000240)=0x10) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000000, 0x100010, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) splice(r3, 0x0, r5, 0x0, 0x20000000003, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000002c0)='scalable\x00', 0x397) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r6, 0x3, 0x0, 0x369e5d84) 15:18:46 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x500}) 15:18:46 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x7000000, 0x0, r0, 0x0}]) 15:18:46 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:46 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x600}) 15:18:46 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6800, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:46 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) socket$inet6(0xa, 0x5, 0x9) 15:18:46 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x8000000, 0x0, r0, 0x0}]) 15:18:46 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6c00, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1683.676736][ T26] audit: type=1804 audit(1567610326.774:164): pid=19505 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3686/file0/file0" dev="loop3" ino=641 res=1 15:18:46 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf00) 15:18:46 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x700}) 15:18:46 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x4200, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r4}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000240)={r4, 0x7, 0x7}, 0x8) pipe(&(0x7f0000000040)={0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r6, 0xc08c5335, &(0x7f0000000340)={0x620, 0x0, 0x4, 'queue1\x00', 0x2}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x400) r8 = accept4(r7, 0x0, 0x0, 0x0) splice(r5, 0x0, r8, 0x0, 0x20000000003, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000400)=ANY=[@ANYBLOB="5b4e4c649a35ec1fbe668da5829b2d9eb1df4b15befc2e37823c7d3b4b8ac4346822b90e060a80fcc1821e7c194413914beab936538d9e130d47ff60c91967efecd13baec4c37029b7691c403902969a6268ab629e06ef4ea2cbab82e403142113ce9ca9ba8bee11", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r9, 0x84, 0x66, &(0x7f0000000040)={r10}, &(0x7f0000000280)=0x8) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0305710, &(0x7f00000000c0)={0x1, 0x93, 0x5}) setsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000040)={r10, 0x7, 0x6, 0x68, 0x4, 0x9}, 0x14) 15:18:46 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7400, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:46 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x100000000, 0x30081) write$vhci(r2, &(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 15:18:46 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0xc000000, 0x0, r0, 0x0}]) [ 1683.731477][T19506] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1683.740031][T19506] FAT-fs (loop3): Filesystem has been set read-only 15:18:46 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7a00, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:47 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x4000}) 15:18:47 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x38000000, 0x0, r0, 0x0}]) 15:18:47 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = socket(0x400000000010, 0x2000000000000003, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=@can_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {}, [@CGW_LIM_HOPS={0x8}]}, 0x1c}}, 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:47 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x8800, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:47 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0xff00}) [ 1684.236973][ T26] audit: type=1804 audit(1567610327.334:165): pid=19846 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3687/file0/file0" dev="sda1" ino=18818 res=1 15:18:47 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf58) 15:18:47 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x40000000, 0x0, r0, 0x0}]) [ 1684.615390][ T26] audit: type=1804 audit(1567610327.714:166): pid=20050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3688/file0/file0" dev="loop3" ino=644 res=1 15:18:47 executing program 2: mkdir(0x0, 0x407a3a925453745c) syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x6, 0x20000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) syz_open_pts(r0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x7d}) ioctl$VT_RELDISP(r2, 0x5605) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0\x00', 0x10) fallocate(r4, 0x1, 0x0, 0x369e5d84) [ 1684.656853][ T26] audit: type=1804 audit(1567610327.714:167): pid=20051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3656/file0/file0" dev="sda1" ino=18846 res=1 15:18:47 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x200000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:47 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x1000000}) 15:18:47 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) setxattr$trusted_overlay_nlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f00000002c0)={'L-', 0x9}, 0x28, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x20000000003, 0x0) setsockopt$packet_buf(r1, 0x107, 0x0, &(0x7f00000001c0)="4480899f780129b07f6901a21adc6bb8b0da44e8150a8f5331ab12d4014acf120131877e66e6ab0de278e3141316df6221790e6a6a3b0797133a9a8fecfd0424d1e0296fedd2e5d246c5f8af367ccce89f8208836431ddc53185e9e45d1aac14f218324b908b831e8ccefefaf5d6efafa4101faa962442fcb09726501e6efe0ee31b0f36e29261852798906930f433a731ee679e9ec8d14385a06591f9e0d93c348d51f9d73b9bb98e98699a842d0e8be09f57c0ab6fefd78919bbac140f555c59c7978847cc731afa65c6151c822373d0e5eb91a42952e154ee486e79fbf6bbc58c68d88ab9d78eed2fc634b3b85660", 0xf0) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r4, 0x3, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$can_bcm(0x1d, 0x2, 0x2) vmsplice(r5, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$MON_IOCT_RING_SIZE(r5, 0x9204, 0x23229) 15:18:47 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x7ffffffff000, 0x0, r0, 0x0}]) 15:18:47 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x1000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:48 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x2000000}) 15:18:48 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0xf0ffffff7f0000, 0x0, r0, 0x0}]) 15:18:48 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x2000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000040)) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x1214c0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x30, r4, 0x1, 0x0, 0x0, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6014000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, r4, 0x2, 0x70bd2d, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4801}, 0x800) fallocate(r1, 0x3, 0x0, 0x369e5d84) r5 = syz_open_dev$sndpcmp(&(0x7f0000000280)='/dev/snd/pcmC#D#p\x00', 0x6, 0x20000) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, &(0x7f00000001c0)={0x4, 0x7fff, 0x26df, 0xfffffffffffff2a9, 0x6, 0xfffffffffffffff8}) 15:18:48 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x1300) 15:18:48 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x100000000000000, 0x0, r0, 0x0}]) [ 1685.166984][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1685.263497][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1685.406296][ T26] audit: type=1804 audit(1567610328.504:168): pid=20486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3657/file0/file0" dev="loop2" ino=646 res=1 15:18:48 executing program 2: mkdir(0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0xfffffffffffffffd, &(0x7f00000001c0)={0x0, 0x0, 0xfffffffefffffffa}) ptrace(0x8, r0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) fallocate(0xffffffffffffffff, 0x1, 0x0, 0x369e5d84) 15:18:48 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x3000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:48 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x3000000}) 15:18:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000040)) fchdir(r0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x3, 0x0, 0x369e5d84) 15:18:48 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x200000000000000, 0x0, r0, 0x0}]) 15:18:48 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:48 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x4000000}) 15:18:48 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x300000000000000, 0x0, r0, 0x0}]) [ 1685.718345][T20697] xt_check_target: 11 callbacks suppressed [ 1685.718359][T20697] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2300) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000540)='/dev/mixer\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000002880)=ANY=[@ANYBLOB="02000ba4bc9afb892ac8316525f999e0e462c2e75b89cc5b1199004495a0eef9", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f00000005c0)=0xc) recvmsg(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000340)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000100)=[{&(0x7f00000003c0)=""/93, 0x5d}], 0x1, &(0x7f0000000440)=""/65, 0x41}, 0x40000001) getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, &(0x7f00000004c0)=0x7, &(0x7f0000000500)=0xfffffffffffffdde) r6 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r6, 0x0, 0x20000000003, 0x0) close(r6) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) setsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f00000001c0)="f1d6533503554e5d20b4bb3a5c6e9447146133a7efacfcb3eb036c96b49558944fcd30809604ccf36a7fc8dbbcbc6b44331094810f695ee22a832dddb035d2a7ec9ab67dfd90e42af95206c35501a99d87729e3ccc0ead13705fdd9a3eb22ddf1d7175890e1441dfe48e03b6d2d8c100a3d28c2ebf1366675a34e7f2d828099b4d42df01d9f3e6ee073045d4ba0622e106a3e4ec28c6fb4d477290dcab08943c0e87aecc57cfb876a48cb8d111d8a14f12d080fa492a3c5b04ca4576abb82acb6a99054d3f176dd6b5e1644079873e50c675ff57461d3f9cd53cbc5c901abc3ef3", 0xe1) fchdir(r0) pipe2(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f0000000800)={0x0, 0x0, 0x2080}) r8 = creat(&(0x7f0000000080)='./file0\x00', 0x0) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f00000006c0), 0x10, &(0x7f0000000740)={&(0x7f0000000700)=@can={{0x1, 0x271, 0x6, 0x1f}, 0x4, 0xa02b1d69a0ac50b2, 0x0, 0x0, "f6399b4cd32c54fc"}, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x8001) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000600)={0x0, 0x2, 'client1\x00', 0xffffffff80000003, "fafb52a9310736d5", "2517dd444726daa546eb7bf458aec97b49a29424d000661099eda7ebd74940eb", 0xffff, 0x9d64}) fallocate(r8, 0x3, 0x0, 0x369e5d84) 15:18:48 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x5000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1685.920998][T20781] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:49 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x2000) 15:18:49 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x802000, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:18:49 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x400000000000000, 0x0, r0, 0x0}]) 15:18:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x5000000}) 15:18:49 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10000, 0x831817f59b57322) ioctl$CAPI_GET_ERRCODE(r2, 0x80024321, &(0x7f00000000c0)) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1686.135738][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1686.138596][T20921] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1686.159018][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:49 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x500000000000000, 0x0, r0, 0x0}]) 15:18:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x6000000}) [ 1686.304781][T21031] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:49 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xc1fa9f75ec03252a, &(0x7f0000000000)=0x4, 0x4) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x3, 0x0, 0x369e5d84) 15:18:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7fffffe, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:49 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x700000000000000, 0x0, r0, 0x0}]) [ 1686.521061][T21196] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1686.557419][ T26] audit: type=1804 audit(1567610329.654:169): pid=21243 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3690/file0/file0" dev="sda1" ino=18857 res=1 15:18:49 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x3f00) [ 1686.741604][ T26] audit: type=1804 audit(1567610329.844:170): pid=20922 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3659/file0/file0" dev="loop2" ino=649 res=1 15:18:49 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r1, &(0x7f00000001c0)={0x8, 0x120, 0xfa00, {0x3, {0x3, 0x1, "3cc210332160ecb8abb24e57a28cd040722c99bf9e67d009416c4be97a1a830b73389bba43ffcaea05f68a401943ccbda523983eeed3f89324d77ba86baadbadf297dfc56e5e357ab7396a64f40dfbdead68614990180709b40b2bf16f9af1806ec8fd865f80415a58602782981628d99793ae2288f9c99d4db669853cd136825cf6c7eee297206119a36699ffebf5a1c041abe63c2f42a5072426f816e399e51c80fb642b31db4f68d62bffb571d05db1bbbb705e1c2f2786b10ec3589fd4e92c73225f4857b5895bf4311c9a8f4b4de5179a3f54d9b1b322ba6998d84247fd510f1d4932c523ee970eea7011ee1c379989a9b41e3870541961a746ec0131b9", 0xa4, 0x7ff, 0x7fff, 0x0, 0x100, 0x9, 0x20, 0x1}, r2}}, 0x128) openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x60000, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000380)='/dev/dri/card#\x00', 0x0, 0x2) fallocate(r3, 0x5, 0x1ffe, 0x0) 15:18:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x7000000}) 15:18:49 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x27, 0x1, @thr={&(0x7f00000001c0)="d0d12867d1d065f739d8a51e11826158847b776749bf82fec402aac72ba2d9420503a1583d2530ef3659b30e95cdf1aa10b4518ae2730bc9d0fe2db05141457cef122d7bd2b74b776da2b05d47953ad0042bc0af8dcf1193a6b33a54a6bd414b461a1beea0e44c346ed0a0395afbda9c2f8ef88f00e41c487e117b405e2103362ab73c8ce15084f6626190438e8a1e5c32cff43a1fdc5bafd01730d535f2c81277", &(0x7f0000000340)="6be75fa9e5c5be6175053774fb9d068a17102574d42f7f6db4a3034edf161f4a24de6282fe56ea3b27bf4e609aa4a30f672f92b385c9b404692cd7a21e738c84491cb237a501b065a1744cacf7ac36ad91ab8fc4208ad12bb30b1a4cb86132f6c66537d6d36e75fee89e2e0ca5843d21f80822ae4978ea7a5b66b720436aaa6235c7c66cf6cdae296eb0ae5f58079a6cab8d32612b0dd8d97c9d2b3e8af550a66b27c2b3f57b0601ed12ea7df72149d7118836178b55084055a28a9620c95dbded49df64033072cef3f91224123093c79081f5f903b52841ab79cc3f0f95256fa1aad26fe9df"}}, &(0x7f0000000080)=0x0) timer_delete(r1) fchdir(r0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r2, 0x3, 0x0, 0x369e5d84) 15:18:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x8000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:49 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x800000000000000, 0x0, r0, 0x0}]) [ 1686.875223][T21458] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:50 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0xc00000000000000, 0x0, r0, 0x0}]) [ 1686.978023][ T26] audit: type=1804 audit(1567610330.074:171): pid=21586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3691/file0/file0" dev="sda1" ino=17784 res=1 15:18:50 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0xa000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x8000000}) 15:18:50 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000200)=[{&(0x7f0000000240)="eb3c906d6b66542e666174000204010002000270fff843c62d5d6176c0463c0048dead1dd54c3000e14156a5f74970a719a805175a46e59ff42bd1f07d90936c3de2d2e51b143f2fc7aad5fa09f0331e74a3594fa6aa424f55b3bc84f090a27390345e90d67cf065c1a46bca8930cea505760bae77806ff030741ac27048a467aef89eb6fb0eab4ccbb5b3776217d67c06042d11f920fbac137875b4ba4f", 0x9e, 0xffffffffffffffff}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) epoll_pwait(r0, &(0x7f0000000040)=[{}, {}, {}, {}], 0x4, 0x38e5, &(0x7f00000000c0)={0xda51}, 0x8) fchdir(r0) ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x9d, 0x80) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:50 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000) [ 1687.126902][ T26] audit: type=1804 audit(1567610330.224:172): pid=21673 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3660/file0/file0" dev="loop2" ino=650 res=1 [ 1687.150334][T21675] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:50 executing program 2: mkdir(0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x4) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x1a06024, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x400, 0x1b5) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) recvfrom(r3, &(0x7f0000000340)=""/219, 0xdb, 0x20, &(0x7f0000000180)=@un=@abs={0x0, 0x0, 0x4e22}, 0x80) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r4, 0x0, 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r5, 0x0, 0x0, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-sse2\x00'}, 0x144) r6 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r6, 0x0, 0x20000000003, 0x0) ioctl$CAPI_NCCI_OPENCOUNT(r2, 0x80044326, &(0x7f0000000000)=0xfd50) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:18:50 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x11000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:50 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x3800000000000000, 0x0, r0, 0x0}]) [ 1687.271634][T21677] FAT-fs (loop0): bogus number of reserved sectors [ 1687.297101][T21677] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x40000000}) 15:18:50 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L+', 0x100000000}, 0x28, 0x2) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1687.384790][T21862] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:50 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x20000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:50 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x4000000000000000, 0x0, r0, 0x0}]) 15:18:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0xfdfdffff}) [ 1687.624418][T22031] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1687.643594][ T26] audit: type=1804 audit(1567610330.744:173): pid=21890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3661/file0/file0" dev="sda1" ino=18811 res=1 15:18:50 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x4010, r1, 0x0) fchdir(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x20000000003, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040)={r6}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)={r6, 0x0, 0xc9, "e572819b8bff2fecaf5ed74a22ccc79a36e3aeac83d850875c6c0cbee1747c3fe3dc1595c280017d3d8b87681feca84b7d1a6d7516b8c6c0c5ae7ca9e5b720e1b120f9584c78c6b0d618af3a8a53f62301192043fa935079771c3e2f2b0b3c89e6abccd2f2ec3ffba091085bfdd52d2438e75769215de9b5f483aff38e2f94009bdaf72cb2813c4140648f7a715f894df8d37d240bda1a14fbd14aa905334fd946059821eafea54f726ce3218fc751dd02911d7ec5d5cd03412672e3b219c9e882c2cc65e4bcc4379a"}, 0xd1) r7 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r7, 0x3, 0x0, 0x369e5d84) 15:18:50 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x80, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x13, 0xfa00, @id_tos={&(0x7f0000000040), r2, 0x0, 0x0, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f00000000c0)={0xb, 0x10, 0xfa00, {&(0x7f00000001c0), r2, 0x5}}, 0x18) mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r4, 0x1, 0x0, 0x369e5d84) 15:18:50 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x3f000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1687.830525][T22197] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1687.957294][ T26] audit: type=1804 audit(1567610331.054:174): pid=22230 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3692/file0/file0" dev="loop3" ino=651 res=1 15:18:51 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x580f) 15:18:51 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0xff000000}) 15:18:51 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x8000000000000000, 0x0, r0, 0x0}]) 15:18:51 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x40000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:51 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000040)={r3}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={r3, @in6={{0xa, 0x4e24, 0x40, @mcast1, 0x7}}, 0xee4, 0x1ff, 0x40, 0x8, 0x80}, &(0x7f0000000040)=0x98) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000000c0)={r4, 0x992b}, 0x8) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:51 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000040)={0x4, &(0x7f00000001c0)=""/191, &(0x7f00000000c0)=[{0xf8, 0xbe, 0x9b0d, &(0x7f0000000340)=""/190}, {0x4, 0xf1, 0x9, &(0x7f0000000400)=""/241}, {0x1ff, 0xb5, 0x6, &(0x7f0000000500)=""/181}, {0x5, 0xd9, 0x0, &(0x7f00000005c0)=""/217}]}) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x1ca300, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) uselib(&(0x7f00000002c0)='./file0\x00') [ 1688.246551][ T9855] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1688.284402][ T9855] FAT-fs (loop2): Filesystem has been set read-only 15:18:51 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x48000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1688.342047][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1688.355664][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:18:51 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0xffffffff00000000, 0x0, r0, 0x0}]) 15:18:51 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0xfffffdfd}) 15:18:51 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4c000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:51 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000000c0)={0x3, r2}) r3 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = accept4$netrom(r2, &(0x7f00000001c0)={{0x3, @netrom}, [@rose, @null, @rose, @rose, @rose, @remote, @bcast, @null]}, &(0x7f0000000100)=0x48, 0x800) dup3(r1, r4, 0x1c0000) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r5, 0x3, 0x0, 0x369e5d84) [ 1688.560879][ T26] audit: type=1804 audit(1567610331.664:175): pid=22531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3663/file0/file0" dev="sda1" ino=17283 res=1 15:18:51 executing program 2: setxattr$security_evm(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.evm\x00', &(0x7f00000001c0)=@v1={0x2, "e9"}, 0x2, 0x0) mkdir(0x0, 0x3) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0xe}], 0x102060, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000200)='./file0\x00', 0xd2) fallocate(r1, 0x1, 0x0, 0x369e5d84) [ 1688.941742][ T26] audit: type=1804 audit(1567610332.044:176): pid=22754 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3693/file0/file0" dev="loop3" ino=655 res=1 15:18:52 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xff00) 15:18:52 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x60000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x100000000000000}) 15:18:52 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x2, r0, 0x0}]) 15:18:52 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000740)) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r4, 0x8008af00, &(0x7f0000000740)) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000540)=[r2, r3, r4], 0x3) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r5, 0x3, 0x0, 0x369e5d84) r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x200, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r7 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0x8, 0x2) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r7, 0x84, 0x6b, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0xd28b, @loopback, 0xbe6}], 0x1c) ioctl$VHOST_SET_VRING_ERR(r6, 0x4008af22, &(0x7f00000000c0)={0x1}) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x100000) openat(r8, &(0x7f00000001c0)='./file0\x00', 0x0, 0x80) getsockname(0xffffffffffffffff, &(0x7f0000000400)=@hci={0x1f, 0x0}, &(0x7f0000000480)=0x80) r10 = creat(&(0x7f00000004c0)='./file0\x00', 0x1) r11 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000600)='/dev/snapshot\x00', 0xa01, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r12, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r14, 0x439}, 0x14}}, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r12, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x41000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)={0x70, r14, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x6, 0x1}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x8000) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x800000000001c9, 0x86, 0x4, 0x80, r11, 0x0, [], r9, r10, 0x5, 0x2}, 0x3c) sendmsg$can_raw(r5, &(0x7f00000003c0)={&(0x7f00000002c0)={0x1d, r9}, 0x10, &(0x7f0000000380)={&(0x7f0000000340)=@can={{0x3, 0x2, 0x100000001, 0x5}, 0x6, 0x2, 0x0, 0x0, "dfc45cfc6c8af1f0"}, 0x10}, 0x1, 0x0, 0x0, 0x40004}, 0x4080) 15:18:52 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="2321202e2f66696c65302076666174000a52e95c54e877f7f93e49b961474c9fce842d858165b283ce1c20b0fd8e3866290505c78a8edf279bde8400266aabee8bc7c244004793c9724c8dc503a1ee7034ee6676e7eab408302b292cc51e939379d243a7149e0af6291be3b19cba6c81d3ffb6ee56b3d20f3b47340eec71c5b6e76bf693db86646e3877db139000b9816a00fd471b572bc8588d10da417934c9d6a8b5cd50af5f672b6aad8f8a95f69dd060d98f62fb678d9f4cd36c3e4f52f1bdc926d4b5302f6ecf807fd6d8c456de9d4d8b31f8a83fecdc91eea7408f7a81479f9d7d5fa3b97acc8aaeb961601ad312afa61bda47a32f223497d1bf87800f60e8b8f00432243659ea0fb3ce25b5cdc95717d2f5a07e5478148a68b9f58b6b8e606adbb1cebe7b1d4f765f1e3a8e0081020317e7780a42feb3687f1ba845eefca4a3c1738cbef52076846f8f5603093fad2727bf6dc47dc20e9d95db6621b8788bd589cbe913b2a94d586e458206521fa412a3f018e7dcba85cc960882c3ef156b0041f1809b7cf935557a207e5748c71877c522d276332d35b69e9e6b3f71d5b300eacb851078bf0e9387a6743cf3c585721185479486a24fffd62fb10e1aa9012a21e894c32826474de485274a72de51749124a874f4210f091d012998fde39c3b0f07727176e057b5f034368a482877cb03bb900cfa3fbf324a434c00afa158f49ea68e0f673243b15505e4b48d09994212b8e8cd32e8ba84463354e6d9d24ceba6c9fe2cc5d4d1274d6e348f96166b450f8494670890c32e08cc9e457f75c9ebb1f42b10c61912b8576c4890f4dad67ec9a2c913d0d0ee5bd32db34985957ec95ddd1b4dfe3f987b147b8b6cd70b62e72a7242e00cf0f206b9b69221d4d74d299408a39cb6f9db36c92540e9edf41a328bcfd0a7365b7e367ce4cc6ce210895d780db59be87fbbfaba3f8ddb745f3c29e7d4808d41a3e93b58a63a07b5c5092c86af8f3ebea185019c919b33e1195ff080d4baa3ff705b5539564bde32ded4e44f188916ad6cfc23991dbaaa02fde1e45766333bca03f132f669680061f0de441bb21af83765ed4ebcdf3ae9d00f7be857990d1cafb306b0efa558d571572f6df843e7579db368905d0a8a3384265e7de44e08ea0957c27867dce9b6d736b3e8a5b23d0f34933f7c9068e672572e1be4c5f8975a33fbb0e477deec58f0dd92c683fbc7006cbae0a12af9e38112ddad51befd5b70c613c900350906f7fa38753e98f930bdfe5b675125f34592a3d7da65110c12e69b6a625a51716a2fe69198dba5178ec5c8addfeec6d2e8d5ac8f37b11de6d1335ef61d51d620614653ff34c5f5d0e732368efb5880dbad8d265ad8ac1d9f976cf8446e1c091f558b484c1aa0e10070379d35c5d576b7ad94a54b559a06218ebc44e2239bc2045d2b80b5fdcbb0dc77abfbd89779d96aa55cc6e663efc96346a19a8764c47e6eee5492d2399cd0eb5d3643f601eb3617f0cab4c2cbc192a0b8dc79acbc859186a2871621626d8557c07fcb600cb3ac9d6731de4f01b7a436bf384ff3c589c0dc699613b023b98a5408fe8d76ac06ea5c927962891fa57f6bc9f9e8263f26d57fe0bc545ec8531abc292044973a166e69999d0d657d85c22d60394ec18a6f1ec339c4076cc38b593c1dd9ffad22b9c69a015f0abc10617e6f2b5f96b609b31c791c6e6b2b58958e3833d072f67231cc618c3851b6e65f3738b1f4222994b50e13fc826574846db5c13b4e66d37a37414a084280627fa570b2a8a7921b6b41ba42248fa42fa8cea7bcbd763b00dcdeda4fe0d18abcdfe5a0306ab84fe413f02014725a22cf13e99f59a105432089005519a1d06ef1c3ba718b8f5da69e4b3b4281f622a889a71ad91bb7654976cf56a34c31a585f805bad4b8928a82bd93031c159ec822bc931c69bf2ef79d3c418269fac53aa58f987a539870b7b293279cab423104d191f718e866c366ad50b79c315fb364e3b2dcaca223a732780710a2f3572071d3c14e2337003d94cc8d3e1ad8043590f323518884f09650d4b0919a98b3f3f23d9c83935c456f9819765834acfffb2e4b187c1793e9a8fae33cf7a73bd3588771c7f47f5868f6b050897bbaa954a5a0593fd9957ac8a7d6b9c82ecca9ac7aeed4183e24bdff78705471093113a217d01fdce0c5b479f01b6c5951b3fe3b9534d0bf82d5b68862a0464b3d94cbcda199b5fa7b318937c69949b13c921faaa5ea1d8892a4bbe1c22c926b73c1f3f0169c6dfe24ad3c67d7fc486d11925a0078b25b83c4b5974b648e6319376c6dc17264af85ac5d80b060c97f0200bff1574f580cdf2b6966b1cfb3aeb37f5db49b0ce6c79c5389b9a0423c1269d64923d4e7ca864520620462a2739385babd405b89fec0d478f259f7398c889217fef6429a494017dcdbdc8cef24c781b67bf62b2c557b5d4202fe253e57bf599d2db38dbc508d146c96d4bd0aed911e536611d47066edee4cb7adb8a14471daf9997de219ad0c1ccb32d197a1a784db82f566ab0c84abe479bc94e85e0e275d2525ab2f1083fc77726efee8496311df8b1e148b74e7eab71eba0d687d85cadb014ca7c74f060d396830f2c4862c6dc3e97edd28ec254d9c2d025763885448fead2d04177fbbcb16cccc6af9dd13fd254bebe13ad2036e3b6864e60104b47377095781e01c9433c26f4cb721b5a4e9080355d99228bd4ad09a9df4f50e7551f9eec1dfabbeb5706eb72ca470068bb2e2bf799654796cc28bfff41a96ec24302788d7d3de24abba54f1e1b188eed6c9c91480f9bc7c40d8d9912f744d43a1b8ee1e62be282ffee772752b69c28ceca876f5ce8d67f2a0026ac00eb97bf082f5a2c147be314543273b1284b7eb4d6ed2b0f4d19db3720dd15da54f2368e7765715761aa8599d49212f78d601038077857f91d225a75e5c9c788f0558a7e22d9f0886c6f26d13e5aedf3776220418cd0e4595aaa04d68a946e6cee2f89a9b3ff59b8f922b5717c13d8bc1ea02cfd4ddc65130c0d01ce89f98acdc80455a144a6c4ed84a27776ea3c2f1101fed48a24affb00bd5252279d18faef4f8847ebbff55259a23007e7c4546dc74557eb722a1e1c5bbe1b1f6472cb3941cf4937c6d4ef8c3751a7a0e06d4f0864197407f25503e6793f6984542d33167b1719212516ed9ca8905d8481589200442f8e04301f254374cd3feca0ff69a3afb2ecbabfe9f567ec019a2753178e523ccc5715bee8307b05f01a2472f06189f2e6c7cf078d500e9aeeb1438fcb324ad3982db128daef80e916d46d5ae19a6633177fc405b3fd022ad455fe2f7ec70080f63c26295744cf36f989b63d300d4fb96e52fc4498aa708de138db9fb74c61218a0799a411f1b7791f63d37dbc2a6b64855d360ddfb3aeb77dcf0e09fe4170a1bdb698fbd2629f86decd69b5e595be1ab1e876ace6c2601fcb39d7529860af7dfe7bd0aab28c33ea4774beca4c9e274dfccb9070c6b9f8ef3bff931b11342806086ed718f6a7344af56554d12750f59eb2898443398c748be14d6b4d97596a0b3699348b63a76dc1f629801065f59baa137eeefb953eb43f92b7ebc807f655266a09fd137b18216f8576d1ce2f304e517e75c5e801eaa908732dfc6f3ea5a0981e0f46bc7419f156aa7a89179d58cb6ddaecf1fb3459c16714f9676d3968b1b8e9a39882c04b6c6f13aac5182fa563117c9deb2e58a160d3a2dc9e0a7fa3be6804dd17d321b3a9cda7cc6ffc7ccd26c613c096010993591923950db81fdf11e8c495953d8637bccbe9c834e3c3b5ca61073824bbd5d2fb0be5f59e9810d389358ce229f38dcb2bcab9d00051e706dd9d9d7815849a0c453d1cfcf62aee155a35ee19b8de4d3bcd04fc3dce1d049c01f00a6e101bbfcb94b8ed6cec3f0d5672078d8713b8f3348d21de4374f8668248a9937e74e470c6011ff1fe115464c3cce1020ef10909b18a725aa21c6e833138146fa1c0c202f74f730736574f1d279467c576681aebf863e861f78219a24520b7b14f245d9a00b281a43f0be1a9adaceaebef1d111087de8ea6f1aa56d6ed087495a463727838277df94afdec9681d23f68825cd36ed3b760edd74f9e7bf9a6953fc3e49533305e988eeb5c2b3eb7a0cee3d4e960f08a8c7ffd80ffef427612395888ab593a98628111d7e7b3bad446c0ad2d617bf09519e4859c22de95509ce7988926b2ae0e490cf3856fc7ae58286795271c278651756490f07ab2554989df9324279891ebf34ac3fa47bc5e854dbfa6a359f28e5f4263864722c1c4cb6123eff433fa8b5344586ba5961d6915f0372564292770a4b04894b0c85df28c01b9ac928fb7c302a0c671edcd3da2bb37408346bab779374244d85c078ea012b656e159c9919750745535cd4519730c505740e5ca9804f7d2b8bb344f61d74547b069caeab24fd4c7714692b9a25d2c13628e82c7de8a9997bce4db092d1ce4d340b52e7a5ece17dc2a8eea467e441c91c494767058af2486f91317f2e973fa257babe5d02dcac1f1916954ee2958043efbece10b7b94a6f7763be6f007592de5c35e985bba2d5178ccb123a6927253c891c4a05c587647cbf0c95381dc84d51e4c283b3825badf6a98f99ea88a8167224e752861adc05eb7dd1308ee1b7228e644f7db5f3fd5795b385914ef33a55df0fe0609f7b1c5a71dfe287c077d1436a39dbf3af8c333c5e1cd458adbb6734cc1ffd36570cce380179cf43ffad1d9a4ab41ae93627a831df02fa1b49b14d5121a33ddf502bcd624825298bab5ababbbb5e3d5c5da4b5e1617c4b6dc88b435943659cf5ad3e463ca57122362f14ce3953073144f54cad5da0c9ee34c2a2644b14ca8c72d39565721f03e220103e8c364d44303c8d40a6961a63b381ef99c8710e5016ac8f6f0b59950988313bbb5165078c0c139c396892b5d4e55ab6bca8de4b26693f0c2129c28f8f855b9358f98c4e05adc257eb09425940221019c38b0474f6829f98deaf093a08ad710719c3622dfc9b4facc98efb8f9837259574fc4ef6de0c48be37494323589773ccc95c01ea411839833a5d54c9e48c4db627f14b92a72cdc04d20fffd2c5513fafe12b8d6dadb974bfc5957176451e50885e0c9d5717676d4866fd04645fa3811ef8e101a7cfe082ec82ec1abe2db57fefd5af00e6eac858f2a8b30475de2fc4f0296f70490d8ffe090a4082ad5b3c9cf06de02181ed4faeacada390b082e0280bec0b6db87360b772a86f513cc2538de50e9024c1a617f7780c0e1ded14edc457b36d57d1aa72b4cc618d129c2f757682eee1d3b7909dbda56e07b6c7c126cc00a39d26a0f4140ea7f163f2dfd8d7ed611e4a41fcdf362cf0ef2aab9a14fe8013f56faa1d8b8cd0822d5ef2f9f8d6be29c06433da91bb0a50215b6c58c481bde1374a14dac1f147b1e65d85cc40a39c38532dd9c0f7d650574c87af388b6740cf12d4e8f422411664ace98224b918d7598ce6160a3ede475576e824d6c6c2d44386b6a250dda9b66082bbdc1345c042fd3a5353e18956a0fabec557539a21640c22110d1dba4375135adc7f23721486d1bf6270e918508fac26a58b37c84572c3989ec0247c09995ff9fec433ee623154d94f5492e1fe0b122c632bb07a1eb1319aeff2a10d13df82bb6651828a099a039df012c8f3e0a2c99b9ae11acd746bc32f4c819da5c55f5f0aba1c815433fa626515bd2a8315254d3428b0371015642d07b465a5af6025c6b96139fcb1c08eef1e4f05b4a6bdc78cd392667f43"], 0x1011) fchdir(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) sendmsg$unix(r4, &(0x7f0000000200)={&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000340)="dc4f32bf5340d2fae55da3887fa8c332180cb5ee9ead0b612dccb654030d6372a99bc113aed322ecce715db9a2f171dfa6e9856e1c3a72582e8dcbfa10bb4d32245cbfdc1a6b7c7bb5f2c66da7ef5632248dd39dc2162f7a3eabdbc793dc075e1b4b7525ba2d291cecc1d0250bd7d71492a5fe611b32c4ca48434f6eb40ab9bba5089df3e0312fc487b5ebfec2210dd02638bde28d383c2ea562875d2f5087daf42cbb8a980578b33b333b1d5f7b0cfed9bcd66a83cce5ee9c820384faeb28261e060405a717f86735f833b8b86b79102317dfab30e0a030ecedd1dc0768606a3518d75c81f36270b6a199dbc791d48439f7e090aadca4aa8f530dffa56cfc23ac93b9a62fc56d94bdfd8be6f43b2b0b7a39ef467c7c99732ad642b888d2fef1b1ee1616cbca89d950bbb91d265765ee711dc21beddab66fcb9c2af61bc7407660d7b0013d67feb7ea9658616af41ca158a78e5d61f9a878c0973f0609be388c6cc49f95f46c0a60d870f0b6b48a6800c64610e8ae79eff3c1f72b18ff14bacb5b1238f3c91937177cc6d72e0a74db3453f1909aad2e1c17d772ca604b43fafe7b5beeaaf6ec1264ad0f9b3b78a052b90719efe84d9aa0f3a6567c4a83716ca56ca4205cef439866321f7d0f8fb3bc72c64fcadc0c28475f814d96ad1a775407b0d717cee3b1c55063dc6f684d394514ba22a8e0446a192965a2223e79d919564a9b6b14d0c6ecd95877f1a6ce73ea7d1b550e66010401b6cbb4aba207c220dca427a5bd238b80bc0342e00976e449dc882fe817168ff218df41c3031a793c36cb7bd60a9dd48d68e67965228ce135b5336d6fa5ee8017c675846d6d863734f9f18a66e29e34f48dd56320bfafcdf1509921b33e4200cd372d8fc4f3c318fd119b8859bfbbd065bd651eb0cd0971f461b4e081542d3b7165a448c0e7e957a7009112cdaa062aa9d20a9ddf724fa2751e8c4ff9b0c02666500f89d62e1880ff6e047c3eaa1677b78cb5767c88215a86fe4b6a053b8eb30ee0a9828d321a486e627a6442aa0d3bedcf156c4b58cf27487a3f6ebaa4061fdf6ab3ea3a9eb9d414394175ac40e6bc1e545da1c081ba85d7f2132005efe0b5b5895b5cfcec91f69908841f5ab67dfa6b37aeff6d640d81d244f484d3d59ec3bc6caad41fe771d64e7ff5608c6a0b78ffa9ba781d8b94effe762dab0b81e7427e1cbcf3790a8f8904e248ed139f6b5b15d5c4006b62a8b143af32e0d0e25f37a71f63181ca992adbea23eb0377e09cbda1ef3e6aceb4b29066e2f5ea34699723f30599014cc9549e7543964e2bebc2cf35cfcfda92bdb06f9ffa71f702ea4aea26a6a49a4e930872fe2e32ce4ee1dca863ec1ff3f8bb98080c6b41564ec23056b7883e08f7c9ddc25e211835ecf55c6ca8ba780b198a7f57dc2530afeefd92a53c441e0cc979bc926c3d62d18b09118838d794e26b33f0b8e1b53315efadb87b0c5abdaeb43f3262b4497337df533791be7a9d96b8c9f4e6860584ffb67dec45aec8444ad87dc6188831b0b52b68763141f49193d6c20b7eb08a19d41d0d424a2654cdcb79664ae46481199c0db47d41bd794ad99477e79061f37575315a36c12e08970a27324c98ee7d7d79ef46edff3ab624421938ddb8a47d126c84e0dfce3b95fb7eac765875fd2e90569401a27db25aabeb2a1adcaff1bc1a80ad03fd4f268e16a6a306310ffeb890e020e63993c78ce8a0853b621d8c803966a27eeea02b3cd86f303a4b7911c4e0dd420bd89c3d09734ae98ed913edac392d88c0ac72b6fd368689bf04ef60ed420b5041a83fc5d6221521c3911e8b213cfded8d7f7699217507d3e333f7a939892db74729213653c27620d9e792576af9d6f0ca84159c46a370b85d40db0e3c49af909a3cc937059d09d7caf24dbc7f1d5b058d667cdc70a84b8f74135f12c7e4ede288df379ff060c5e721b3ca159691789a091fc5e763490992b3d18828a3f920dd10f0ea4c1dff6d4b0f4f70d826cabad3cb82a4c9d7f812c936adc5a7fa85e91d3c60da59d327c427fb664fe8d7df58751839943971924c9412bb1ad4709d548752c54a9b7684ccc12e1a6c032cb5af161450ab89f90eb349b0175c416793b1573f2c808f59a7a723f2cab25c17bf1546e93fcba1d61ac0143e2d5e6773fa55194b9fe23286c7c9344a1e94d9e2e444f5ab3bded67a7060b82a468f3cbdef8befba25d362a9257dc37beb4062ea8fd7efe7add0a9745cba300eac45c36fa0d6cc4d273cc01451bcfb27b52cf03edc38ad233f691d55026673945d6e8b2f4098641705af447163037f803d050445ddc48b9af3db824daf15051984680388de60cbc1aade4084f9f1c3879a678dad93bf9ec956afb28068c7eb0117c7a288ebe6234a0cc4a95b7bdee4d4a56e4fc1de92e65f86972f179ea12a72dfdac0f273dd1ce269e71d845b36c47bb31d1e49f5deaebe23e3532270bc0f1db708e980a6a4e604039b51be4b17ec1768cbd963d4189226fd68268ad8541d7c78b7d0fc7e5326f956e2265dc134eae0ee1f0a82049769068ac660593d6acf754a1d5d7ad3053b2f3ef35bcf2b059c2a47c31f762491fade5a51104b1865a80ee50d0543b7d1d3b883eaea1ccf4639192289e1fc9d399778bfee39f69adb6bf017161a424a3c8a4563054f3f7a242a04a2d89fb81d2e15e38d9ed0b97936e6a387d63e9d63850bb4bc3a2f44b3dffeecbbdbd30d6fcf2b5fd73724f3f5b25f1462a893c74d3459db829da54f9a3082ed5ed446bfe3f16389b6e94541a6fb430823b82624afb11bb59716978fed75c2ee4ce571626b0de62cb8515a568dfdeaa5f3dbc1177ac2efafa86ff1429fcbcb4e9e8f3fa43b8a6068b8dd7359c1044e89dd10c65f4ce1550301573b5e5ef04f83bc519fb054e36b509d9063b89a5557960bb29fa7d68bea2e51263cf525fe98e9e15d3a0319e9299bdac8fc5a7264b5b376893ab3277bd1176ee9bac7e23c6862c14114c4690ecb038425b0f4dcd384666789fddc51b685275ae26501cfcf258a94e108fe973fd7b624397fcfa0225e6093ef967f340cd84bb6f04806373cb2d1e3eab0ce65537cb99565ae8c0ef3de9b227f4b83d42c0c429ca74b76a0e0ea044152e77ffffa6799349ff2b7a60dc4e04bd9f39758580879390b5aa855167b700d280e03f93b4c1f91195436a4e29f5756507e4fc326cf80fb08d654585185850d717964c7199c464f5af05a1a7accd31631181b8a5ed47d3d5228ef28b5d8f3e82ce294e22340eb9a307eda0f89732f6e8d44039d61d5d547ab24beef5ec10aa32a0c8576853a1e11a448adb1251c5ff2cadde0a80fed2d373c7737725e7c2e7f4ffd1edbc9a2de7f8574831bffa8d12a924d83179ff821f5aa837239b7b46285721bf273babd1fedcb4b926c9f446f97e26bdc03c26f16a97ff89ad53c4ca633a355cb112edb32acd73b506bdf4b97def93e78a0491c00947f726dc2480cf115146bd8bd7ba4bc20c6ade6521ce0f12a5ba531ac7a3fca9e83df6cebd01277c8db9210b57e3b960809c4d3ef4bb9f3464bb57198f4e00849b06e1806a3cf4b33295dde1efe8696c81ffccc06a775e83da138b69910e51ee3f49a8a9aad582bb75cf10c0cfde89b5672a3dfea7bbdfcbc1e5182460de8d7f221c05c5fd267b014dfefbf01838e8e269201b2acd9f4c4e6643187586624e27e12e6e8697c63aaef227f096b1878960aaa86484bc0e8594f35af39f020ccb425bae3c3836b836522ba42926682f085c259631dd7914db0251529f27e6de91e362ac06191058925ccd1f575b52d5e39dfa5da7aff8affc32f6e567d36e2463a2c57af1d9cc4420cd8f3bd97777b4ca03655745f3146ae748b02f0cd8f32a2ffae95c86db577a775d2235a3c61842054041e537f9f3a30a6576f5ac62d9dc9f286500ffc10922dadee070a2ac515be756de84c6d1bd53ef1ca7ead220a1b41134e1396adbce0abb74b151138a100aa29bed6ac40985f8da3f5bae4596415671196b12af8e665fbcb24ba224acd921d79f15658753eff39be00932fb2e5c1148986fcf66a04225f02365fd90890e4ac643d7e7d0153365f79ec074e09683f85a5f82399befe14b4d07621ca816d410c56e49494f35cf69ae1e276bddff43c583830e718427c98abf0da319aa077b87bfab28ec87186ad558bf09ac2ad85a25a856646dd5cc97bb96f132c7d2236e9b0b5cf90dacb1d35a56caf1676d5377f9d424ab9d7be16f5b923f6970564784c4290caea38350cf9e74f583e0f6dfed09ad9d40cb928bbebe06459ad2a6bf508d066d9c1b07bdb5c29fc971c7fba63e11652f4e0560ea528d6440636576a9daed771d9ebf9e8ba9de1d612e046cda2e0db48ad8e439810aad7567f87dba9c79fbb7f1b6b850a44a0593206ea2bbb4fadaa573a6f7e6f190e4a6ce75e613eb16c67dc9973c8fd018a1a8ca37f16621976038058d7f907aebb5216d6ed035af740caec289bf3743abc1160eed7b4109f46290e88a4e0e4c5b4b6afb1d235cf6372ca8eda4299c51c715d82651bb8e3069c9afa0da96731fdfa5834ae7fa42db5fe48553ffc8f291db1c4f894b2567d53039dd670b3645e2690aac826e1b8ed6828055fabbdc7af5f64b5ee39109983c2515a88bb9b5bd93a961fa4215db3b48b5d1a6a7fbe77b8b3abbf1fd2b02a615e3b42fcbe78df4d301d6902e054a3f725b0814ca8794f8755539d515706f3e6ad40ae7617a259af605213b4097d1cb841d344df66f10de2d251512eb5da5df947819241cf2b57959c624e47390104f0d0fe23084f76dc8a44480004eb84807b49f28fa5f0301175edbd3155a1b4a7c772c39fb267051891673c6f57c1bb3667706e52619d4394e9da2677362b011271b2bcc02a54e11a2fd40f72b732d1951b90780c517bc0ac9de77b7393e23e1459d7b2f0d8688aaaca684d64343bfc790c6d4ba44088c9bb7d3dd2824b2a5f43b3ce6f6a827b05a6b144c1729d4ee4c1ad29c0604636b3f044480b65801fd3b1013c4e4c0d07841cd2769012104ee3fb4966e5e280b15d0b41346d0ac23c5fd2614b0ef1029d8933ec82e58a08296729eb66b2f2dbf68037667d1e7793f85c6b7c22ffd179604fd756a947a17bf208db1b98ecbd28ec2029b9ceb2b5bacbe03642f217e86c038f9732f1c66ed553b8cb68e1e75117f8958571a31a9c164b32ff2e1a21745991fa18dc13cf835445f8725aa84e1c4d40ba9d294c3e92dedf9d650e073bdd7dcd124de98a33687e1056cc521f5d040a89c340233e2e6c5a15a4104687f85495c534cdbe2802082712f8a03dcfdb4359a061825985ca544b114f57704d2827dcec8c4de6394f436112de7fd309e76de3376bfa7c760b61246f74a4252fe44f4a88c0791cb5a59dcaabd8c6c79dd73859b66eb60accdec4c08fe301b147bf3b227d307628f309659f8482dd3564e8e561c601e76a7d3dadb0f9d24492036c129e89ce2f86cb22fcb0b481e03dcd8d788d04bc1911ecc8fbc2c9b5cd6678a3472cd753d8dd558dc2986af651947e3514a6e4e2dcd7406ac94f3a07afe1197333f981382cead5407be31d4f199c6ec8a78c0beba9893e27839cc162a0c43dfd2d834e5e9d6f7a9d5d58b92d96ac8f998dac9924b7ea4bc87a918f1557ad5032655381565d847b3e2347eea61f6a4907ae44c5e6babb6b6957a9dbbab013016f9daa5eb8f2f985e51225f657b6c7deaf99b5107166280ca0857e723550228fda11c2c4419bce7bf8c2a40604904", 0x1000}, {&(0x7f0000001340)="5cb0b356e609839397008b022ae7a9eafa0d451292e58310300bcf8ff6efcebffc3ec38bdb3fb75448ffec8469b94cf6b60677cc33c2bffcafc95bb8f7e5273a249528a02779230b31c9475831c8c199a7001119e9fa1fed94aa6b50f244c5b33f889d2a51d3a605ffee84d57ac937f47a23028cf6fbcda62f2b653e306940c4f2a79c8aeaa094ce4644f88bb4c8c303217cbe33252d0df938595ac7e49a0eb2609a368086c1230582938ef7088b477f5912c2057b9a0baadde5a4a8e3994a15a5df91", 0xc3}, {&(0x7f0000000100)="f07447e8addc4398bcd6", 0xa}], 0x3, 0x0, 0x0, 0x800}, 0x1) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) splice(r5, 0x0, r7, 0x0, 0x20000000003, 0x0) close(r7) sendmsg$nl_crypto(r7, &(0x7f00000025c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0xe1a980}, 0xc, &(0x7f0000002580)={&(0x7f0000002480)=@getstat={0xe0, 0x15, 0x400, 0x70bd2d, 0x25dfdbfe, {{'drbg_nopr_hmac_sha1\x00'}, [], [], 0x5000}, ["", "", "", "", "", "", ""]}, 0xe0}, 0x1, 0x0, 0x0, 0x80}, 0x80) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x20000000003, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000040)={0x605a, 0x4c47504a, 0x8000, 0x4, 0xcbf231647fb0d38c, @discrete={0x76e0ea1c, 0xc787}}) fallocate(0xffffffffffffffff, 0x1, 0x0, 0x369e5d84) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2) 15:18:52 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x68000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:52 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x3, r0, 0x0}]) 15:18:52 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6c000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x200000000000000}) 15:18:52 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x74000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:52 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x4, r0, 0x0}]) [ 1689.625877][ T26] audit: type=1804 audit(1567610332.724:177): pid=23093 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3694/file0/file0" dev="loop3" ino=657 res=1 [ 1689.706252][T23093] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1689.728331][T23093] FAT-fs (loop3): Filesystem has been set read-only 15:18:53 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x1000000) 15:18:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x300000000000000}) 15:18:53 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7a000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:53 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x5, r0, 0x0}]) 15:18:53 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36\x00', 0x2, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000080)) syz_open_pts(r2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000080)) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)) syz_open_pts(r4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000080)) r6 = syz_open_pts(r5, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r6, 0x5412, &(0x7f0000000000)={0x7d}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000080)) syz_open_pts(r7, 0x0) syz_open_pts(r7, 0x14902) ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000000c0)=0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r11 = accept4(r10, 0x0, 0x0, 0x0) splice(r9, 0x0, r11, 0x0, 0x20000000003, 0x0) connect$nfc_llcp(r9, &(0x7f00000001c0)={0x27, 0x0, 0x1, 0xd5ba7354fa4da11e, 0x7, 0x5, "0c35ecc5a86286e26493ca229f1a705228ce50712bc4013cced558edb044e2e151730996a9dd860237d33ddc83d1195ad76d5402775b410e60682b9b4c3969", 0x29}, 0x60) ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000100)=r8) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:18:53 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x88000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:53 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x7, r0, 0x0}]) 15:18:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x400000000000000}) 15:18:53 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0xfeffff07, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:53 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x20000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:53 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x8, r0, 0x0}]) 15:18:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x500000000000000}) [ 1690.943369][ T26] audit: type=1804 audit(1567610334.044:178): pid=23426 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3695/file0/file0" dev="loop3" ino=659 res=1 [ 1690.961609][T23426] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1690.990780][T23426] FAT-fs (loop3): Filesystem has been set read-only 15:18:54 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x2000000) 15:18:54 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x600000000000000}) 15:18:54 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0xc, r0, 0x0}]) 15:18:54 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:18:54 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x100000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1691.503819][T23448] xt_check_target: 11 callbacks suppressed [ 1691.503830][T23448] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:54 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x38, r0, 0x0}]) 15:18:54 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x700000000000000}) 15:18:54 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x200000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1691.633773][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 1691.633787][ T26] audit: type=1804 audit(1567610334.734:180): pid=23465 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3667/file0/file0" dev="sda1" ino=18891 res=1 [ 1691.777772][T23551] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:54 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) recvmsg(r2, &(0x7f0000000a40)={&(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000980)=[{&(0x7f00000001c0)=""/124, 0x7c}, {&(0x7f0000000340)=""/196, 0xc4}, {&(0x7f0000000240)=""/188, 0xbc}, {&(0x7f0000000040)=""/41, 0x29}, {&(0x7f0000000440)=""/250, 0xfa}, {&(0x7f0000000540)=""/178, 0xb2}, {&(0x7f0000000600)=""/207, 0xcf}, {&(0x7f0000000700)=""/211, 0xd3}, {&(0x7f0000000800)=""/102, 0x66}, {&(0x7f0000000880)=""/224, 0xe0}], 0xa}, 0x10020) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000a80)={0x0, r3, 0xff, 0x5, 0x8, 0x3}) 15:18:55 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x300, r0, 0x0}]) 15:18:55 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x300000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x800000000000000}) [ 1691.992963][T23658] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1692.226385][ T26] audit: type=1804 audit(1567610335.324:181): pid=23765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3696/file0/file0" dev="loop3" ino=661 res=1 15:18:55 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x3000000) 15:18:55 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x400000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:55 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x500, r0, 0x0}]) 15:18:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x4000000000000000}) 15:18:55 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x500000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1692.610411][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1692.626262][T23770] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1692.639472][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1692.689329][ T26] audit: type=1804 audit(1567610335.784:182): pid=23842 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3668/file0/file0" dev="sda1" ino=18896 res=1 15:18:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0xfdfdffff00000000}) 15:18:55 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x700, r0, 0x0}]) 15:18:55 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0xa0) fallocate(r1, 0x1, 0x0, 0x369e5d84) [ 1692.816732][T23879] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x600000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0xff00000000000000}) 15:18:56 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0xc00, r0, 0x0}]) [ 1693.104237][T23993] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1693.113061][ T26] audit: type=1804 audit(1567610336.204:183): pid=23996 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3697/file0/file0" dev="sda1" ino=18900 res=1 15:18:56 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000000) 15:18:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x700000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x2}) 15:18:56 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x3800, r0, 0x0}]) [ 1693.325927][T24102] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x800000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x3}) [ 1693.559632][T24214] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:56 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x4000, r0, 0x0}]) 15:18:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0xa00000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1693.718043][ T26] audit: type=1804 audit(1567610336.814:184): pid=24218 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3669/file0/file0" dev="loop2" ino=663 res=1 15:18:56 executing program 2: mkdir(0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x1101, 0x1) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) fchdir(r1) 15:18:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x4}) 15:18:57 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x1000000, r0, 0x0}]) [ 1693.891643][T24325] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:18:57 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x1100000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1694.072784][ T26] audit: type=1804 audit(1567610337.174:185): pid=24326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3670/file0/file0" dev="sda1" ino=18913 res=1 [ 1694.107808][T24410] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1694.300885][ T26] audit: type=1804 audit(1567610337.404:186): pid=24438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3698/file0/file0" dev="loop3" ino=664 res=1 [ 1694.345204][ T26] audit: type=1804 audit(1567610337.434:187): pid=24439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3698/file0/file0" dev="loop3" ino=664 res=1 15:18:57 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x5000000) 15:18:57 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x5}) 15:18:57 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x2000000, r0, 0x0}]) 15:18:57 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'lapb0\x00', @broadcast}) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:18:57 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x2000000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:57 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x3f00000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:57 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x3000000, r0, 0x0}]) 15:18:57 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x6}) [ 1694.733056][ T26] audit: type=1804 audit(1567610337.834:188): pid=24475 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3671/file0/file0" dev="sda1" ino=18911 res=1 15:18:57 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4000000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:57 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) rt_sigqueueinfo(0xffffffffffffffff, 0xc, &(0x7f0000000640)={0x2f, 0x101, 0x8}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000800)) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/udmabuf\x00', 0x2) fchdir(r3) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x4) write$P9_RWSTAT(r4, &(0x7f00000006c0)={0xfffffffffffffe6e, 0x7f, 0x1}, 0x7) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000007c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000840), 0xffffffffffffffff, 0x1}}, 0x18) r6 = gettid() getpgrp(r6) ioctl$VHOST_GET_FEATURES(r5, 0x8008af00, &(0x7f0000000740)) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000580)={0x0, @aes128, 0x1, "af5125628ef92062"}) fallocate(r4, 0x1, 0x0, 0xffffffffffffffe0) sendmsg$alg(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000001c0)="ee11c8c5b17983124412eda12535f4883e5d93f4dca57dae3270b722d185ca5ae85935ad2d09ad8a2c70de5f247290435f3bab37b6a2d811715b7b2a2087899e37dff65be67d3e57e8e1a6dc920418a78712a8c82f7365ceaf42920d8aa9e53e0a445c6094df5893841443026453027609c554b22c1769d6406ae38ace14c877b3165aa15f27062b1d6d26ef765753fa68fb2661c5391632b76ac8a130da18619913bb05f758969bac935b8f3dea64699014e12bcc33b386c042d816d7c36feaed36bcd73bdb43143ea29924d3cfd1dae8cf4ad52db0a641de2444b60fb17bcd0ea4c275d015045cb7cdc23cfb374d97e6aa5dd3b000df44c0012bd514", 0xfd}, {&(0x7f0000000040)="7c18041bed099a3a5f3aa5c78a84b4884c8e8c58c2438d4055acd6fee7e6ff7de4237598ffb23f43f7c203b64b55a8a610acc3", 0x33}, {&(0x7f00000000c0)="6a3de236053596462448928e47c665819b0da26dfb3565fcc8e86e343c9465725991acb15b4c1ec42c64e1fdeb81d71c8e4a7746f990a3df3f442d2cd6a43c8a9982b922c424", 0x46}, {&(0x7f0000000340)="b6cbd6619149e69b6da4fda7441953ee24d837d83ea28d786149c882777d53da9788fb5b2424c8bfc23e38e3364b0d74a22ce3aa31ae927cd074893b4178dbf84e361d901f7d9190cb43e6c602e1d8bd8d309fe4d4a62d9e1706de08cc9db48aa5fc26fcc73c0d79a551dc98610a6c17455bf6cda7e53ca5e27825e8326e74deef53143b6c4d8608d74fcaf15b91bfe5407792e3036166b54d16c6bbe601d0efde8ae5e92e425766c21d0637ea89953c9fadfc6229edd91e59f853d1957ddfaa897a674f5614e662619828e591d234f5a4b344e31a592a67e76b4a7abea6cef9b7f937faed0ee8849ea499528181124d", 0xf0}, {&(0x7f0000000440)="f2c72754cac0ba2f68cb166d39279e63da04ade914c5f29881e996f59c50f1760d173321f80cc92027c8cca2f12604ce93bebce1e56042f0a5157b95fa61aa30c48b988a966e04d0466edf314c7ee789443e11062601e4b78b9f947b5201138bd0bd36e668d03526719516a94f70a48b4143fbad59", 0x75}], 0x5, &(0x7f00000002c0)=[@op={0x18}, @assoc={0x18, 0x117, 0x4, 0x6}], 0x30, 0x4d8a6c10a3013798}, 0x40000) 15:18:58 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) close(r0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r3 = syz_genetlink_get_family_id$net_dm(&(0x7f00000000c0)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, r3, 0x200, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0) fallocate(r2, 0x3, 0x0, 0x369e5d84) 15:18:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x7}) [ 1694.925293][ T26] audit: type=1804 audit(1567610338.024:189): pid=24667 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3699/file0/file0" dev="sda1" ino=17175 res=1 15:18:58 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x6000000) 15:18:58 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x4000000, r0, 0x0}]) 15:18:58 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4800000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:58 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x100) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x8}) 15:18:58 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x4c00000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:58 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x5000000, r0, 0x0}]) 15:18:58 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x4c, r1, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x38, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xb2d}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000000}, 0x24000000) mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x112) fallocate(r3, 0x1, 0x0, 0x369e5d84) 15:18:58 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x6, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x6, 0x200) getpeername$unix(r2, &(0x7f00000000c0), &(0x7f00000001c0)=0x6e) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:58 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6000000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:58 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x7000000, r0, 0x0}]) 15:18:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x300}) [ 1695.446033][T25106] FAT-fs (loop0): bogus number of reserved sectors [ 1695.491124][T25106] FAT-fs (loop0): Can't find a valid FAT filesystem 15:18:59 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x7000000) 15:18:59 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6800000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:59 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio\x00', 0x60402, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x500}) 15:18:59 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x8000000, r0, 0x0}]) 15:18:59 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r0, 0x1, 0x0, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='\x00', 0x840, 0xfa) syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x4, 0x4202) 15:18:59 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x6c00000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:59 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0xc000000, r0, 0x0}]) 15:18:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x600}) 15:18:59 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) sendto(r0, &(0x7f00000000c0)="4ab9b6d3af186bc6c7e83ea91a89f4652b35a2c9e5d82d83426f6a6df3d8dbab9c225400b7526a841e7254fbc8928627a1844b64ceeeec0140cd8ead70ba7446ac6041e8f0cab551f9ee85884c6d", 0x4e, 0x8, &(0x7f00000001c0)=@in6={0xa, 0x4e23, 0x5, @remote, 0x933}, 0x80) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:18:59 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7400000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:59 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) recvfrom$netrom(0xffffffffffffffff, &(0x7f00000001c0)=""/169, 0xa9, 0x40000041, &(0x7f00000000c0)={{0x3, @null, 0x4}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) syz_open_dev$midi(&(0x7f0000000280)='/dev/midi#\x00', 0x9e, 0x80200) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCAX25GETINFO(0xffffffffffffffff, 0x89ed, &(0x7f0000000340)) vmsplice(r3, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3}) 15:18:59 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x8000000) 15:18:59 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x38000000, r0, 0x0}]) 15:18:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x700}) 15:18:59 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x7a00000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:18:59 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) fchdir(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x4, 0x4, [0x5, 0xffffffff00000001, 0x2, 0xfffffffffffffffb]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f00000001c0)={r4, 0x2}, 0x8) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x4) fallocate(r5, 0x3, 0x0, 0x369e5d84) [ 1696.822846][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 1696.822859][ T26] audit: type=1804 audit(1567610339.924:193): pid=25755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3675/file0/file0" dev="loop2" ino=672 res=1 [ 1696.864951][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1696.880035][T25764] xt_check_target: 10 callbacks suppressed [ 1696.880046][T25764] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1696.893778][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:00 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x8800000000000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:00 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000500)='/dev/vcs#\x00', 0x100000001, 0x210000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000540)={0x0, 0xfff, 0x1, 'queue1\x00', 0x791}) mount$9p_virtio(&(0x7f0000000040)='\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x1041081, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=virtio,fscache,cachetag=+user^:system&ppp0\\%,unat\x00,fscache,cache=mmap,noextend,mask=^MAY_W,func=MODULE_CHECK,dont_hash,dont\x00\x00easure,\x00'/149]) lsetxattr$trusted_overlay_redirect(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)='trusted.overlay.redirect\x00', &(0x7f0000000680)='./file0\x00', 0xffffff54, 0x3) fchdir(r0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) getresuid(&(0x7f0000000380), &(0x7f00000003c0)=0x0, &(0x7f0000000400)) mount$9p_xen(&(0x7f0000000280)='self!vboxnet1em1\x10-&ppp1lo!cgroup!procvmnet0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x20000, &(0x7f0000000440)={'trans=xen,', {[{@cache_none='cache=none'}, {@access_client='access=client'}, {@aname={'aname', 0x3d, 'vfat\x00'}}, {@aname={'aname', 0x3d, 'lo]*securityproc&security'}}, {@access_any='access=any'}], [{@uid_gt={'uid>', r3}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}]}}) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000040)={r7}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000780)={r7, 0x1}, &(0x7f00000007c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000800)={r8, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000040)={r9}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000006c0)={r9, 0x8, 0x5, 0x8}, &(0x7f0000000700)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f0000000740)={r10, 0x5}, 0x8) 15:19:00 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x40000000, r0, 0x0}]) 15:19:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x4000}) [ 1697.021812][T25870] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:00 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0xfeffff0700000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x7d}) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000040)) fchdir(r0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x110) fallocate(r3, 0x3, 0x0, 0x369e5d84) 15:19:00 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x7ffffffff000, r0, 0x0}]) [ 1697.209727][T26032] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1697.239500][ T26] audit: type=1804 audit(1567610340.334:194): pid=26063 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3702/file0/file0" dev="sda1" ino=17840 res=1 15:19:00 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf000000) 15:19:00 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0xffffffff00000000, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0xff00}) 15:19:00 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0xf0ffffff7f0000, r0, 0x0}]) 15:19:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x1000000}) 15:19:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1697.881234][ T26] audit: type=1804 audit(1567610340.974:195): pid=25981 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3676/file0/file0" dev="sda1" ino=17808 res=1 15:19:01 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x21) fallocate(r0, 0x1, 0x0, 0x369e5d84) 15:19:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x2000000}) 15:19:01 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x100000000000000, r0, 0x0}]) 15:19:01 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f00000001c0)) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) fdatasync(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.origin\x00', &(0x7f0000000100)='y\x00', 0x2, 0x2) 15:19:01 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x200000000000000, r0, 0x0}]) 15:19:01 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000740)) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r4, 0x8008af00, &(0x7f0000000740)) fchdir(r4) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r5, 0x3, 0x0, 0x369e5d84) [ 1698.389476][ T26] audit: type=1804 audit(1567610341.484:196): pid=26760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3703/file0/file0" dev="loop3" ino=675 res=1 15:19:01 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x13000000) [ 1699.268167][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1699.300717][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1700.061626][T17621] device bridge_slave_1 left promiscuous mode [ 1700.068034][T17621] bridge0: port 2(bridge_slave_1) entered disabled state [ 1700.121410][T17621] device bridge_slave_0 left promiscuous mode [ 1700.127633][T17621] bridge0: port 1(bridge_slave_0) entered disabled state [ 1702.001145][T17621] device hsr_slave_0 left promiscuous mode [ 1702.050933][T17621] device hsr_slave_1 left promiscuous mode [ 1702.108633][T17621] team0 (unregistering): Port device team_slave_1 removed [ 1702.128576][T17621] team0 (unregistering): Port device team_slave_0 removed [ 1702.146962][T17621] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1702.208101][T17621] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1702.317916][T17621] bond0 (unregistering): Released all slaves [ 1702.437078][T26868] IPVS: ftp: loaded support on port[0] = 21 [ 1702.649081][T26868] chnl_net:caif_netlink_parms(): no params data found [ 1702.748102][T26868] bridge0: port 1(bridge_slave_0) entered blocking state [ 1702.763690][T26868] bridge0: port 1(bridge_slave_0) entered disabled state [ 1702.791479][T26868] device bridge_slave_0 entered promiscuous mode [ 1702.801574][T26868] bridge0: port 2(bridge_slave_1) entered blocking state [ 1702.820710][T26868] bridge0: port 2(bridge_slave_1) entered disabled state [ 1702.828570][T26868] device bridge_slave_1 entered promiscuous mode [ 1702.863119][T26868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1702.892288][T26868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1702.918023][T26868] team0: Port device team_slave_0 added [ 1702.927198][T26868] team0: Port device team_slave_1 added [ 1703.003094][T26868] device hsr_slave_0 entered promiscuous mode [ 1703.051014][T26868] device hsr_slave_1 entered promiscuous mode [ 1703.090687][T26868] debugfs: Directory 'hsr0' with parent '/' already present! [ 1703.118907][T26868] bridge0: port 2(bridge_slave_1) entered blocking state [ 1703.126037][T26868] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1703.133423][T26868] bridge0: port 1(bridge_slave_0) entered blocking state [ 1703.140672][T26868] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1703.231888][T26868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1703.268232][ T6412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1703.277329][ T6412] bridge0: port 1(bridge_slave_0) entered disabled state [ 1703.298476][ T6412] bridge0: port 2(bridge_slave_1) entered disabled state [ 1703.315047][T26868] 8021q: adding VLAN 0 to HW filter on device team0 [ 1703.329079][ T6412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1703.338958][ T6412] bridge0: port 1(bridge_slave_0) entered blocking state [ 1703.346079][ T6412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1703.377401][ T7076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1703.386792][ T7076] bridge0: port 2(bridge_slave_1) entered blocking state [ 1703.393877][ T7076] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1703.407755][ T7076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1703.426118][ T6412] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1703.434825][ T6412] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1703.443703][ T6412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1703.456469][ T6412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1703.467003][T26868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1703.497335][T26868] 8021q: adding VLAN 0 to HW filter on device batadv0 15:19:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000003, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x3000000}) 15:19:06 executing program 2: mkdir(0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(0xffffffffffffffff, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x3) ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x20000000003, 0x0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000240)=0x2) r4 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x14) r5 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x4, 0xa8100) accept4$tipc(r5, 0x0, &(0x7f00000000c0), 0x0) lsetxattr$security_capability(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000200)=@v2={0x2000000, [{0x5, 0x9}, {0x0, 0xff}]}, 0x14, 0x1) fchdir(r4) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r6, 0x1, 0x0, 0x369e5d84) 15:19:06 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x300000000000000, r0, 0x0}]) 15:19:06 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x2, 0x1) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f00000002c0)=@req={0x28, &(0x7f0000000200)={'veth1_to_bond\x00', @ifru_settings={0xffffffff, 0x8, @fr_pvc_info=&(0x7f00000001c0)={0x1, 'hwsim0\x00'}}}}) fallocate(r1, 0x10, 0x1, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x20000000003, 0x0) close(0xffffffffffffffff) write(r2, &(0x7f0000000340)="ec65a408de560d53fcaceb301dfd1d0b9f20ee7b58952e276e2009268b91f002f9b65c09b28e6bdc61b802abf750a346361d9dec36d2aadec95e82b1f1d6daeb261d295c2da3659cfae8ab2d8369c5ff0cfa7e11c6eeede59df17944bb43f7131a4026299dd8eb051f93d16ac5faa84f333e5386581f435a8fdb857d30cc08acc3f3bccb2a3c94e0334a646dc00104cc66e5c63d17990362c365b6703605dc595b6d9d07b825003af862679362c32a1f5a196a4fa2d120682c1eefed056f4b6a9ded2d7c913bf0e307b2e1c4141454e47088a9776eecf5626d6b15ec6da285e101ede4c098fd0a28a2c368d967b1f1ff90f53a57578254e9470d2c8fe49b", 0xfe) bind$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x24) 15:19:06 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x20000000) [ 1703.577324][T26876] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:06 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x400000000000000, r0, 0x0}]) 15:19:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x2000002f, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x4000000}) 15:19:06 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f00000001c0)={0x40, 0xb, 0x4, 0x800, {0x77359400}, {0x2, 0x0, 0x8, 0x3b, 0x1, 0x51, "2af1fb5f"}, 0x5, 0xb370107d05eb7bb7, @planes=&(0x7f00000000c0)={0x8001, 0x401, @mem_offset=0x100, 0x81}, 0x4}) getitimer(0x2, &(0x7f0000000040)) 15:19:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000102, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:07 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x500000000000000, r0, 0x0}]) 15:19:07 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x5c, 0x0, &(0x7f0000000340)=[@clear_death={0x400c630f, 0x2}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x1, &(0x7f00000001c0)=""/228, 0xe4, 0x0, 0x2f}, @fda={0x66646185, 0x6, 0x1, 0x14}, @fda={0x66646185, 0x2, 0x0, 0x24}}, &(0x7f0000000040)={0x0, 0x28, 0x48}}, 0x1400}], 0x61, 0x0, &(0x7f00000003c0)="44694106385cadd0af34124afd98b626e4e0d5f0c4d3696e636edfa04fe22bdc969bc8f6eacafa3b9e83e09a114fb4d0d274dead3f478eadaa9d7f32f9fb49d1363a4fc7b082212f6087d2d6be8e0e7af7ec65ff14c9d219b5a7ef3b34aca5c0ec"}) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:19:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x5000000}) [ 1704.387759][ T26] audit: type=1804 audit(1567610347.484:197): pid=27515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3705/file0/file0" dev="loop3" ino=681 res=1 [ 1704.451706][ T26] audit: type=1804 audit(1567610347.554:198): pid=27518 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3678/file0/file0" dev="loop2" ino=682 res=1 15:19:07 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x6, &(0x7f0000000040)=[{0x1000, 0x3, 0x0, 0x3}, {0x1ff, 0x5, 0x3, 0xffffffff}, {0x1ff, 0x55f, 0xfffffffffffffffb, 0x20}, {0x10001, 0xfffffffffffff564, 0x0, 0x8}, {0x4, 0xc48, 0x3, 0x20}, {0x7ff, 0x9, 0x7, 0x80000001}]}) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:07 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x700000000000000, r0, 0x0}]) 15:19:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000103, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:07 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x3f000000) 15:19:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x6000000}) 15:19:07 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x1, 0x0) fallocate(r0, 0x0, 0x6, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x2) syz_init_net_socket$rose(0xb, 0x5, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) perf_event_open$cgroup(&(0x7f0000000340)={0x1, 0x70, 0xe5ba, 0x6, 0x2, 0x863f, 0x0, 0x6, 0xa00, 0x4246b4db8722900c, 0x6971, 0x40, 0xffffffffffffffff, 0x101, 0x0, 0x5, 0x8000, 0x200, 0x4, 0x6, 0x80000000, 0x401, 0xfffffffffffffffb, 0xfff, 0x1, 0x3, 0x7fff, 0x8, 0x4, 0x1000, 0x80, 0x7f5e44ed, 0xfffffffffffffff8, 0x3, 0x1000, 0x4, 0xffffffff, 0x119, 0x0, 0x3ff, 0x1, @perf_config_ext={0x101, 0x7}, 0xc004, 0x4d17, 0x7, 0x5, 0x1, 0x29c855f, 0x5}, r2, 0x4, r3, 0x6) fallocate(r2, 0x3, 0x0, 0x369e5d84) io_setup(0x2, &(0x7f0000000040)=0x0) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r5, 0x8008af00, &(0x7f0000000740)) io_cancel(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8, 0x0, r5, &(0x7f00000001c0)="05d1bb6f97005e1504e42788cee39d4e2d609e619b2980fd6c3287d24c1bf049eb3eec1e9be791ab3467182b0a23efeefde5f815ddf4536766f397969bb85a189a1e0926fc", 0x45, 0x1f, 0x0, 0x2}, &(0x7f0000000280)) 15:19:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000104, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:07 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x800000000000000, r0, 0x0}]) 15:19:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000105, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1704.733070][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1704.771273][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:07 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0xc00000000000000, r0, 0x0}]) 15:19:08 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r3, 0x118, 0x0, &(0x7f0000000480)=0x4, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'netdevsim0\x00', 0x0}) sendmmsg$inet6(r0, &(0x7f0000001dc0)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0xef, @rand_addr="bbb6e66468fcbbf891da7e5c512c381d", 0x1}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000001c0)="9966ff1d74296067fd83ef5e404456acbedc6877de66f7e65862f20bd70e2510d39886b5ac3f48443bfed01314e0f62e7eaad6acf521a77d97a3e0c04a528076c11dbec469215e64c2602c912e33ca9ed480f10e0ca11590b37c6aca366226687ff38303d146f6ee5469b7429b75f7fed8bcb61614247020912ccda580106c673297be22f3bfdab25bbb6623feaee7520aee4c1fea11bf25772fa12da87b796d34d281bdd379c4e8af0462c3205766b65d96ff8a5bc7a178530d130d72cef0e54e6f44ecebf095a08858ea36c47279909dba741624514a7888bf93382f1ccc46caff596b87889ae40163e16bc9ac8dbe2d3a08f6", 0xf4}, {&(0x7f00000000c0)="f3e2ee15cb8d4d6f23ea9f7dc9c87d7922049a0c2567015e882f3b02a156dbedf180be5f13d7b320b2", 0x29}, {&(0x7f0000000340)="f3d29344f83c6cb254fca05811d0e19de497e975f037099a1e5809e95c6311c35141194b9089d855efe260f322efc4736c4c6410287a143cefd90c1db4e0040749e3b7102a6b482cade44bc35b979c2d6a129db1fc23a2b5a7499d3968a6e35b2e13f5a2299243cd0b7aa82304c645f854a9aa26deab0d264bd421d967", 0x7d}, {&(0x7f00000003c0)="b16c92b87e5bf7422d3e46133f1b1f1f0f1656d3fe18a13ed53f8ab365009850fd548f5e7c14fda7384a5dcfb2c986946f4c63d63b6933ae07f0a90663f59a48c423037e4f717fd8252f25798c99b7064e3cf1a3adf74c89a7896db82325d8cec633b8861cebecba2e13944c469a7e12b27bba2b6e28ee174221d8999b6b7133f9d3e29d9fbf7604ba93a9aecdd5f563a0ba94deca75710967dae75628fb37bef9129fa42bd79c7297da519ac4dac062f0", 0xb1}], 0x4, &(0x7f0000000640)=[@rthdr_2292={{0x28, 0x29, 0x39, {0xc, 0x2, 0x8b09d3888060fa28, 0x5, 0x0, [@mcast1]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x8001}}, @dstopts={{0x28, 0x29, 0x37, {0x2c, 0x1, [], [@jumbo={0xc2, 0x4, 0x2}, @pad1, @ra={0x5, 0x2, 0x1000}]}}}, @dstopts={{0x88, 0x29, 0x37, {0x76, 0xd, [], [@jumbo={0xc2, 0x4, 0x7}, @generic={0x7fff, 0x17, "5dfa1fe422850a6276080fe93ed79f557e9fbfaee762cf"}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, [], 0xe}}, @enc_lim={0x4, 0x1, 0x1ff}, @pad1, @calipso={0x7, 0x20, {0x1ff, 0x6, 0xbd3, 0xe49d, [0x101, 0x4, 0x80000000]}}, @jumbo, @pad1, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x73, 0x2, [], [@pad1, @pad1, @ra={0x5, 0x2, 0xe17}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1]}}}, @pktinfo={{0x24, 0x29, 0x32, {@remote, r4}}}, @dstopts_2292={{0x130, 0x29, 0x4, {0x21, 0x22, [], [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @hao={0xc9, 0x10, @mcast2}, @generic={0x4aac, 0xa6, "8363042dedd93b93871aec6700e44a75846358892a6d028042a45d9379a5972284c88b9038c3839e4ccd0b7e4a3054e2f3d10f3c4e7af3d4dbd53fb350a5141b2c789102e8c31f4c19f695120dd4729b30c8d6ced16a9c4bfc122163e778511d0ea995f257c7863089fd7bc778619c539fb3efabb37663ab8eb42873a6c352c1472e6009368f060968ca1e772e77839f2f707de5c25ac4ee423376ed1dd06bbc8c4842dc5232"}, @calipso={0x7, 0x38, {0xfffffffffffffff7, 0xc, 0x80, 0x2, [0x5, 0x0, 0x6c96, 0x40, 0x9, 0x9]}}, @pad1, @ra={0x5, 0x2, 0xff}, @pad1, @jumbo={0xc2, 0x4, 0x2}]}}}, @rthdr={{0x38, 0x29, 0x39, {0x2, 0x4, 0x1, 0x2000000000000000, 0x0, [@remote, @rand_addr="3778de5a51ec892fd37d9ddccb02702c"]}}}], 0x2b0}}, {{&(0x7f0000000900)={0xa, 0x4e24, 0x76, @rand_addr="7a9531900f02760a04e59871a930bca0", 0x6}, 0x1c, &(0x7f0000001d40)=[{&(0x7f0000000940)="1b61235ec2d1c612f4de22b7e835aff6e358be494cdfa78d38fb3d1764378b1488684b23b5682cec5f6e3676f02bc7582fa7a69c6a24c59c81cddea5fd8b7e88049394dcf470f7fba81a78e5e82ed55b8e14cc38ec082d2fb01fe9b565803bb39171f3", 0x63}, {&(0x7f00000009c0)="e8006d443bb2ac00ce357eccffbab6388e4b18f050de1152a5535b413e4499de7399c98d3e26d0a3c246a8e8fa5e4aaf39cf5177461c4cf1717f9874c567c1d9cb7985bc3f76d95e6f447c69dbfb267bfa80fb4fcfffcccad37dde77aa45933d21cfec82ce50a18bd17a8f86bfecdf52b81987edff4ba4a3ad469fb61eb4ca3c61fd5763e245f0bf5b5836d63a817d6c00187e0fcc47ee6d74ad15404d38bc54985550ba75896d7d54cf81768782b171069d71e457efe64a20d74b5b38ec9f2ab1bbf5de7fa11b912565501bef660f1d691136d4f39ace7956345bafea4afafe9d6a33a352a7318dc4410ca2df61e873ba28508b0e49f4257d4f4f62efa2779f59d244cb4c62476769ffd3dd8aea9a6e8dbc72097404897ad138d1c9c812dc191f079d35fefa7404a96cd98ccb3bbf6057d5351d2df1157c5638aa5376ae86bd56fd2212be747d55270086a2dd8f85380743fd25ecaff3be21ca096aac0f721498caebb7db1742a91d06d2e338e963ad68ef5f2bf0a25396b29608f10aadad203e80cd719bcdcbcf2fdde39ea813a5f98c95b1ac87915013761544881c1253b4b08ae53553ee923d24d625630334add5691e124f1946271129b197ef432cb9294f60ee5e6e86c364e8fca34dcc65a39d92f08981a9dcd3e6f3cbc6a899623a2a98fe42c7e3f610d97e3bcdcc581a079ab4eea9663148a3b5f0dfa32f00a233af85af067343f77fa31b60a70dab3c811e2d91ce81e3b09ad27cf1671f014052c75bed2ba87f642f50d300e078663336a2b5a0d47cdbfc85f28dadff6e69c0abb65b00f0ae021620ebd8e44d768c63b6b4ed061c0cc723f5b908b97179a7390f6e38748739d798b0c1f49f9608246247015fb1bb3c96ed69e7fc78481127d1c8d747327d9d51c04516dc5a7e024f555de7f08ff7138de7bf3c4ec752a80669ec71731252f02260efc057f27f1f84428e4d34acd9b43420b965ba024dd0a89772cea555a0e19fbad2f98bb83757dc237e7242d74deeaa132a70aa87b2c10296a2049be9546bc79a9b2f3e29a1012a17cf3b43170d0f0ed1638586947b1a04146f9ff005a91eef9ec5f88472562ab1b213394df7945e622a419f7b67bce0f94b6732da226f4d23ff42bf38cc0d5685115dbbd892c11e424ddd85842eb0cac36031d40de84426230c894a349950dfcf523366deab8cfef7f73b9d3b27463c1803020f8631d2696e0e8b5eb8db97fb6442a89d2bab7dfc3e611281fac6695f1a017b6608fce6ba360af21353d604134de6321fac7d4fab8f663d9b4e86aef5b1d613b3e412a2b5880b3de73cd56a2f378ba2f3b570373ea0161f108a605c2b2ef65726182063b5cb76cad66b8de586ba0b44dabe05809183f350858f93aa42048a43bdf20f48e8bc75e25a4e8e255bd4a88f2e9a4c95dbfd17ae124582b2bd147ecb80c5284c61fea00f875cacf77f4fb1ead9be0254c26517afefa91c6299566bdb63993c5502e4268e299c1eb589459de9f92363a4192af7e6358afe75a7b8bf3cf5ba1b59a41553275cc152fb09e5cafbe6c3b64e756ec6c27929d7c951820301b915e51ecff5779a57fee235f27999222fa154b3b51908e1074f1ffb983cb609038a5753fd606db1e581da3ecf9251a33107dd78c2b6bcfc7fc153446dd4f89d8d1f9d2b52c1af5215809cfd3a59678a00b9011e69d97dc445a0ad4f126947fadb683daa0ed650d814af2169818e76f8b6d7d45df9a3355ec74eb39f0d5882e28c0d3ca3d252c8092ddf0e96f9976171334dea23d6d07bb13121a1362bc4c0190240ec3db73cecd80504c4a23600a2cb002c9fdc8082b706ca8aa97c9f16c280902e5fe4f47d37103aa8e0743ebcd5de1e3ae62aff160f9739b04fdfb71fe7a284e277cf6bb4c526245f2c009fbe87fa7f0cc72b687678d8adf03c6c001e556aebeb6cd53d1334be47ec7f027b03963c4eb0a94381fa371616bebbc32e3de0ccfd5210a2d6b55bc71ad45c7680a99972e2964b76964b3ef3361432a50230c425b1194c049bce3f073119123314bf085f7b39ab9c2349fd4d8d3cc7d9153e5b7710328c6a8d7864db7d2137a9b35411e52586e639e870e8d2d2db188083830adc00b3be8e94049549b29d53c7ecf48aa18f095ce732398f6458b48e0447d0aa145646ef9face10d62ee068cd16eb767b4ce73772adece5bfc636661f0d12d58c8e4209055a8f74c8d7157703036aa5b9c3f95aff067e7cebc9fcd522278c80093d12e82cfe775f969e5c7d6aab45faf153cd17752cc8262d86ba711e9141d8908c0a7582929098500355ae7bcbbb2092e28ee402e3a54c32467644e1858e7dff9d68b06ac28a88860b334734409cc27daef61f62accce9b91521949032f40e58e2cfeeff08be9729ab5880f3b8acc2baae86867c2736291b93008e264b517c1c17561587b929ae4544b7072b952af618b1865e64283965a6c2b9c1dd0e5695e156f7ddae3995621ce54ad1ae813d5263be4dd2c80445101150a05e2c19be59118c12c34afa9e28ba4e4f4b2c95daf5aabce5764587929a653039c559e3ab5b1421d0b1e86002ea670ac84cfe37f47250ea0b87e8af8de5614dc25f77d89b98de7a97b39814230f0fc9cae644cbad93a33e0bb51589f62262a8b87fd016f7579b256280e2f8eb95b68dc304a48eab6e98a346083d9ace00f4f8adfd686d27e33995c87d234ab7265fdcc48d88cd52ec5fd33bdb606c3383fc21102142b64f06eacbc663161de92f4c0f07e19e9c2b73b649bf429586603c21f8af1f51059e0371796553da5d6a721d9a5af0a5d684b5410711ea4da75c9b0fb130733a1f7337b5fde2908bdf7df5e744188139d7a7fdc40abbbf3712ed84a58e386521c19d7fad85430e1c84f8358322e1d39f681a4440d516dc857f9a72f18e1accdc807b9266bde5ac2f2d1dd0523753a4509f34b9bd7c9034407f6e901794bc4055366892425c25f47128e8e2708b12fede372135b1cf006636cbad19448b02bb2ab1c65ee9079cf5bfd3aacc5153118586bb9d62a4726ce53ecfdeab6bece3e211b75427fceaac4b52cd1f96e81a7fb0f0d312e1a722f0c77391c7a2f04cb1f6b5155d6c1962bb58c9d7bbca22489e7adc98b1306aa7d34b9fee4406a606701672d074bbffc0cf31e5361ec04f77971aeb1c2630e5f05d78478fa99cc883df3c8634547452b9b77cbcd82fe29642f874b3c6d1f0d6bc0d553d48b9270b08e8a8b42de600e093e9aac7e5ba072ffe1f3c2dde94582e340bcf2542ae03d883b1081ee0e4265b96eaae95af1defc7b895365207769453fd0c49c45892c4a30c0920b2b7351610b55a3e6de5d18b8552666ac18288dc50803eedf8b638fa3320e94f189c8032c1c4925b50d4e4676793d63f40f5a7610bde8de28d427e000c8b187b793216b1947534454541ba45a62429e22a0639b511f87284fae0a270d4aa69e7898c7be15c4ee698dba690c76cbb32f6b252b8f09a1517d0e2c00a2e62dac87e91d3e04c65dd38c6347b73fa84791b14a52e4f0d5f35c8fcdca33703c8fd650f8812ff5fc6be7d80c30ea5f9699d116809e920a4578e8527d8e05c1c03b6744b2af2ddbcbcad1f23731677f52602ea8744ef919c5a9fd68f312821ec0fdf1d6031cbd205c18387d61c8fc4bbae238466ee93a6253d6d813845e24a2d90f82bcf45d53f3c82368d8819425e8a18bb8d32f85aa4f910cc6481415b6a8719bdc7982c6ef23651a39e5b72f0fbbc1d14f478a722d0c107d8a127dafb57e5e58250b2bfcc980e2ee17aad1f9b22c047503f690aadfbc43e24a984b4b3d1d1da62648f2882a87c1147fce3bdd3d3230bf7a9382ebac22db06cb52d5488cfe5527f765da878a19208371ac7b48d9c6b7184604f3a2f3684cec2b267961316dfe7786b2cdc09563bf80b811bb9ec3a2f2e48ae65e29af4a682c775e1128aa196362b83c67d57454a0702e75eff94aa7e54a22140d3dc3348648fe8af01b72d1e0ba6296d67b9ab815d19d1bbb54ff8615396f9f87c57fcb8062f0bdf55b62c9d4f7d601a9b3317f8def4ea4e0065d4d070996cef9627c615e89f9bbad0c2796982f1644160de5b858d0a772c670b529a7528e9e566c0b7206a5d62b3ae2104c44fde2d13699b492c67f27736d6f8db1fae7ac8b2ba2650ebfb3b2b4f05b25fc5cc4070f2203fc40c798863177a963f672440dd3601a16ef8fc4035e599f6de1643e536b1d4aeed83f242c815f238e0278938aeb7535fe9bd708629981a229d98f689ffd97140e0daf9f317f7a95068ccf4115a852305be78346a907c0c6c6d1ed9883037f25e7c50e569504197b3520e51792236192657ef6f2ee3ca1f09b31d591d10b314c42899159d562d2a85b1a18716cade9ba6c70ac71606ae6efc53b15ec8a6720b6bb7b36673afceddfbaf962a60e579f3cbe76f87641cc32e5c71d896e4d497e273d482b307b30ed148c7af7c7d78a920f27aa6256399a85488e7627982892ba148c678b3f2338f4372dca2f7d4351bb70fc08699f92abd2911266c07da4a0e97f952e32288b33491543c68814983694cc528d4c8ee09b462d51d4924ebd8f99503d7b09c8aaba8d685b2fb3b485dedd4a57ff56c936a93014a2ed5a9d9eb5e83eb6e089efb2349233ce2e4e935f2fa876d151f0fa387ccbb8b22433f68907317cb81cfb0214e5e5fdf8f690672c05ee2c48c2ccdaa86a4da57a8a47dc7c6cabecac8502679e69857bb652491b96c4ae25b48e75bc804ec404155a929e233a6d7e1d2bf065831c09aa91b7209fd3e990d00023a8aec64b2497f91e5b1ae2762d14905ee726eb30c57d8dad67ab835b87415bc49129ba6c4c5fe66c34595ead062cc83d7bff72f4ee85cea4b09638b05839e00dc97bfc1894560002c2057eed05ecf08af7b84373b22fdf1970574b9e0366e0f4b72be3394070abdbf69e59ae447a85ab5ef301a70bfc57f92721ed14fba4c24421e0f4e49c9db59f2c9586bb7792dc1d7e7e3da319bec59cd50729c9584e4d76933ca3a28fb8302bf355a28133a4b699e9772baf262eaf246840cae922476c48e0fe616e8452df5d34e3d34a4fdc0487e7f85b088edca7f21dd1c8f2a2aa87848d65001f0baf5445bae9192ed9bc33642ea63cfae3ca91e59ba847766bc866a1729a6d44e2cf7b7e50a3a2530f78950f7a3eb3dfc759b7de35ed3e440992938650d5638d2160ae623f39b7b4a7c9caec1d668c8d14a77afedea1074768729c75afdc6a58e4b3c1e4913afe586613b517750377eaf84e4f62a9d05d1e29c362e80038847659794d6887bea1c9c541ae0b24335bd14ecceaa2a3ce29ebbe6c24e702978d87ef99727f914fb3a729880c4d844418e91cca68e41c6fe7412c739b45bc112a10342b2586197aa81249ee7c7f9e1f70edb7d27fb8408c8c364e85320328ca1372dd7803417326d0643a60c276118bb8efd6df829212bac1b194a7dc5b511da28c1c30c9028fbc86b131588b117340999353dadea3d81918c1a5aa0e235f662307b395efc5dc24af78f323e461a4867f5342dbc50be67da8907f573b62ea22a9008441e4ffbbb25ae931b61895edef3ee908d7b2f87dd6fd66da5c5840a99eb451912a010c9d01db74c6869e8dda32f97302756ae18364248f2967375dc53b4f9b81f26dab7d8b478a32ba214a0fec694af3e627b5130a19280a21053f35dfa0a73034381ffc027b301786a9a0e7748c7c0cbe3e2215c9000be00996d6c8815dad401ccd2aea9a5cec2e1cfd92fe0085", 0x1000}, {&(0x7f00000019c0)="4495de6518ab7829e234aa8259b05d63ae7657", 0x13}, {&(0x7f0000001a00)="b1d33190f629711f6e35712b62603bcc09fca5e4560570558d8c7fae279875394470c45bd98ec1bb4ae2cd9f09b985dfff7ece1f4d17e2294b8405d1f97a9b4b655c44f79b8a154a3662ba5705a60ed2bf5f6bc55f05f404a62139f9efb9c7f86d84df225b462a38dc2c3302d084a4fc93b83aa6fbee0f4a985d1c6de19704d6220ec186e7e598971b230f9db4e578473d2d2710274777dc437df4bb8426b73308be77b19c781b17f539d0a398bbd0501dc541721f72798aaaa24866eecbbfc1f1d50e23a5c26cb44fab3316c00349e4a2", 0xd1}, {&(0x7f0000001b00)="7d52cc7030cda2cf5d1422671f96200bd93f6b56fb907f76fb47b986af9005feca8276de558d7bcc537f2edeec273506670653a77c470652448184f83dd6bb332884b060b8e1b4027b16086455154929296fef8c1ff5709b", 0x58}, {&(0x7f0000001b80)="a2addfb6816d039ff5e76f69e619b1cbcfcd7bfe6c3ebd0499fbcb3c455d86b1e9d1985f6cc1aefdf3c23aa32d7ed60b483282d57c5118f4cbe328b34bb3b06b5b9f49df303ffed24768a62fc3be5735d5551ec9ade6948162257601f586fa58a981313120ec0aed4c2c0be8ebc2645d6b6a228ecb97a79bb9b70889da382db7378b432161d445789f59d9398c55f3a50106355b2f615e5b82615d9bc63cec319a1e4a15b7c15a13fede51b8d0189c78106a4141d68b76c5cfe69baf263381a34bce57f3e54729dbed48693bfc0242d1eb40d1db14ea34cc6ac5", 0xda}, {&(0x7f0000001c80)="d76da739fff2676be508ae84dbb5670254c0b19c7fe776a3a7b501bd1ff703cacc7b21e96debeb12aa861c2fa8ec205a367bfb08bfab71b482f2dfdf092b05474b315d44f8afb0a8ef986e61fdaa4194de985762bd0329569632cd6b283365068eb9a21445d7662c82c16d825762d6dbe429eaafcc64a4b8bf00b91d293545387c44363454233d17c4c8bdcde62a48", 0x8f}], 0x7}}], 0x2, 0x40) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r6, 0x3, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) accept4$rose(r7, 0x0, &(0x7f00000002c0), 0x800) 15:19:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x7000000}) 15:19:08 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x88a, 0x8000) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r0, 0x800455d1, &(0x7f00000000c0)) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) sync_file_range(0xffffffffffffffff, 0x1880, 0x5, 0x5) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) 15:19:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000106, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:08 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x3800000000000000, r0, 0x0}]) [ 1705.227481][ T26] audit: type=1804 audit(1567610348.324:199): pid=27953 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3679/file0/file0" dev="loop2" ino=686 res=1 [ 1705.475103][ T26] audit: type=1804 audit(1567610348.574:200): pid=27963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3706/file0/file0" dev="loop3" ino=687 res=1 15:19:08 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x40000000) 15:19:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x8000000}) 15:19:08 executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000000c0)=0x4, 0x4) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000080), &(0x7f0000000200)=0x18) syz_mount_image$vfat(&(0x7f00000004c0)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x7, 0x1, &(0x7f0000000140)=[{&(0x7f0000000500)="eb3c90066b64732e666174000204010002000070fff89b758f01b3ad7bd6e883000f4af4dd1f8b9281527bb60749f4537f5cd5f6411e59f553d5922923873794a1f815614638e68c3fef58087d70d5a4b6b869f30d8eb93a4ce3958fdebbb63de2d4b41b4c781186f098677e36e51bf278eaae63054c9dd38a7aa4bd1b632d6a789faa97232054f88e36f3b4121a2d6ed1b07366746bd6cd8243c985a0217336f793c5ffa1035e7051bbd9ca6c441634595567f50e6e28f2d4009f6b4e8e514662b7888232559ec73d4f87367ebfc326d6c77f36946f3eaf7180849098b71d401c14305bd7bbaeeb33f3cf1490b1ba4219d0fc7de1afaaf4f7aeaf6169ef0b0dcff2f1fa5b92422f2bd966b54c3074e7e3bbca2d1cc986b539fdf3e3541b674f25d3d3df2438d52e675cc790150c1575b7a5282c755225fd7ddfdf13c96c55bc8ba36e2366a406e205084c2f20af56cdaf495712d4365e690aab6f1e5c07f72102e7ce8ca5db898b9a23bfb7318470dfc962680b", 0x1, 0x100000}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) rt_sigprocmask(0x0, &(0x7f0000000140)={0xfffffffffffffffd}, 0x0, 0x8) r2 = gettid() timer_create(0x7, &(0x7f0000000200)={0x0, 0x24, 0x4, @tid=r2}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) r3 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0)={0xfffffffffffffdb0}, 0x8, 0x0) read(r3, &(0x7f0000000080)=""/128, 0x80) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f0000000100)=0x1) splice(r5, 0x0, r7, 0x0, 0x20000000003, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4) syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x4, 0x4000) close(r5) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r7, 0x28, 0x2, &(0x7f0000000040)=0x8, 0x8) fallocate(r4, 0x3, 0x0, 0x369e5d84) 15:19:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000107, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:08 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x4000000000000000, r0, 0x0}]) 15:19:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000108, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:08 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x8000000000000000, r0, 0x0}]) [ 1705.633581][T27971] FAT-fs (loop0): bogus number of reserved sectors [ 1705.667788][T27971] FAT-fs (loop0): Can't find a valid FAT filesystem 15:19:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x40000000}) 15:19:08 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x2000010a, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1705.926733][ T26] audit: type=1804 audit(1567610349.024:201): pid=27961 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3680/file0/file0" dev="loop2" ino=689 res=1 15:19:09 executing program 2: getresuid(&(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)) mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept4(r0, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x20000000003, 0x0) close(r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e22, @multicast1}}, [0xfffffffffffffed9, 0x52c, 0x10001, 0x170b, 0x8, 0xfffffffffffffff8, 0x8, 0x5, 0x7d, 0x60000, 0x9, 0x200, 0x4, 0xe41, 0x2]}, &(0x7f0000000040)=0x100) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f00000000c0)={r3, 0x3}, 0x8) r4 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000100)) fchdir(r4) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r5, 0x82, 0xee, 0x3) 15:19:09 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0xffffffff00000000, r0, 0x0}]) [ 1706.134943][ T26] audit: type=1804 audit(1567610349.234:202): pid=28314 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3707/file0/file0" dev="loop3" ino=690 res=1 15:19:09 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x580f0000) 15:19:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000111, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0xfdfdffff}) 15:19:09 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x2}]) 15:19:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="eb3c3a000000732e6661740002f80100000000e3401602c6305908000000", 0x1e, 0x4000000000000000}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1706.203387][T28398] FAT-fs (loop2): bogus number of reserved sectors [ 1706.209973][T28398] FAT-fs (loop2): Can't find a valid FAT filesystem 15:19:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000148, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0xff000000}) 15:19:09 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x3}]) 15:19:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x2000014c, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1706.424005][ T26] audit: type=1804 audit(1567610349.524:203): pid=28398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3681/file0/file0" dev="sda1" ino=17854 res=1 15:19:09 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16, 0x100002}], 0x800, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) recvfrom$inet(r1, &(0x7f0000000240)=""/42, 0x2a, 0x40000102, &(0x7f00000002c0)={0x2, 0x4e24, @remote}, 0x27c) 15:19:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0xfffffdfd}) [ 1706.492035][T28546] FAT-fs (loop0): bogus number of reserved sectors [ 1706.510124][T28546] FAT-fs (loop0): Can't find a valid FAT filesystem 15:19:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x3014c0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1706.654968][T28730] FAT-fs (loop2): bogus number of reserved sectors [ 1706.673548][T28730] FAT-fs (loop2): Can't find a valid FAT filesystem 15:19:09 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf6ffffff) 15:19:09 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x4}]) 15:19:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000160, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x100000000000000}) [ 1706.766331][ T26] audit: type=1804 audit(1567610349.864:204): pid=28631 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3708/file0/file0" dev="sda1" ino=17850 res=1 15:19:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x200, 0x2c0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x1) fallocate(r0, 0x3, 0x0, 0x369e5d84) write$P9_RWALK(r0, &(0x7f0000000140)={0x16, 0x6f, 0x2, {0x1, [{0xa2, 0x2}]}}, 0x16) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) splice(r3, 0x0, r5, 0x0, 0x20000000003, 0x0) perf_event_open$cgroup(&(0x7f00000001c0)={0x1, 0x70, 0x850, 0x1c30, 0x1, 0x9, 0x0, 0x400, 0x40100, 0x4, 0x1ff, 0x6, 0xf635, 0x200, 0x3ff, 0x5, 0x3, 0x3f, 0xe6, 0xbf, 0x8709, 0x40, 0x0, 0x100, 0x1f, 0x6, 0x20, 0x3e, 0x2, 0x16d8f079, 0x3ff, 0x0, 0xe97, 0x8001, 0x9, 0x7, 0x7, 0x2b4, 0x0, 0xfe, 0x2, @perf_config_ext={0x8, 0x2}, 0x200, 0xda, 0xd2fd, 0x4, 0x8a, 0x1, 0xf9c8}, r2, 0x0, r3, 0x9) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f00000000c0)={0x459, @tick=0x10000, 0xfffffffffffffb66, {0x2, 0xffffffff80000000}, 0x2, 0x0, 0x20}) [ 1706.844472][T28730] FAT-fs (loop2): bogus number of reserved sectors 15:19:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000168, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1706.881116][ T26] audit: type=1804 audit(1567610349.924:205): pid=28944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3682/file0/file0" dev="sda1" ino=17899 res=1 [ 1706.891341][T28730] FAT-fs (loop2): Can't find a valid FAT filesystem 15:19:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x5}]) 15:19:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x200000000000000}) 15:19:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x2000016c, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:10 executing program 2: mkdir(0x0, 0xa0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000174, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:10 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x13, 0x3, 0x6, 0x1, 0x80, 0xffffffffffffffff, 0x936, [], 0x0, 0xffffffffffffffff, 0x1, 0x2}, 0x3c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r0, &(0x7f0000000200)="5389cdbbaba48257e238f7875855801cdfe714f15d72fa422a0832bbfdd694c6ae4f93f221ff99e66a41ab4ded45923674465c6b8ed2", &(0x7f0000000240)=""/19}, 0x18) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x100) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) fchdir(r1) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x183001, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r4, 0x8008ae9d, &(0x7f00000000c0)=""/1) ioctl$KVM_SMI(r3, 0xaeb7) r5 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r5, 0x3, 0x0, 0x369e5d84) [ 1707.336345][ T26] audit: type=1804 audit(1567610350.434:206): pid=29270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3709/file0/file0" dev="sda1" ino=16517 res=1 15:19:10 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xfeffffff) 15:19:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x7}]) 15:19:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x300000000000000}) 15:19:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x2000017a, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:10 executing program 2: mkdir(0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) sendmsg(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@un=@file={0x46d29e47d31c88f0, './file0\x00'}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000040)="986c5f6f16c72025d5f1ac775b370acf48693f0efc8e", 0x16}, {&(0x7f00000001c0)="6b2d8e3877982ce2ceb04877c56bbd04dff07148b0afe1c27f4949f0959d445712732a90f7", 0x25}], 0x2, &(0x7f0000000340)=[{0x28, 0x10d, 0xfb, "f4337c547dbc0f1803961c06e2187babb6bd3f20cb8ef41a"}, {0x88, 0x101, 0x0, "7b1bc0193973611bb9218b3f9b9d4a7c5000aaf9b410cabd8438ce39a0d4d0b6010ab0c3dc2bffbc3c9dfe5b44afcb76321d7ada290874e4363b93db42a0f93e875674002b324dfa0363ca97047fa4ff3b2cb496ee8b2d59e65171934256b9c291d4e6b305d6a5dc21405669dab5d9ab9a"}, {0x58, 0x119, 0x0, "4c2840f182894ca0ce584bbdf1116455cb1e77179f1ace7ff4cf4d347ae64cdadcc3cde92264b26ff0e52ad5868eae39e1c0eaf27e8bcdee54ad953ca7efbf82358baf9890121e62"}, {0x40, 0x110, 0x4, "6a3cdb4894cccab2de1b53cfefba1e5d4cc8f035c0601c071ad6d671e9d649ba150645156727e41298ed6456a4"}], 0x148}, 0x4000000) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000280)="24cc170895699f4581e06fb51bcaf8d7", 0x10) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) write$binfmt_misc(r1, &(0x7f0000000780)={'syz0', "5fb3640a912010545361ff839f5b9d3fc0d55980fa2c62adc795810c20a324363b6d1085881055256e39b0900c04c3e67f7a634abfbd9142881b3a4bbd9d9ce1dbd62601484431911afdf3317b5f396fb6e9758d00eef489d1ff7c3f88fcf09805756d5b07851172ffc9e379156b06d38384b6d47f4ae982283c527d2055a295fb0ee4cde9e21c8b0e8ccd9efaefec15590c938ce038ff955f4a99af6d7264c607f53e5f7e839f0e8f7b2ac6d1e7b857f12bcbcad2cf63294902d55832297b0efb6395fe6acc40c6bb327b5b9a5a6a6bf326bfcc8f73e312ec8632ad04fe8eae73e5354fa5d7273c2df0c883e8450e53895d6f852464b6ed2fbe5891e4dd1417d656b3f527bd7bba12999f36cd467ad7ad2232ad5381b5ad98ab7472ad2f522365c77781b4df813e16d3bc570e389858b38feacc94a014ec42751bc90bb8ba8026a046f23ed941031fd13a002424d30d5cf6963f3bbca54d4b3c8932cd19a9b5bfb7946f4111b8b10d0acdb6e05dcda7990f2630373384cdaf9dc83ebec5367c06a1fe91fd88bfceb964d02dbfc14fe11d5283e4f81c2f168f725665a37a93ec5085c0297b6c66597bb1bb2cf2c32c2657dbdbf26454287b30cfd294a087c164f196a13d33411691a3d2b1bca07f52bb007eede29f39248c84ac43dfb16679e18292408e4c84423147676c7e87e1c15b98964ae7be96bc5211b37e76bdc905f94608e93d7378124b2ad7ae17141a69c4af6769d1576b9864c9f9f2171a1574e513896ac67a1e3494c8eb7a642ccc8c9eeb56fc37e2d0e79c14ed44a52e57f3ae5ef8a552f479b2addaa7ccc0658a622f656a7f8ca98e2ed5c4652d38cb4bf133c0c10127604b10f9af4abf288d6a58698b19388f9ca3bf7f478f16ee5905930914a994ae408d58f3075f2dd44281acb6f769ebbd4f8ecb48e9f4af8dcb5ca22ab74453cc2929ad4a1482a3d2c4dcea4ad6c612c11770f53858f7f14429e35c319cc436e37875c727451348e8ffa75a45e8a86b21881cc33fcdf550d11243144dcae44bd6c4bbc43319524b3ecf9e7bd2ee161f21c64b19a27be017daf0eba7c851d7f5c86a5ea54bce3c79505e7620f72411d2bb0cd6a15b4dff2fe0418f2865284566d49d9831549744558d728480680cd256fa395e30211afb997f62bb7a008420a6a20e090c158cdd712cea3cab7d0bce7dc9b6ab66e26b3239b19e7aa139851860a6492548406e649cfa7f46239f55f26f54a915f9a8a423bd6d57e08dbe30029bed6f1de2d65303e72527f15d4798ff76284e547a9b692329388cfc02d2563d5c2a979092ea1924f4d3b29f69ff214e838f88ce77f9869db470eb6e92a9026a3653d3d021034226add1a1f68af540c2f46e16fc4376c40d5207ad352360e6e73a69aa47eb7da39e231093612531a04dc944f3f4d154a56fb7eeb9638acb57af409a8e2da59553370c099e1d11fea42dca5a1d92dad51aa0d01ad71fda128dc54f05fc2367452efebcd060934a28e31527050dc225b500da2406f3eb6603fa4d60a27f7c8f77888779206024171296ce086538cb5b1ec80b532ef6ef35f185f40bf042c9f690b9194a4dcb073e51a1efeab712e28a123a607cb60ff32b3628c0b9e973dda9c2941f88e939e47f78142d3a7dbd57b9f7c397a9157d1a9fbb3f3e516ba10102544235e48fc2ee2b673dd5c905b9c566574f475cc01fa3d22ac12275e3db98c8264346c541da43d81dc33afad2f792506992591407d634009f9fd57035fb6ff04bd6f1e194895aeb1bcad2a589f7758fd571532bee6c358cdd75f41af26da03ee6d649427ccba3ae60926a71580a8365fe8c447b35ecfa4eaec2db1042cfe5ba1fe86389cfc13264c2baf9e7d722c063353a7ed0ce1474e0140d2fecebc0d2f53e084c19f4a46fbd551a1a6e27ee981e0b579f626a0c07ed68ea8c9673c3dd162a5a425bb1a416e75a0358b018c6e4244490e9fa8bddf36c669607c387504336215690eeee3b905b37097ebbf347a4fec4bd2d9feba5b3e40399bacf4987ca6c46d435c493522898ab8abc07081608e36d867be682096428b1809d7c132b0206d4bbeb41db064242271d30771ef9d4416d4900b31d22680208205f2769f0da68a36d7a7e3bf9347b989e16febf8a750a596e00296e918b2d425827fd3c1a8a5fa9f96626de8dd635ad2bf983a2c1e59ac5838ab92eea5e4db1cbc8be44282c86a8243a161c2c76f08f70b749273f135b7e2c3b6a3705e5934baaf562911f0e3d06d35e8f633039a68162d674dfe092269baebf3bd3572f3a14045ab5fc55932e724364a800871d069195b4e6b3069db231ca2b5c33d17f297420525eac3b2e2953434cba5a1e281c507bbe0cd04a75f937fc7b96e1d9a29356856a213a6fd71b874c374eff0fbcc67bd1a11f0714e2e934512764ba8388191ea095ad4ad10d999c87d1c9b18947b6c9a06a558ef6b514403538a251ce32786ae8d619eafca397d58dd2eaed01a1e116365adce5c0aad12c3a168ffb5698f0bbd7f082a0c08cc94c8e528fec5dbdf36b17222db60280e1aff0562745816000f6d0a0dd5e3b890bdd0b49cc9471c27b11ebc59bb5d7789619023841ed512c169065e1ed45962f5e32700dcff391f1005e1d4f7f5a06afe3af59ff4cfc99bd161c757dc8e2801e78fce4f03c0776068fcd7f75b2bf80ba92bab7bf9995fbd6ccc96da6f6b599c0bc9b9554fb1e663642e46e072a816c9e6364d2131bcecfff3d298068aacda240b40183166f3b5097f7ad70f3920fd38ee27326aea15a07fd24b1076815e3e52b0d4476add909d16ae21c7750ad742ef6512a86825ca6a5f6ad4dd064f2a5d22cd76ad02326dee12a6a82e9a3ca618efb6855032cbd8fa1e6a47ad106a363b02cf0a561ffaae223ee447a77dff999a9a4fa50c875d49851856f7309943658b808559d9b32312d88c3881d2747bfd7337cf755debf67eefd74cb9b70132e8b903f1b039481743a21cdc5b4a763a178baa089cc32997b617fbe3359851a8b99e46658dd1580dddad2cf6b4216f8208ac71ae3fc879e1e2665c4b75b953db9dbec0763b6f5cddbc50cec653c80b7cd35c8f53ee9d6ff8b0004f981ecd9d098498faaa537c261774b0876809ffff4488a5fc8db62c1bfe9c66a8bacfc0825f0e7a3010126d8cfaf29780d8fba65ed1c1b80975dd76fd3e0aa88fadf036fd5fde9a2574a947640dd7bcec146290bdc343d1bcc63d4e5670500807581efec0add3a38aa82b48d512bcd4c6861761cf10eb846996142cdc5ba2d6a3d0de5102529cba74241812191275edf074e10de5e232c0ecc498bd53e830060002e70f44132bb7bcb528427c9ac6990de8a02f64cf9ef36616c561a247ccad312889ca52a03610484ed181ec186d81f722a4b7bb2d08d1ac61549333cc65e3ad2c63be2f4565b14d2f8ef46533390e9e1d5a32030f39053822166ef36bb2df2227dca1e6efc63652627aff7a6f31cf204579e3b582a9ff87359ff360e5d11091f93f51dc8d6c8a8d8c5bf53fdc660cdfa582b71bbe570a235bcb8e57165abff44d7fc605ca2b5db3d33f22c6bf247e0cade4d0b9956698706bc1ca8920fac7b0bebc691b5a9d77dcfcde7ea55a356977822f1e37f19b1c91b1ea9632eac33ca701968de31d4f3e453ddd8efa6ce8b984d5a8435bd9957c2f86cc7037e37cc548d551e74d104f659e5371aaffc1c642acb831713bfa2c1b6e32056b0e5594e4f34585b089ab0a91b2607ce55c406a0b9188c007b9ec3ac06fed5b58df35ad85e8ee633dfb10a88967064b07b646a4e22c2f0ed83a1cb89d80b27d7afae423004b57c45b74fbc83d06f86b5e76371ddfbb7d7242ebfe6b704eef35a49720772db255eddb8c6f20f0551516f7f13e930e07461a9ee3d539de38cd54c5d71242b248456ee682b96d27805ebb186c1377198658157b32d916baa1a260af2b76cf64061b7b81ea3e2e6132c3d7e7e1fdd1723fcabeabbd93f099f58318fa6d31c0ee243742b17d466bcb2ca41f678135824415a2a7e55fa4c558b412b4dacd05157867851ca5a32a63baf0c8de308e0f9068e9bb660fba90e1fc2bdb91d82b4fd9dd9acbb7021f1f9db6b3897aea8dcb2a5b6b0aa754d1653f6437c69d59310f271dec6fd9c26a46a6aef4780f646b4513ae0ac9fc49103de1855e0fb3aeffe65cb4f5033e42eb65c46552b8f4fa15c17d20e8fb77392b03ef2e53dc5a1d9632e45ef84537c4f3121eb3cf206121ccf4b26e40570d98f89540dd61a9a84ab45722303a7af449d4499676fdc7c1ca091020d0cfa27761f5cbce955996bdae841ee2994152fa0c6b091f792d2c91db0e6d45efb9800f2104843db5a6d2c748cdc31e637b6f2c8b391a2e8e16518848c6d33e9093b6ee6e6fd4508f26e822768debe576918568bdaf8b02892be3457b89e17312165c65c63b19c2e426b293575178d751279624815a5808cef90a4a372260b9416fc9d9eef3ba3c3f789e2fbdc540f7d16cf1989a62109374a2155587c629b8bbe394b325abffc2c635c0f84757e81a6c735cb139696f937fe8cfbaa360b639096d26847a4d177132a75813f34fbaa660767ebbf0d425a5919ed0b1b65df04e75d7b85cf1b12de28e911a7940576a7a9b5cb39508b9912eb7d3acb16e9169394e6f39533e669ce717297b32bcae2c107c2893fdfc6dbdf8d58db4e533e591ee9e16b3a5d5fac6796e5852c1290b858af835975b9b90358482cabdcab88760c125b9960e005062e8574b7b176f6b098586d5f29d7127cd0bd0edd2008e89f4f57bceb700ab86c635a42b9c8260e24945893d81de4004697b05b80eaa855532fb171be641d2255af1fe4211f4b778e34edd88b27b57355f8558d39805a0e357950d7414e6e84f3769579756e0129cdb922031003a56501fbac39f03f17656e8410417e95c7bca5b6bbf4b8aa7d5f34a83d3c52428a399dace24cc224291ce7a06017b2dd38d661389ed682c29f2b5850e3ae5a18ab74857dcd706a08ee4957b188565490cb536ab267cc7875ba154fe1e2e41ad8c3e942b0239d02e65587e1b5d0967afdd19004cec5ca1e7c27b66c9f0e6e35e8898f8197a488ec9848e2dcdf3db5f43305420e102e63c63088f1fa9a0fb90bddfe259f6e9e62f1d35107f9bea55295d54933ce6625567ab8084ad7c9e36cec8b36bb4a64f62c0cd7790ce28390f194cb2e2d4321f21e87f47684863a6668648618aec43d9184fca5acb9ab773d2947710eb3b85eeac41060e839cd8ce3692ecc2966341b0953adcd279f41ffdb87c96c6756022f3d186226b52ef3e49789a3c6ab6c3c31a54b995c1ca36ac9be39daf032c5dc61a36c2ebd017e2b64b730303b835ae09883bf2bda3e01c7e40f1cf98d726a71b2e12a7fee7d6dcafd78bd216826614da1b1f4c722acc678df78b54d617c956056da991e421b503247bc38823a0a13ea5ee7b2d53ae206bb54fc89f304049c6ea981b530809dbf8a869408ee45be9f54f98d692fdd1a9e858e80034e3ec367f410e036151c9d33c900812f91759b25135bbf01a4cdf76269c1aa4fa74aeae323e0497b581f6831659207e9674d8531858b4d9dfa337cec91989500c8448c1edd4ab24836739c5d5203e59c531f838b83756cc8e5194888882449ced9398596ca8e5ec31cd4db4c349993b4a5ae6cadeeb38abe020b7b095da45555eec0e9001c5c16c66be5d3aad858a14a61906488be32eedced89cc36f77c3cf87f9ebf77d07511f82d2d040cbbe9e71f209ef3"}, 0x1004) 15:19:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000188, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:10 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) getsockopt(r1, 0x4, 0x4, &(0x7f0000000040)=""/57, &(0x7f00000000c0)=0x39) fchdir(r0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x1a2) fallocate(r2, 0x3, 0x0, 0x369e5d84) 15:19:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x8}]) 15:19:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x400000000000000}) 15:19:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000300, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:10 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xc}]) 15:19:10 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000500)={{{@in6=@local, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@mcast1}}, &(0x7f0000000600)=0xe8) setresuid(r3, r2, r2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000002c0)={{0xffffffffffffffff, 0x3, 0x9, 0x1, 0x1}}) syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f00000000c0)='./file0\x00', 0x5, 0x2, &(0x7f0000000100)=[{&(0x7f00000001c0)="0885ba33194d539f6a02077b9781ec07ca5ec4f8ece2a005346fa297a98e59a98207cd3d720d3c7be796aaabbc4a99dafb2417ef8a9737630ab146051e5a9fa03c38e761b56569c3ff9621e4ede64498ce99d303a369d4c852a54b03353b937598d0d253d0f80fe7ad67e43ed16b8ffccd0969858a95644029b152473508ccec50e3abc5912b691d2da02a49ccc2e1cd0ec3c074125cd2b169bf1caf8c8915027296f867e310e598ba025637ac5025fe804f41efa3c19421c6afc6b37171b47f79c76a99", 0xc4, 0x7fffffff}, {&(0x7f0000000340)="ab8b74508ef30d44b368f13fbb969443798cb06bed83e552d391ec1a4dc9a05a5c061525dd70e13a44bd635f6879f401e021c01751a5993f30186ca3cdb7ce846f6a30bc62a1b562602f105f12d5ca0408cba6825ad4bd2c26bb16230665ca29108a316edf6bcb9f98cf7ebb5cbb377eaa086f79a2c9a078303331b7a3f101da0ebe8c4ebfebbac5f201", 0x8a, 0xbf4}], 0x10, &(0x7f0000000400)={[{@rgrplvb='rgrplvb'}, {@localcaching='localcaching'}, {@nodiscard='nodiscard'}, {@data_writeback='data=writeback'}, {@localcaching='localcaching'}], [{@smackfsroot={'smackfsroot', 0x3d, 'vfat\x00'}}, {@pcr={'pcr', 0x3d, 0x21}}, {@subj_user={'subj_user', 0x3d, 'selinux'}}, {@smackfsroot={'smackfsroot', 0x3d, 'vfat\x00'}}, {@fsname={'fsname', 0x3d, 'vfat\x00'}}, {@context={'context', 0x3d, 'root'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@dont_hash='dont_hash'}, {@uid_lt={'uid<', r2}}]}) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r5, 0x3, 0x0, 0x369e5d84) [ 1708.331668][T29816] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1708.340222][T29816] FAT-fs (loop3): Filesystem has been set read-only [ 1708.438472][ T9855] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1708.450687][ T9855] FAT-fs (loop2): Filesystem has been set read-only 15:19:11 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xff000000) 15:19:11 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000500, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x500000000000000}) 15:19:11 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x38}]) 15:19:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f0000000400)="585ccbc4ed83b836c1a6474914dc5500b602c02bc7218a91690000000042e3d35228897507000000000000006ff0022b8753a1fa748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec24c53d86571ff5ff70e48884ca000018cea71fcfac1700b986f40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000"/192, 0xc0, r1) r3 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f00000005c0)={'syz', 0x2}, &(0x7f00000002c0)="95c9e7ad96d33de061da4060272e0ef04897bfe0468c9ba8967126ebe592f5831b6183b209b59eba5dd5b3535e012c163b0d2b6aa61c63434f58cc85834428a4935f1d00feffeb743c28070f048e60d03d6dbc", 0x53, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r2, r3}, 0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x02\x00\x00\x00\x0f\x00@\x00\x00\x01\x00'}}) keyctl$setperm(0x5, r2, 0x2100) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) write$P9_RSYMLINK(r5, &(0x7f0000000040)={0x14, 0x11, 0x2, {0x80, 0x2, 0x6}}, 0x14) fallocate(r4, 0x3, 0x0, 0x369e5d84) 15:19:11 executing program 2: mkdir(0x0, 0x40) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000920000000000000000000000ffffffff0000000000000000000000000000870b00000000000000000000000000000000000000000000000000000000feff00000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) sendto(r0, &(0x7f00000001c0)="8e7e578cdeee86cc10f26dcb2673324ea972a11cc1e6b27fdba037d600cdb0edee2b006bda7b766769e1213933fdf8cedfe1acf78deb85332c9c734389f616372bb3ca702d75d7ed77f9bd0b6ac4b3fbb1076daae1950c448d9604ea5071ae9ae4d42b6a4835d8fa1dc069a85884fc59ac3f2a45c11d29d03d6713452fd9d80b7b1026611f414bab36ca42a4", 0x8c, 0x1, 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x3f, 0xa0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) 15:19:11 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000600, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:11 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x300}]) 15:19:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x600000000000000}) 15:19:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)={'#! ', './file0', [{0x20, 'vfat\x00'}], 0xa, "51f9ea200a308415f9d6740df626c87a055c41f9ef813ca2e37699d971b2391769633aaad234f5c9dbadb95d8dc41130b9286bbdb72c611a2ba40c3d6c907d7e9b4b1ab42cd1e02562ed"}, 0x5b) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x2, 0x0, 0x369e5d84) socket$isdn(0x22, 0x3, 0x27) 15:19:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20002500, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:12 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x500}]) 15:19:12 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xfffffff6) 15:19:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20004000, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x700000000000000}) 15:19:12 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x80000, 0x0) ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f00000000c0)) 15:19:12 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x700}]) 15:19:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20006000, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x800000000000000}) 15:19:12 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x35) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x2000, 0x0) ioctl$void(r2, 0xc0045878) 15:19:12 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) fremovexattr(r0, &(0x7f0000000100)=@known='security.apparmor\x00') open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r1 = openat$userio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/userio\x00', 0x1, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, &(0x7f00000000c0)=0xe8) quotactl(0x0, &(0x7f0000000040)='./file0\x00', r3, &(0x7f0000000340)="fc7ff15ef20d8145c2cfe6b081893626b7620cf1e7ba99b54465788a6bed242e19c626d06e36660052c2982cfd6a40e272d1a24ac85416b8b8d17df029a93d3e25d2266b5481ad632a6af4795932213ba2359ce59fef15fbe4acb0fccb9e464cf45307bc59de9b822a5c52186fb89bb9336ab99d887ba1acb8df405db9cd24e3d3e632245900a7e385780cbe3c858385f71bc9b80aa929767ec8abb7") fallocate(r2, 0x3, 0x0, 0x369e5d84) 15:19:12 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20008100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:12 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xc00}]) 15:19:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x4000000000000000}) [ 1709.667453][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 1709.667466][ T26] audit: type=1804 audit(1567610352.764:212): pid=30684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3686/file0/file0" dev="sda1" ino=17920 res=1 [ 1709.883426][ T26] audit: type=1804 audit(1567610352.984:213): pid=30785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3712/file0/file0" dev="loop3" ino=699 res=1 15:19:13 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xfffffffe) 15:19:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20008603, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x3800}]) 15:19:13 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) sendto$netrom(r0, &(0x7f0000000040)="620d8292b94fab05aec0201cdf5a3e06cc41ea0967eacd5e885315bf34f84feab6607bc7f74c8bfb73", 0x29, 0x2000c014, &(0x7f00000000c0)={{0x3, @default, 0x7}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x3, 0x0, 0x369e5d84) fsetxattr$security_evm(0xffffffffffffffff, &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000400)=ANY=[@ANYBLOB="05010000000000020036c64b6067d0b46ff4544b9181774528f4c8a9cb6ce5269b4538af9971a3297491d9a0dfa9c23519e00f1cac6c6d90866a143c69e150a14f34039dfa86d3b4d5f3bece08b023ebd1dad95aee0aba2a782cc7756998be9b5c18a9b528b36497da638e12c5e207c41777b29359902c8d4a68ba50457b6114f878b3c71fafa040a284d049145081a49e18e0995a223664ad24571aa56be40b18bb61f00f792c6cbf5a0b0284044ae230512d51263e031a665ac22ef7cf03ce358d2a4d9e02a86c1787dd1f0fcfbd38af5426f443107f76a8b968975534422aaa6a59a6bb9e6a83c78edefe9f94197a5dffd8c7205749278fa0c50fccfce86fc3ff866db19953607ef0f4ba8cc41cdfb7fdd30c3359ff309378382227cbf4dacde2fece6a96c51fb40285a2f73170e81e94c89b412531a47c38134569aa9f7384343ed5b2a540db5396e6c8f4d0dad1d07555e0146e821e6452bb2ba0696b75d4d428d6ab961f4fbe6e26b5e9680e8d85d6ce1582b37896a1e1b12388e0bc40830d4a061a4594108717e8c8dcb596bfd80cd8d7d676a32b3723d360463c9b2f368fe626ab1c24e62b9256f743e277a70e877ccc53c2c22e4106b8482f98792dac46da21e14a94ba"], 0x40, 0x0) 15:19:13 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0xe004, 0xaaaaaaaaaaaad1d, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) 15:19:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x2000b403, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1710.134867][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1710.157844][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0xff00000000000000}) 15:19:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x4000}]) [ 1710.253719][T30794] FAT-fs (loop2): bogus number of reserved sectors [ 1710.260331][T30794] FAT-fs (loop2): Can't find a valid FAT filesystem 15:19:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000003, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:13 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) getsockname(0xffffffffffffffff, &(0x7f0000000400)=@hci={0x1f, 0x0}, &(0x7f0000000480)=0x80) r3 = creat(&(0x7f00000004c0)='./file0\x00', 0x1) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000600)='/dev/snapshot\x00', 0xa01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x800000000001c9, 0x86, 0x4, 0x80, r4, 0x0, [], r2, r3, 0x5, 0x2}, 0x3c) sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x253e0006d6a5b419}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@ipv6_newaddr={0x68, 0x14, 0x0, 0x70bd26, 0x25dfdbfb, {0xa, 0x81, 0x20, 0x0, r2}, [@IFA_CACHEINFO={0x14, 0x6, {0x81, 0x2, 0xd59a, 0x8}}, @IFA_ADDRESS={0x14, 0x1, @mcast1}, @IFA_ADDRESS={0x14, 0x1, @rand_addr="e3b6045bb328a47adff11d3bbd663553"}, @IFA_CACHEINFO={0x14, 0x6, {0x9, 0x7, 0x1, 0xff}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004}, 0x4000000) 15:19:13 executing program 2: epoll_create(0x18) mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f00000000c0)={0x2, 0xbb, 0x10, 0x3, 0xf8}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) pivot_root(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)='./file0\x00') fstat(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RGETATTR(r2, &(0x7f00000001c0)={0xa0, 0x19, 0x2, {0x80, {0x2, 0x1, 0x8}, 0x11, r4, 0xee00, 0x8, 0x7, 0xd6, 0x8, 0x4, 0x400, 0x3f, 0x80000001, 0xff9c, 0x3ff, 0x2, 0xd0, 0x32, 0x4, 0x100000001}}, 0xa0) fallocate(r1, 0x1, 0x0, 0x369e5d84) [ 1710.556036][ T26] audit: type=1804 audit(1567610353.654:214): pid=31113 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3713/file0/file0" dev="sda1" ino=18925 res=1 15:19:13 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x1000000000000) 15:19:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x2}) 15:19:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x2000002f, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x1000000}]) 15:19:13 executing program 0: r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:19:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000030, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:13 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x2000000}]) 15:19:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x3}) 15:19:13 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000060, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) 15:19:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000090, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x7f, 0x4, 0x1, 0xffffffffffffffff}) write$binfmt_elf32(r0, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x1, 0x7, 0x4, 0x80000000, 0x6, 0x6, 0x101, 0x326, 0x38, 0x1c6, 0xc, 0xffff, 0x20, 0x1, 0x3, 0xff, 0x3ff}, [{0x5, 0xffff, 0x52b9, 0x0, 0x20000000000000, 0xfffffffffffff800, 0x7, 0xffffffffffffffe0}], "54c9a57b62ee2edfb3be3fa33908381447489fd0f2b6f799bb3e1d603149d1b6a7f7408c218154b55934d920f68899ced40b936cf8dc90da32fb4ce5305c9cdb8e6c6f689fcf86444c0772f98d4043e7d99b943ffe68872b9ef2dc5fae4ad970811f86ebfdfd579ac271e1f03c7392463e4dc08f252cbd6839caa4cbaa485dd7a8e4", [[], [], []]}, 0x3da) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x3, 0x0, 0x369e5d84) [ 1711.108038][ T26] audit: type=1804 audit(1567610354.204:215): pid=31119 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3688/file0/file0" dev="loop2" ino=703 res=1 [ 1711.315204][ T26] audit: type=1804 audit(1567610354.414:216): pid=31751 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3714/file0/file0" dev="loop3" ino=704 res=1 [ 1711.364119][T31751] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1711.372878][T31751] FAT-fs (loop3): Filesystem has been set read-only 15:19:14 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x100000000000000) 15:19:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x2000010a, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x4}) 15:19:14 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x3000000}]) 15:19:14 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x80000, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f00000001c0)) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r3, 0x29, 0x44, &(0x7f0000000200)={'HL\x00'}, &(0x7f0000000240)=0x1e) recvfrom$unix(r3, &(0x7f0000000340)=""/4096, 0xfffffd5c, 0x10000, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) fallocate(r2, 0x3, 0x0, 0x369e5d84) r4 = syz_open_dev$dmmidi(&(0x7f0000000280)='/dev/dmmidi#\x00', 0x8, 0x20a180) ioctl$RTC_AIE_ON(r4, 0x7001) 15:19:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000123, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x4800, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, &(0x7f00000001c0)={@un=@file={0x3, './file0\x00'}, {&(0x7f00000000c0)=""/4, 0x4}, &(0x7f0000000100), 0x1}, 0xa0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x3, 0x0, 0x369e5d84) 15:19:14 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x4000000}]) 15:19:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x5}) 15:19:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000127, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1711.787685][ T26] audit: type=1804 audit(1567610354.884:217): pid=31773 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3689/file0/file0" dev="sda1" ino=17929 res=1 15:19:14 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x20500, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) [ 1711.949874][ T26] audit: type=1804 audit(1567610355.044:218): pid=32010 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3715/file0" dev="sda1" ino=17851 res=1 15:19:15 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x200000000000000) 15:19:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x2000012b, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x5000000}]) 15:19:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x6}) 15:19:15 executing program 0: syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, &(0x7f0000000200)) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000280)) fchdir(r1) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x3, 0x0, 0x369e5d84) 15:19:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x2000012d, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x7000000}]) 15:19:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x7}) 15:19:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000160, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x8000000}]) 15:19:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000580)=[{&(0x7f00000001c0)="b99ba9fba536db3089b63ee9c09bee6a68e3143c837cc962a794ceae5e81109be5da11505ed4062ac0484fb64cdea785998dfb0c93bd3d58d437322ff09fc5726e5404ade6879ff551511162c6a3b28dcccf0ce2ab0ce5833cf53401409206bb67c04b38e07e4fb8f4f01e2106fd3fe911a9b9119821d3c5bd724e5eee5cb2799e58b1932fd03ab18ab7135947eb2329d05fc5d037ccef99d0731388cb838df34f598914b1ca1ff02e8a7c105a3336985e25755eaea22f4427954cac48ba30ce47de7749f4", 0xc5}, {&(0x7f0000000340)="a0f5f0fa9368e7dcdb29c87d282694f98c3097adedbe7bb19092c5174019f81ccd7427c61cf8865cb994e9bd9f73059b065a95903e32d814977dff06f8028dbd1ee0b9651f97d1684aec648f3167d3d1087462f3f4af566ee316a65034b1e3145d2bc8c40f", 0x65}, {&(0x7f00000003c0)="0c64ad3b81f3befe8a147288dd295dc2dd71501382ebc750fb35daef1a88ca2a731f3cae6f9044d841dd6cca788ad90f383b6d2775f1f47fd175d7388c7d1148f95db68b042a820862046b030193249e0a7029935eb309b30d71ead4d6f443c6fa8e87b34ec58d4b2d635e483850", 0x6e}, {&(0x7f0000000440)="18150ddd70aba6e412ef2b03ced6d03f8cf6be8b139fc91689b5438d721cc9b92a99554426901cd9fc2216e9f690ba6dd8aea6b052228aff0a4ac9226a3077dd3b2753db135ea632f6a643a44b70a721a86c25ead50598b0275e3107835c06e88463cb0fbbb9", 0x66}, {&(0x7f00000004c0)="7d9c5ebc64819dff34e832134bc70577ddef31e02bb78461d121f772f26cf5c85ae3d9ec1a0ab2b4c855bac44f714f16bc6ba5dd8196ecc58440122ca0da72572bbaf336fa355420de69cfdafb41c68bc336837a4e83c61c1be1e44bc1ce8e80c72c6667f442f34c77f1a33e549c14a02336b99d18f6220bae15600b554350b1bbb8e2a818", 0x85}], 0x5, 0x0, 0x0, 0x1}, 0x40) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1712.404953][ T26] audit: type=1804 audit(1567610355.504:219): pid=32439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3716/file0" dev="sda1" ino=17850 res=1 15:19:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000040)) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:19:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x8}) 15:19:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000102], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:15 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x300000000000000) 15:19:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xc000000}]) 15:19:15 executing program 2: mkdir(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000100)={@empty}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/anycast6\x00') preadv(r2, &(0x7f00000017c0), 0x3a8, 0x7a) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r4, 0x2, 0x0, 0x369e5d84) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, &(0x7f0000000240)={'broute\x00', 0x0, 0x4, 0xeb, [], 0x6, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000340)=""/235}, &(0x7f00000000c0)=0x78) [ 1712.656971][ T26] audit: type=1804 audit(1567610355.754:220): pid=32197 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3690/file0/file0" dev="loop2" ino=708 res=1 15:19:15 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000103], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x300}) 15:19:15 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x38000000}]) 15:19:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000104], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f00000000c0)) r1 = dup2(r0, 0xffffffffffffffff) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, {0x0, 0x4, 0x6, 0x9, 0x40, 0xffffffffffff0000}, 0x2, 0xda}, 0xe) r2 = open(&(0x7f0000000180)='./file0\x00', 0x1, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x7b, 0x0, 0x369e5d84) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) [ 1712.917183][ T26] audit: type=1804 audit(1567610356.014:221): pid=413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3717/file0" dev="sda1" ino=16575 res=1 15:19:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x500}) 15:19:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000105], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:16 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x40000000}]) 15:19:16 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x400000000000000) 15:19:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000106], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000107], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x600}) 15:19:16 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x7ffffffff000}]) 15:19:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0xc102d1a230257b49, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@dev, @in6}}, {{@in=@remote}, 0x0, @in6=@initdev}}, &(0x7f0000000040)=0xe8) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:19:16 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x200, 0x83) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000108], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:16 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000109], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:16 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xf0ffffff7f0000}]) 15:19:16 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f00000001c0)='/dev/radio#\x00', 0x1, 0x2) fstat(r0, &(0x7f0000000200)) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) memfd_create(&(0x7f00000000c0)='/dev/radio#\x00', 0x1) 15:19:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x700}) 15:19:17 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x500000000000000) 15:19:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x602040, 0x2ce) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) 15:19:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000010a], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x4000}) 15:19:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x100000000000000}]) [ 1714.080044][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1714.090718][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000010b], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0xff00}) 15:19:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x200000000000000}]) 15:19:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) uname(&(0x7f0000000040)=""/59) 15:19:17 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000010c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:17 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000001c0)={{{@in=@initdev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6}}, &(0x7f0000000040)=0xe8) sendmsg$xdp(r0, &(0x7f0000000600)={&(0x7f00000000c0)={0x2c, 0x0, r2, 0x27}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000100)="76448b83eb9b9d4964e8bf14f7e219f3efaf173458d3430c8b95fc1e412719c06313", 0x22}, {&(0x7f00000002c0)="5019bb505d03e5", 0x7}, {&(0x7f0000000340)="1ff8feddcdfa4128066a911208ceb1ae95ed7e609d2fab9a9f96d452896e8a63b71e96cfeec59c01300f3332a991be67", 0x30}, {&(0x7f0000000380)}, {&(0x7f00000003c0)="a8f54f0ffd60c9f92fcdf8c36294bc13f5634ad5c25145f2785a0593125d3ee954662f11cce1ecee565ab2ed895f4586008525b4", 0x34}, {&(0x7f0000000400)="949a213cfc58224286786c25046597de9003c2404a8be23ad4728f9032fec3440c19ad1daba000fec76e5ee21c500f57d9a659d20824339c163d8eb471dd7f138c3f7cd4d9a3882948f705e8c6bd77bada407cbf81a463383f36504d7f374a7afde10ba3840171c6f70325752c8638ef12f20b6a666449f968c9d883ac152e945bc08b1a84", 0x85}, {&(0x7f00000004c0)="51420010a2adda1a65a12bf9afbed7c0576739e2d5d190a01795255a6b23e116174af4e331950b091dc8901270e744fbd21c9dc522f9fbfaf8b4c06d0245e43499102f585d32f680e0daa298913e6ace79c46ec7170add09ceb3a1c01be02127634ae57d67170861ff747b6dec13c4549960e4e81bfe7f4fcefc93236b40472b6394a19dd5d6f12deca2ce30098a0eac49614af853d78e6c627d9e5ca2", 0x9d}], 0x7, 0x0, 0x0, 0x20000020}, 0x8800) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:17 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x300000000000000}]) [ 1714.784749][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 1714.784762][ T26] audit: type=1804 audit(1567610357.884:225): pid=1552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3719/file0/file0" dev="loop3" ino=712 res=1 15:19:18 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x600000000000000) 15:19:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000010d], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x1000000}) 15:19:18 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x101100, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) [ 1714.856791][ T1330] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1714.871795][ T1330] FAT-fs (loop3): Filesystem has been set read-only [ 1714.884591][ T9855] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1714.897764][ T9855] FAT-fs (loop2): Filesystem has been set read-only 15:19:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000010e], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:18 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x400000000000000}]) 15:19:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x2000000}) 15:19:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000010f], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:18 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) restart_syscall() r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x20000000003, 0x0) close(r4) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x810ee0514ae39d8}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x7c, r5, 0xc00, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x68, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xcdc61600db2be51b, 0x21}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'dh\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x49}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4e}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) socket$caif_seqpacket(0x25, 0x5, 0x4) socket$rds(0x15, 0x5, 0x0) 15:19:18 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x500000000000000}]) 15:19:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x3000000}) 15:19:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000110], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1715.477536][ T26] audit: type=1804 audit(1567610358.574:226): pid=2002 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3694/file0/file0" dev="loop2" ino=714 res=1 [ 1715.720038][ T26] audit: type=1804 audit(1567610358.814:227): pid=2107 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3720/file0/file0" dev="loop3" ino=715 res=1 15:19:18 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x700000000000000) 15:19:18 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x385900, 0x0) ftruncate(r1, 0x9) getresuid(&(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)=0x0) ioctl$TUNSETOWNER(r0, 0x400454cc, r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x1, 0x0, 0x369e5d84) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)) syz_open_pts(r4, 0x0) ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000000200)={0x8, 0x400, 0x954, 0x10001, 0x18, 0x2, 0x4, 0x1, 0x400, 0xfffffffffffffff7, 0x0, 0x1}) 15:19:18 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x700000000000000}]) 15:19:18 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) fsetxattr(r0, &(0x7f0000000040)=@random={'user.', 'vfat\x00'}, &(0x7f00000000c0)='\x00', 0x1, 0x2) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x3, 0x0, 0x369e5d84) 15:19:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000111], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x4000000}) 15:19:18 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000112], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x5000000}) 15:19:19 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x800000000000000}]) 15:19:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x20000000003, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f00000000c0)={0x2, 0x4, 0x4, 0x0, {r4, r5/1000+30000}, {0x1, 0x1, 0xfffffffffffff5bb, 0x9, 0x8001, 0x0, "ee68ea00"}, 0x100000000, 0x4, @offset=0xffff, 0x4}) fchdir(r0) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r6, 0x3, 0x0, 0x369e5d84) 15:19:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000113], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x6000000}) [ 1716.483879][ T26] audit: type=1804 audit(1567610359.584:228): pid=2167 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3695/file0/file0" dev="loop2" ino=718 res=1 [ 1716.584331][ T26] audit: type=1804 audit(1567610359.684:229): pid=2653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3721/file0/file0" dev="loop3" ino=719 res=1 [ 1716.766330][ T9855] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1716.774931][ T9855] FAT-fs (loop2): Filesystem has been set read-only 15:19:19 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x800000000000000) 15:19:19 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xc00000000000000}]) 15:19:19 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000114], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x20a00, 0x0) fcntl$setpipe(r1, 0x407, 0x8000) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x3, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) splice(r3, 0x0, r5, 0x0, 0x20000000003, 0x0) close(r5) bind$netrom(r5, &(0x7f00000000c0)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5}, [@null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast]}, 0x48) 15:19:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x7000000}) 15:19:19 executing program 2: mkdir(0x0, 0x0) r0 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x169f, 0x101000) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000200), &(0x7f0000000240)=0x4) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) syz_open_dev$char_usb(0xc, 0xb4, 0x6bb140dd) lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@v1={0x2, "15f9ec352db2b15eae22"}, 0xb, 0x3) 15:19:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000115], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1716.899841][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1716.921563][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 15:19:20 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x3800000000000000}]) 15:19:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000116], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:20 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@local, @in=@multicast1}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000040)=0xe8) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x3, 0x0, 0x369e5d84) [ 1717.048475][ T26] audit: type=1804 audit(1567610360.144:230): pid=2867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3696/file0/file0" dev="sda1" ino=16589 res=1 15:19:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000117], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1717.311607][ T26] audit: type=1804 audit(1567610360.414:231): pid=2885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3722/file0/file0" dev="sda1" ino=18943 res=1 15:19:20 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf00000000000000) 15:19:20 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) symlinkat(&(0x7f0000000100)='./file0\x00', r4, &(0x7f00000001c0)='./file0\x00') bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x800, 0x0) r5 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r5, 0x0, 0x20000000003, 0x0) ioctl$UI_DEV_CREATE(r2, 0x5501) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:20 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x4000000000000000}]) 15:19:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x40000000}) 15:19:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000118], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:20 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x4a, 0x5, 0x0, 0x5, 0xb, 0x8, "60377b5b305df55e01ef2c95b3a2edec150e4917b7137931d373bcd959be5739ab33f755fd16c9eeef16bc014d8cb7965edb663c927873f22466b48604e145e8", "30a08c676eddc8ee418efd1e9c2121bc0ba6f70a1049a9452efcf705b9ca1021747cd525ea8ff60c05fc2841945989619b9d7717e2afee459a59c2d882eb664b", "1309676bf82d5a2a7c6e9865765f80d68dfeb4c5f61a9924b18706b88e051986", [0x1, 0x4]}) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x3, 0x0, 0x369e5d84) 15:19:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000119], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:20 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x8000000000000000}]) 15:19:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000011a], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 15:19:20 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x3, 0x10000) accept4$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @empty}, &(0x7f0000000100)=0x10, 0x80000) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x10, 0x6, 0x369e5d82) 15:19:20 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000011b], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1718.079371][ T26] audit: type=1804 audit(1567610361.174:232): pid=3592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3723/file0/file0" dev="loop3" ino=722 res=1 [ 1718.238425][ T26] audit: type=1804 audit(1567610361.334:233): pid=3594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3697/file0/file0" dev="sda1" ino=16586 res=1 15:19:21 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x1300000000000000) 15:19:21 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xffffffff00000000}]) 15:19:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0xff000000}) 15:19:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000011c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$RTC_WKALM_RD(r4, 0x80287010, &(0x7f0000000100)) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f00000000c0)='vfat\x00', 0x5) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000740)) fchdir(r3) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x602000, 0x40) fallocate(r5, 0x3, 0x0, 0x369e5d84) 15:19:21 executing program 2: mkdir(0x0, 0x368) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e0000000e0000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff00"/424]}, 0x220) accept4(r1, 0x0, &(0x7f0000000040), 0xaf541fe9a578efbc) fchdir(r0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) 15:19:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000011d], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1718.416059][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 15:19:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000040)={r3}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000040)={r3}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000001c0)={r4, 0x7, 0xd1, "42c95f5e49b56d66e18446364288e1a0dfb871b4dc95d0617d7135fd2c2f35990d86e12cc68b5e757315ffca5506052a97290cec7f6feac5c2d3acb0f405561db567de95e91ba149522f203e3d79ff48c6afc370668c7c4083b81ceffca5f6e27e0f1b48e052d7bcb1404cf05704dfe2c7da91e945781a6e0a7219e872f31e40a8adbc5d28b5d0b01ec91b61ca61a63effa6bbd6b68a4e75da228a9ea56ebf938eda3812b0ffc6730bd0b79a49779fef0b037bff9fd97995300ceb19dbfd9b068850215bcbe4d3615b135880b448c20ee7"}, 0xd9) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r5, 0x3, 0x0, 0x369e5d84) [ 1718.468008][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:21 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x2}]) 15:19:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 15:19:21 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000011e], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}) [ 1718.834323][ T26] audit: type=1804 audit(1567610361.934:234): pid=3833 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3724/file0/file0" dev="sda1" ino=16608 res=1 15:19:22 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x2000000000000000) 15:19:22 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x3}]) 15:19:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x200, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) ioctl$FIBMAP(r2, 0x1, &(0x7f0000000100)=0x1) fallocate(r1, 0x3, 0x0, 0x369e5d84) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0x5, 0x20000) fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f00000000c0)=0x5) 15:19:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000121], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000122], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:22 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x4}]) 15:19:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}) 15:19:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000005c0)={&(0x7f0000000380)={0x21c, r1, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xdc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffff9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x57}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffff76}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffffd}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffeffff}]}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x6}]}, @TIPC_NLA_NET={0x34, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xff}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000}]}, @TIPC_NLA_MEDIA={0xec, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffff001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}]}]}]}, 0x21c}}, 0x1) fchdir(r0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) splice(r3, 0x0, r5, 0x0, 0x20000000003, 0x0) close(r5) recvfrom$packet(r5, &(0x7f0000000240)=""/25, 0x19, 0x36470d4a12c0a1e9, &(0x7f0000000280)={0x11, 0x1a, 0x0, 0x1, 0xa8, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) fallocate(r2, 0x3, 0x0, 0x369e5d84) r6 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x5, 0x20400) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x12800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, 0x0, 0x2, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20040050) 15:19:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000123], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:22 executing program 2: openat$vimc1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video1\x00', 0x2, 0x0) mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x20000000003, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040)={r6}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000040)={r6, 0x18, "75a58a3d67440920e963f7af43438b6e7d61aa53a41dcfb2"}, &(0x7f00000000c0)=0x20) 15:19:22 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000124], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:22 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x5}]) [ 1719.614234][ T4473] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1719.632835][ T4473] FAT-fs (loop3): Filesystem has been set read-only 15:19:23 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x3f00000000000000) 15:19:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}) 15:19:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000125], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:23 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000080)=[{&(0x7f0000010000)="eb3c906d6b66732ee29eba9f95db7bae02000270fff8", 0x16, 0x2}], 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x140) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000200)={0xe, 0x13, 0xfa00, @id_tos={&(0x7f0000000040), r3, 0x0, 0x0, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0xfff, @loopback, 0xfd}, {0xa, 0x4e24, 0xfff, @empty, 0x934a}, r3, 0x5}}, 0x48) fallocate(r0, 0x3, 0x0, 0x369e5d84) unlink(&(0x7f0000000280)='./file0\x00') 15:19:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x7}]) 15:19:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000126], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}) 15:19:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000127], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x8}]) [ 1720.221012][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 1720.221023][ T26] audit: type=1804 audit(1567610363.314:237): pid=4347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3699/file0/file0" dev="loop2" ino=728 res=1 15:19:23 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'gre0\x00', 0x1000}) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) close(r2) close(0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet_sctp(r2, &(0x7f0000005980)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x8200}}], 0x20}], 0x1, 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:23 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f00000000c0)={{0x1, 0x2, 0xcabc, 0x80000000, 0x1, 0x54}, 0x3}) fallocate(r1, 0x3, 0x0, 0x369e5d84) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x420401, 0x106) setsockopt$inet_dccp_buf(r3, 0x21, 0xf, &(0x7f00000001c0)="aca48ec76f7b540f02339804b270ba4469cb382633b74d88a3d475537f5d6ba21c51f737fbbcfe4459e4abcdf54c078d5ccd67f03d548bb9a2605f6ef82ad73d2f891ff1ee01f36acf405053083c9f8fce951c33ad9c492e256555cbe1193fed55bc10e4794ee9ae66897123fa4aa8c12aef8b200d61bb321892dad712b266d777d3318633722c00b34d5495eac90d61873a3b3caf04e2cc55203c0525e1050f62ecb3c08090baaf330bb4626dfbe7e12787b4fb374aba4c336e638586169855a2568c01877bfde5ec2f925be874b01b24f335", 0xd3) 15:19:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x500000000000000}) [ 1720.381534][ T26] audit: type=1804 audit(1567610363.484:238): pid=4802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3726/file0/file0" dev="sda1" ino=18949 res=1 15:19:23 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000000000000000) 15:19:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000128], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xc}]) 15:19:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x600000000000000}) 15:19:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000129], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:23 executing program 0: ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$P9_ROPEN(r1, &(0x7f0000000040)={0x18}, 0x18) sendto$inet(r1, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005d00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/148, 0xff1e}], 0x1}}, {{0x0, 0xffffffffffffffcd, 0x0}}], 0x40001de, 0x0, 0x0) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1fe, 0x400000000) write$binfmt_aout(r2, &(0x7f0000000440)=ANY=[@ANYRES64], 0x8) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000680)=""/232, &(0x7f0000000180)=0xe8) open(&(0x7f0000000240)='./bus\x00', 0x60000, 0x30) r3 = perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r3, 0x4008240b, &(0x7f00000001c0)={0x3, 0x70, 0x5, 0x401, 0xffff, 0x81, 0x0, 0x145, 0x0, 0x2, 0x4, 0x2, 0x8, 0x0, 0x200, 0x4, 0x6, 0x48e, 0x3, 0x8, 0x7ff, 0x4, 0x0, 0x81, 0x0, 0x0, 0x1, 0xfffffffffffff800, 0x800, 0x6, 0xf0, 0x8000000000000, 0x5, 0x3, 0x5, 0xf799, 0x4, 0x6, 0x0, 0x7fff, 0x5, @perf_bp={&(0x7f0000000340), 0x1}, 0x400, 0x0, 0x5, 0x0, 0x10001, 0xfffffffffffffffd}) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x1000, 0x0) 15:19:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x38}]) 15:19:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000012a], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:23 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000740)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000080)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16, 0x1}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./file0\x00', 0x4) syz_mount_image$bfs(&(0x7f0000000040)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0xffff, 0x6, &(0x7f0000000600)=[{&(0x7f0000000100)="aa797663a2", 0x5, 0x400}, {&(0x7f00000001c0)="971ab2883cb6ec6afaad7cde5ab20ce7cd804ff7fec4ccb3f0cd9f20d821dac0860abc7ff8a2d3e25934c2c4a20c712f4ab63f04d665c791acdf17908f04bb2a1d83c894cbb74315a69132c5047b1f823cb674d59b8d2e4a5e8159b4f2b55aac8bcf0b86e29d2bbaa30921939ff5cd4afdac837eedda31c704510552de34c40e9d59efd44600ad6457829f27f970a5c24d67ed98ddbfe1e4d24b31278008dcc0bb8466efcd4a5d70", 0xa8, 0x8}, {&(0x7f0000000280)="fc54144f30b40c4f18166553c6c330af30a46ec4ec9706f38adbffdf144459354a57d959c7650289b628281077cd669a16f673bdfd759d6c0d960d16fb48aad3c1044cce87d241767235908ea698cb61fbb10bf8652a3cc8c4faf4733be098", 0x5f, 0x3}, {&(0x7f0000000340)="6a03507ea875fd98eacc69092f33f0ec0e4b6a5efd9f2ae8e5bba4f4d4d3ee2ac9b80742b318a6a5282a1e1078f93db5e37bc9d912d92e5b11f2cb832273a1d292ef26731c3e40c2a8c1b4f5e94ee7d363dbe5034b9fca05d3909a2ece832c01ac227c0e2e13527358f7cfd15f5eb5ddc695fb698ff683a4118c1d930b3e559da8b03ca3ae22f10d358965", 0x8b, 0x1f09}, {&(0x7f0000000400)="5c814409cf4b81b603b3095781e294cfc6227bbdc02b80542eed4274a0cf7b9768bd79a33ef4a1aea4e2f3269db79f172af015995c949c20569e0f685632b7d06d0b1f19f0ed9efaf423a94dda8c4920689de5763e2e1dc1731110a8bb7c567af29d480fa4871f895a107ee1e594ac6a8b2eee9cff43b31ef9ec50227a86532dad5fd4cb544730b3059dab0f9a53ac4f420e0dec59deab223ef5f1aca6119425f8a71afb2224baf270a0571887aaa31e899e3eb98ae636abaf57bffdead3effb99f2cf908e3544e04caca016cbb2a36b78ece09317a5eb4d7ccfd48e7cb0d0f2b65ee48742861163351ba55742da801f8688603baaa15b9f090de0bd57ce", 0xfe, 0x74d9}, {&(0x7f0000000500)="47c243eff9ce49f011dbf1949f570798a1dec3fb8a03276ebbf0c6bb6caefe41081e0978f1d5cd769c81884197e476f4a490587d1f57c7119b96d8e6c48134fe1580f33aa163df5176e8e0d574538dc73e8119d71957cd984afce2ca537d4e757f6029bf20cf1c3d224d79b3134c0c20610308bde573c1afe46338f4d99d7b83fb76074aa397cafa13f9eac1c8042e28a309b8a6a76aa798ece2cef0a5ac32f47f6b63e2369f3abdc30816ad2e1c201cac691c137c1edfff227a04b817ba02371a5a107b9249ec9483be3899bd6834cc5af70a74c952cd535da88488eb78da784587dcd130c87798df880298bb804e1818966e3154b4ae7b977a", 0xfa, 0xffff}], 0x20000, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) write$P9_RWALK(r2, &(0x7f00000006c0)={0x16, 0x6f, 0x1, {0x1, [{0x0, 0x2, 0x8}]}}, 0x16) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}) 15:19:23 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x580f000000000000) 15:19:23 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000012b], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1720.768599][ T26] audit: type=1804 audit(1567610363.864:239): pid=5137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3727/file0/file0" dev="sda1" ino=18959 res=1 15:19:24 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x28d}, {0x0}, {0x0}, {&(0x7f0000000200)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763e3062d037dca291318d0a17270bbce74b47888318b04aeb1747555ba16ea10e6ddb915ceb6397e514f3482ca3c4a1d3b9b3c08eaba138725c4fe54204eaa3d026ef9d3f316f9fb6e05b4eb24d9694ae311c93f10ff44910738fe220927cb13aeba91de1e10907f84356c9b6f44ddfa662beb127a3d751e96e4985731f95d987c", 0xa5}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 1720.868015][ T5201] FAT-fs (loop2): bogus number of FAT structure [ 1720.886128][ T5201] FAT-fs (loop2): Can't find a valid FAT filesystem 15:19:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}) 15:19:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000012c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:24 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x300}]) [ 1721.027189][ T26] audit: type=1804 audit(1567610364.124:240): pid=5348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3701/file0/file0" dev="sda1" ino=16650 res=1 15:19:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000012d], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:24 executing program 0: perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:19:24 executing program 2: mkdir(0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000080000000000000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c2000000000000000000e700e004000000000000180100003830325f330000000000000000000000000000000000000000000000000000000800000000000000000000000000000074696d650000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000010d3ac03970000000000000000000000fdffffff0000000000000000000000000000000000000000f76093c4bd616ec50d109c456ed2dd80f62040c11dcf5b481a0737be3aed47962ebd39fede8ee58c317521f8534469e9f5c5da448c0fd8e91139654cd49716a67991f038aaf10d98435eefae68662423fb00000000000000"]}, 0x278) r3 = accept4(r2, 0x0, 0x0, 0x40000) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cachefiles\x00', 0x913b5f5cf1db11c5, 0x0) ioctl$EVIOCSFF(r4, 0x40304580, &(0x7f0000000100)={0x56, 0x9, 0x10001, {0x55}, {0x80, 0x5}, @const={0x2, {0x5, 0x3, 0x80000000, 0x8}}}) init_module(&(0x7f0000000040)='\x00', 0x1, &(0x7f00000000c0)='user\x00') syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r5) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r6, 0x1, 0x0, 0x369e5d84) 15:19:24 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x500}]) 15:19:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}) 15:19:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000012e], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1721.238842][ T26] audit: type=1804 audit(1567610364.334:241): pid=5462 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3728/file0" dev="sda1" ino=18960 res=1 15:19:24 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf6ffffff00000000) 15:19:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000012f], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:24 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) r1 = dup(0xffffffffffffffff) write$FUSE_STATFS(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 15:19:24 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x700}]) 15:19:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) 15:19:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000130], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1721.501322][ T26] audit: type=1804 audit(1567610364.604:242): pid=5583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3702/file0" dev="sda1" ino=18970 res=1 15:19:24 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x402) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @local}}, 0x5, 0x3}, &(0x7f00000000c0)=0x90) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={r1, 0x7}, &(0x7f0000000280)=0x8) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x1, 0x0, 0x369e5d84) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20\x00', 0x8281, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r6, 0x8008af00, &(0x7f0000000740)) ftruncate(r6, 0x1ff) r7 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r7) 15:19:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000131], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:24 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xc00}]) 15:19:24 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000132], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000}) 15:19:25 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000133], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:25 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xfeffffff00000000) 15:19:25 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x3800}]) [ 1722.267419][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1722.283792][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1722.293026][ T26] audit: type=1804 audit(1567610365.394:243): pid=5801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3703/file0/file0" dev="loop2" ino=732 res=1 [ 1722.926272][ T26] audit: type=1804 audit(1567610366.024:244): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3730/file0/file0" dev="loop3" ino=733 res=1 [ 1723.255435][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1723.271151][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000134], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 15:19:27 executing program 0: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x28d}, {0x0}, {0x0}, {&(0x7f0000000200)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763e3062d037dca291318d0a17270bbce74b47888318b04aeb1747555ba16ea10e6ddb915ceb6397e514f3482ca3c4a1d3b9b3c08eaba138725c4fe54204eaa3d026ef9d3f316f9fb6e05b4eb24d9694ae311c93f10ff44910738fe220927cb13aeba91de1e10907f84356c9b6f44ddfa662beb127a3d751e96e4985731f95d987c", 0xa5}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 15:19:27 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000740)) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x5, 0x8, 0xfffffffffffffffd, 0x2}) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) 15:19:27 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xff00000000000000) 15:19:27 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x4000}]) 15:19:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000135], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) 15:19:27 executing program 0: socket$inet6(0xa, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000540)='./file0\x00', 0x2000, 0x2) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3) getresgid(0x0, &(0x7f0000000400), 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000440)={{0x2, 0x4e23, @remote}, {0x1, @remote}, 0x4, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1f}}, 'ip6gre0\x00'}) pselect6(0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xffffffff80000000, 0x4, 0x0, 0x9}, &(0x7f00000001c0)={0x2770df2d, 0x6, 0x4, 0x0, 0x8, 0x4, 0x5}, &(0x7f0000000300), &(0x7f0000000380)={0x0}) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 15:19:27 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x1000000}]) 15:19:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000136], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:27 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x2000000}]) 15:19:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000137], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) 15:19:27 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000000000000000) [ 1724.739447][ T26] audit: type=1804 audit(1567610367.834:245): pid=6397 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3731/file0/file0" dev="loop3" ino=735 res=1 15:19:27 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x3000000}]) 15:19:28 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xffffffff00000000) 15:19:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000138], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) 15:19:28 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000000000000000) 15:19:28 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r1, 0x0, r3, 0x0, 0x20000000003, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) splice(r4, 0x0, r6, 0x0, 0x20000000003, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f0000000040)={r8}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000040)={r8, 0x1000, 0x8, [0xe9, 0x100000000, 0x80000000, 0x4, 0x7, 0x1, 0x5, 0x3]}, &(0x7f00000000c0)=0x18) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000001c0)={r9, @in6={{0xa, 0x4e20, 0xc1, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}}}, 0x84) r10 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) fcntl$addseals(r10, 0x409, 0xd) fchdir(r0) r11 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r11, 0x1, 0x0, 0x369e5d84) 15:19:28 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x4000000}]) 15:19:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000139], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1725.035163][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1725.055761][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 15:19:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000013a], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:28 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x5000000}]) 15:19:28 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000013b], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}) [ 1725.718065][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1725.740787][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1725.750411][ T26] audit: type=1804 audit(1567610368.844:246): pid=6898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3732/file0/file0" dev="loop3" ino=740 res=1 [ 1725.880708][ T26] audit: type=1804 audit(1567610368.974:247): pid=6572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3705/file0/file0" dev="loop2" ino=739 res=1 15:19:29 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000040)={r3}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000001c0)={r3, @in={{0x2, 0x4e21, @multicast2}}, 0x401}, 0x90) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:29 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) timer_create(0x4, &(0x7f0000000040)={0x0, 0x3}, &(0x7f00000000c0)) 15:19:29 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000013c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:29 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x7000000}]) 15:19:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) 15:19:29 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x38}]) 15:19:29 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000013d], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1726.080963][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1726.108003][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:29 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x8000000}]) 15:19:29 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x800000000000000, r0, 0x0}]) 15:19:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}) 15:19:29 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000013e], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:29 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf000000) [ 1726.708735][ T26] audit: type=1804 audit(1567610369.804:248): pid=7234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3706/file0/file0" dev="loop2" ino=742 res=1 [ 1726.787136][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1726.814231][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1727.011705][ T26] audit: type=1804 audit(1567610370.114:249): pid=7083 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3733/file0/file0" dev="loop3" ino=743 res=1 15:19:30 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:30 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:30 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000141], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:30 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xc000000}]) 15:19:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500}) 15:19:30 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf000000) [ 1727.305199][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 15:19:30 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000142], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1727.348658][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:30 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x38000000}]) 15:19:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}) 15:19:30 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x200) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x5, 0x0, 0x607) 15:19:30 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000143], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:30 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x40000000}]) [ 1727.768577][ T26] audit: type=1804 audit(1567610370.864:250): pid=7568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3708/file0/file0" dev="sda1" ino=17946 res=1 [ 1727.815010][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1727.830685][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1728.016567][ T26] audit: type=1804 audit(1567610371.114:251): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3734/file0/file0" dev="loop3" ino=747 res=1 15:19:31 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x1) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000100)='./file1\x00', 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f00000001c0)=""/68) 15:19:31 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf000000) 15:19:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000144], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:31 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) 15:19:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}) 15:19:31 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x7ffffffff000}]) [ 1728.273753][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 15:19:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000145], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1728.318287][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:31 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xf0ffffff7f0000}]) 15:19:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}) [ 1728.405121][ T26] audit: type=1804 audit(1567610371.504:252): pid=7689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3709/file0/file0" dev="sda1" ino=17962 res=1 15:19:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000146], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:31 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0x4, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b660270fff8", 0xa}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000147], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1728.679841][ T7830] FAT-fs (loop2): bogus number of reserved sectors [ 1728.724536][ T7830] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1728.795527][ T26] audit: type=1804 audit(1567610371.894:253): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3710/file0/file0" dev="sda1" ino=16630 res=1 [ 1728.830033][ T7830] FAT-fs (loop2): bogus number of reserved sectors [ 1728.850214][ T7830] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1728.884108][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1728.902646][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1728.957932][ T26] audit: type=1804 audit(1567610372.054:254): pid=7803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3735/file0/file0" dev="loop3" ino=750 res=1 15:19:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:32 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x100000000000000}]) 15:19:32 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000148], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) 15:19:32 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:32 executing program 2: mkdir(0x0, 0xab) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16, 0x1}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:32 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000149], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1729.280092][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1729.301094][ T7920] FAT-fs (loop2): bogus number of FAT structure [ 1729.307408][ T7920] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1729.316065][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}) [ 1729.389057][ T26] audit: type=1804 audit(1567610372.484:255): pid=8027 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3711/file0/file0" dev="sda1" ino=17970 res=1 15:19:32 executing program 2: mkdir(0x0, 0x2a) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x40202, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) 15:19:32 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x200000000000000}]) 15:19:32 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000014a], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}) [ 1729.897750][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1729.919461][ T9848] FAT-fs (loop0): Filesystem has been set read-only 15:19:33 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x9) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x9, 0x5000) ioctl$VIDIOC_S_AUDOUT(r1, 0x40345632, &(0x7f00000001c0)={0xffffffff, "453bd911c9b0a2d0cf3bc401a91d6967b8d88ca2375f12412ab7719e781cf32e", 0x20646fc81c18aca5, 0x1}) fallocate(0xffffffffffffffff, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000014b], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:33 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f00000000c0)=""/62) fchdir(r0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000040)) fallocate(r2, 0x1, 0x0, 0x369e5d84) 15:19:33 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x300000000000000}]) 15:19:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}) 15:19:33 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000014c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:33 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x400000000000000}]) 15:19:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}) 15:19:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000014d], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:33 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x80, 0x369e5d87) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:33 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x500000000000000}]) 15:19:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000014e], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000}) 15:19:33 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) nanosleep(&(0x7f00000000c0)={r1, r2+10000000}, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r3, 0x1, 0x0, 0x369e5d84) 15:19:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000014f], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:33 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x700000000000000}]) 15:19:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000}) 15:19:33 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000001100)=[{&(0x7f0000001040)='L', 0x1}], 0x1, 0x0) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:33 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000150], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:34 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x800000000000000}]) [ 1730.909276][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1730.937989][ T9848] FAT-fs (loop0): Filesystem has been set read-only 15:19:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000151], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1731.161133][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 1731.161145][ T26] audit: type=1804 audit(1567610374.264:259): pid=8913 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3738/file0/file0" dev="loop3" ino=757 res=1 15:19:34 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}) 15:19:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000152], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:34 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xc00000000000000}]) [ 1731.565208][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1731.565218][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1731.565228][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1731.596633][ T9857] FAT-fs (loop3): Filesystem has been set read-only [ 1731.700697][ T26] audit: type=1804 audit(1567610374.794:260): pid=9122 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3714/file0/file0" dev="loop2" ino=759 res=1 15:19:34 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000153], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:34 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x1000000) 15:19:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 15:19:34 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x3800000000000000}]) 15:19:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000154], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:35 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x4000000000000000}]) 15:19:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}) 15:19:35 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) splice(r4, 0x0, r6, 0x0, 0x20000000003, 0x0) close(r6) accept4$ax25(r6, &(0x7f0000000400)={{0x3, @null}, [@null, @rose, @netrom, @rose, @bcast, @null, @bcast]}, &(0x7f0000000280)=0x48, 0x80000) fstat(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r10 = accept4(r9, 0x0, 0x0, 0x0) splice(r8, 0x0, r10, 0x0, 0x20000000003, 0x0) r11 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r11, 0x400454ce, r13) r14 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r14, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r15 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/net/tun\x00', 0x4c2c20, 0x0) fstat(r15, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r14, 0x400454ce, r16) ioctl$TUNSETGROUP(r8, 0x400454ce, r16) r17 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r17, 0x8008af00, &(0x7f0000000740)) fstat(r17, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r19 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r19, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r20 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r20, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r19, 0x400454ce, r21) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/fuse\x00', 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x2, &(0x7f0000000200)=[0x0, 0xee01]) setgroups(0x5, &(0x7f0000000240)=[r7, r18, r21, r22, r23]) [ 1732.214305][ T26] audit: type=1804 audit(1567610375.314:261): pid=9448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3739/file0/file0" dev="loop3" ino=761 res=1 [ 1732.484942][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1732.510686][ T9848] FAT-fs (loop0): Filesystem has been set read-only 15:19:35 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x20000000003, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r5, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:35 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x8000000000000000}]) 15:19:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000155], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 15:19:35 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x1000000) 15:19:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000156], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1732.697390][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1732.707444][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:35 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0xffffffff00000000}]) 15:19:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000}) 15:19:35 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000157], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000158], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:36 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x2}]) [ 1732.984520][ T26] audit: type=1804 audit(1567610376.084:262): pid=9449 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3715/file0/file0" dev="loop2" ino=764 res=1 [ 1733.277347][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1733.300725][ T9848] FAT-fs (loop0): Filesystem has been set read-only 15:19:36 executing program 2: mkdir(0x0, 0x4) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x10000, 0x0) ioctl$TCXONC(r1, 0x540a, 0x9) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) [ 1733.416641][ T9855] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1733.425324][ T9855] FAT-fs (loop2): Filesystem has been set read-only 15:19:36 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) [ 1733.636143][ T26] audit: type=1804 audit(1567610376.734:263): pid=9671 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3740/file0/file0" dev="sda1" ino=16698 res=1 15:19:36 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x1000000) 15:19:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 15:19:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000159], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:36 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x3}]) 15:19:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000015a], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}) 15:19:36 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x4}]) 15:19:36 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xff00) 15:19:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000015b], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1733.967705][ T26] audit: type=1804 audit(1567610377.064:264): pid=10057 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3716/file0/file0" dev="loop2" ino=766 res=1 15:19:37 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x5}]) 15:19:37 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) fstat(r0, &(0x7f0000001740)) mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) fstatfs(r0, &(0x7f0000001800)=""/78) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x20000000003, 0x0) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f00000017c0)={0x2, r1, 0x1}) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x2, 0x7, &(0x7f0000001580)=[{&(0x7f00000001c0)="470961e6c7f8cc611b9d830938e4553a1f4872d6e988fce65173505583e93b940c7055a5bf0227325f9145766ca785bc255e630b2588c9de5b6639dc3a95d7d67c2424b023df70aee35e2638efd22a238683eeb6402c0edfbe8aec01be121452c5f7d846736a5ae1fe89022014e514adc450edc3ac77102b05d93a36e70e5e50a2305ec00a7182cd1ad8ffafcb09ac06a64bb808928bc5bc93e417998d7c26e73dbdda8f45a8", 0xa6, 0xfffffffffffffffe}, {&(0x7f0000000280)="3f0f8707705f60e852b19b293a81c92c73fbb7303166343545d44eec63b074c8bab12c2ebf9f5f43e31983d76450a51b0a265256fc9003f996be482c1450889e1366ad03631b04731da8826b0c21984aee5e7e", 0x53}, {&(0x7f0000000340)="c0528fc9dd60ee28965d054d1d3eb54b17af66911d2e8bd7504df0ed6c76c14e0d24355c719f5b0d1505caa9faabbdfb2aae0eb6b07fa2d03b92f0002f4cd41404d9e29e23f229de07ec093511808dc3331be205972b62d5eeba33854655f689e365800eabef638a2793defbfe348f413039e8434e2f0af318e8a6bf2b004bf6feb06788c7c23ff93aa0b4aa594a1bce", 0x90, 0x8001}, {&(0x7f0000000400)="7d14416376d20bb9e6175f33bd224db9f024050cf8d4211fc1fefe270f47e8b965e1906b85a7491ef84aced92a24db813e7049dc7a04cd8d79e6bfc1ad35dd8ff8740386e92c3c68e938556dfbe60a62d028d6dd686d1ada33b9e09f1da88ba455c9bfd838daedb4703cee53e72f22107a776aa4ac8ea3a4775958f8ae8c45d47df9430889151c1b1684bd87dab055606722f0804e694ce1eb9a295d21505ee60650d26374206c2d9fe5b3167271b3616714c8d4377732c26be92f8d459870e769d3d12edee1", 0xc6, 0x7fff}, {&(0x7f0000000500)="1d61911d0d423c48fc34bb04f7e6846ffa7c389efd2566efd276b054ebd3eb30527cf4cc48f5dea75d378da11d9e99bb1e5f51d78ac9f9fe2db8e55099978dc05db534556e72559095a5e8d571480fe7459137986f66dad2ab22e113e33bbc0c39a6288e087cb0ad22582e31dd377ac60be0ff7aba5f471fa68d29b2c86eb4db294701078f4ca5bf217f82c6d293e224c83d5f6e7e7984bc24717ff934df2c309314b429a82be97616eff1051ac7e2e75341e0aca0ea80dc8f0727ce21b260b974941d5886eba299f4806729d8920002ab5cf726e9170cb178f63b23c87087fe624a215445801ca3d839c07efe04d1f00242bacf32d6c738855134c68f7b6d2ecdecb7f10fe429f958c848424975c3b6cf0d4ffd94ce904a6c32902ca353f49a75c526334aba21919de12c61d48da427c3427c24191c09e2803fd6b093477da1a828956258178c2c1a0fbe7d7bfb6c7b7b903b7aab65fc38f615b394c5d5d2367a238c35ccffa70a0c93653042ee2fd5f5df66548e5373ae5e89e1f6f41c31b567bf8b58c5d62edacc0653961b03477b593e89657d61575ea638deb583f4e09c14ed426b67539aa47d236fa6097cc7e59575a520ae5074076e61bdca303fa26425c48bbd26a4b70e5676c6e97b578fefb2e997a441b3280a822cd5d425bf9d63d2d433d48f5731e7e532d6da4070fc2b532b09f98c206dd113142814652d27e16b7aad5e7bc0796bafdeaa2d751cc142acc730c07b25004510dd86d01cf9ca241df2fdd04cfd1b7235075bed4df3b1dba0c59789a76a274e30839542d34541058ed70a515b904fcb4d696e63f52cb7640b7cf9c3403ac0eee43e2aa869e17d89dd0cad48bce7adf86cb11aab7b4945ccb3b3c28a5b33ee7a81bce850032d1e8251e9acae496cfad0e6eb2bfe948ed84f14b9971521bed55b93b256ed2da9c4a4308d93f7d8d3f2ec038f0d4ffd93db252d4b85b1d2412546c75e3753e2c588008cbe03ad9c5ffd97609c939a02ab06ae45253e461c6ec45e9b7f288f573033b936b4f127f0e7724a8a04f3a76708e365a03242b14d13135659642b0bba6da08f400755b125769684c0051a42db48157a234b264d48fc9c0973d7adcbe0d5d636d6c91fb6ac1ebef4c577065e621dfb76811518e7e759af9368702b245ed5f11325c21add0ac40e0087f0019447a536434849a63d2722c9d41d8230fede635b8551c26d09a76a3419b62c81731e2d984c972c0a41174d321a2afddebdfe6fe3ba92d9e60c457cc48c5cad1dbcdea754e2c4ce0dc5cb534f7b10bc9cbf4511308077a91bef2daeeaef6b512fd2e89a2440346b073f5cd40ce902b724d225d0c95649ba8152b07a4c32d92d8e7941129a7ee0f2139101100d5c21419288b734606d6ed07e041c4b489064ef1644929fab8cf7bf1a6e884745198268b9769b48a4f853e29da904e8b7907ac90b348782533605e5270401997d04e57dd04a827dad3b3eae084df2000af2803ac1292270c4881f6d6d6169d42941219a4b2c1dff80ce4ab4eaa73e184095c53f4b6b945b00443f2fbca7fd77962214af0566c16f87a2bef5a721fda18e78b3c7b0a51ba0a5074c8182e92ea8af44f73cfc9d6de851b63f95fc573f32bf672286eb2bb1af4a838029638e776dcaf50ff2f0f10220ade3b9cf1f68561a1e9de57f1f92ebfd763bfd716d5c29ee9cce2e95f999b46524024de2b4c4270acc799b1c629f1c6a9c7d0a0b45dc859ff4cdeec27e92a76094ec678da15cfefbe0f4484c3f27168f83752705e69fc2f1a6dc43bbdc43ed5743dc198bb6f2417a3349a890b8b709776ed244d89470eb2a2e7fefb11cedfa1082dff40893c463ff30dea17818d3f6882cf2607df425bcb65ea672a8c919595629fb3d10955e49dc1eb3451442b334016520008d6638bb526e9af9f14a05d935eb414c94e0e11d94fc56272ff2e0afd7e9abede542f01e9aab02506192907bf1d67bd06c382f07ed9c74bbfd9b5fba695ed3cc577de3b1eec628d84dab4a00a3c370459b076d53856d52e6108638973964f52c5f0c478b1fef3b20157dfef54683c8fd6b7a14c75d0853fbaf0917c64db2bb2e5824cc115924f77679da600fff252f57f1188a584a2b517b0c7f5c3afc4258bb74526cb04e77f1b0e40b85394610fb1e43f5134eade1112d728ec4de1297784821ca13c64e643600cd63de87d3ceb78cc52b45ea385c08ac7e2a5d00958e63d2079a94d4715c511f3400cf0757f69ac3de8111700547c39588ed5cb805e220ba577f1da58ff5a11cff8bdefbd8f9b8039e376b2073e3e9630526d2872c6bf0277498e27a9b98e2d4f87a745e5c12285af63234f1298d2b3c128ab500407af5e93ecea204302ebe0f072ab95f3b37a988b6ffbbfcf2838c6724b93fa601e8029f024205e5e9a78202eb7748a71fdb22ebd48109e91998a303d0bb989e9b4dcf4a8054a9bd77a2ff8ff84d76001803f1512baf63ffd1c1477e62a48c105a83a559ba7f8ff823403a436cfe827ce8dffb27dadda987ceeb5c70cf76f683b0810d6d8b9f1f02eb7c0fa7270c43290214e45afde5f11d93c7ff53636c7f482451d8c3d2a2b1e4df054bcb2a11d1be9481f5f073649890b565a49e5f5b175f8bcc1da0a97e430217e18a7f72ccdab3fce1fcab7149c198d9d89e31d4b7955569ab3d91980e22954ff2d29a7ff320e20a0b60f8ba39fbe2ab793a5bedcb70fc8a4e72a64e1ceeeb50cf00d4062be30b2a3bb7067e9c177e23e474d352bb5ebac45b3736eeeeba0e6b8c7d7eb22a93759142349680e36099e140cfb1f5cb261f91cac9072dc59fa4951ce9049561368a74161e3c82b05c965aec5efd2a5708df5febcf49ce0f6052c6f99a9529ada52fd3cac9416027d3146676264bcaa496bbe0de0c5b342268c9760a0c71eecd6c3d06797f78e7a0677d0a3e77beb13fd290dcbd433c7fc9f74b418b3e782dc37b7e6d53a8c9db5cfbfb103181584a874ccd00ed3c6a43df14e708a61588aae4955e6f87ea6096bdccf1e3280efd0e36abed4b75291d75840f0ffc0fd96b94b23e6923213802bdddf95af2579e51c4ddf3b5716ede68934f0e6c3efd986e5cbcd2c7f325115128608cf332146588c162e4e8ee4af60e859c42a674c400745f30b637b37d5fd56d5a0f2ef154ef83a484b2bfe18169a92e635efb32c414c72b6a298231ba24bf3962b6c831c058fb8f4b6277046a005d0a24b48dc518fb6627e4b74317087486498a0b52d65261be4f6953a617d56acb83660cbcbce87811c3124cb59703c9e1dd3e0c82611a0ddd2d876c078ad5c300cd905dde1f0ace700b273fea93cd0f6eece2c9c90c8909a11db9d3d60113ac63486a551e3c4b75ed57cc0434adfc141747ec67e3d36417e5ffa16745df7df47600b6bfb86df3cf350a5160ad012fd0270367a1a2d6fb623cd814fb63bbfce40aa46ec2d9603e22c963969b8737675e51cd2ce0c3d1e39cf8ca731c5d9310c6bbcf6c62a3d4bd93d7559c16e1caeaf6685847341b7f13f6d52bf58620e2f10ff7e490ef5e20c4ee6e76c566bdcb427a24e22a4609756d1f01929c67b4d1a36073dc284d069832955e2772568cb2bc717efa22a3d7713aec4e21869e7b9f4e3f6374039877df54d113e9e2dfe5e94c6ceaaee3ffeefc8b9a6dddea31de80600af6a67de2a19e4a1fa33e6411e11ea91246b12927b7ca7e07f9c813079fd66316dd7d4d348fc3a61e334ec2e9a6a0cb540d8a1c7fbb9462963f92ed88e513ba57493aafb5deeedfd605b36bde6dbe5ff6db166733c9f6e5b18075dce23c6b446c4ff0fbb2e32d15749000549268b763c5c067a06ad20ae2976d50af649c7474d1a231e213e86ae76b46dc60d18ce47e705c789c5d46cce3bba20e00896156f4086ced6856312b587f8b886a5eaa411af4ccd5ddebe2b6bf15b34c697bd82ba9aa0d73f09785070edb7bbe65635ad9e3f588d3681c7f1afdba56c10c5b44d6a9cbf71a3cc9179c71ae4b7ed8bd52f9fe24adbd843189cbced775979ba1c06652f59a4e0cdf32b21153c6d7076d6398a52044585c451462f746aeeea0db164c1e071d6a65b6ecd0c6e42fdd7f571ea84be95f6789a00ae224656d9ca269007c0b96d87397d83ba40d735a51dfa31fe8dc9b3587463117f8fcbc038d1f7269438260c36c734653d4c455bda8b5c7760a7ab25931bac4bf6c37b6924ad32a947c64c60e2bbcbea61d7fd0ee3a54e41298898b198f98c5e64c82cc6be744a6b109d8f470123754ca399c19c5f46fae8a90261b0cd38e0a2d2c8e95579f83cd19a62624993a98b64b21d888784ae8f1b23f8afa783953b46868a306a6efdbc2f76a9f9ec4f4360cf13daed410f3d7ed262fcd11233e4f58482b9247d94004f8a04308f6083dade2524eba3d4d3bfe586d02e177d7c59416559fd112e5623ebb3e07f818fc6da662de46f7556e21452c8dd3bd9d013f0e3c2726bc1405b57bfbf66de7ae5e63ff007f5fb3384e4f7c87524de8f645bc7385d5c73e7b514583bd2480f3d341b269e7d062179ffb679e01911355c811ec932b10d1dbbd1dd1b0549ed9215730a6664987658b6b0454337acb60d072512aaa775308b4be63dcc339f7ccf0d2c5c94576b4c622887fd6c5b2651100b40bd846014bafeb1d8ea2d6ac19cffd750c0786723842a11e95ac32ec857d6be78b39a46ac12eb846d828ae846627112c2c5a4d3c1e50d4e9e306c067a776dafc1760517cd8d5f850e3117c38441a3839ff8b948083a1aa1dcf439fae3aba37d4cbe6288f9811636d89b7b6d78416adefeac75c191e637b4dd14bc6999522fc81ec6589257ddb014e177a7c8a03379eb4b73d0826d899d50893dd73cef4f491946be29589cb4e3629d0eaf13ceda5428344529ba638e61a055358b2e655c9a0372c9df77e4ac7a8c68d9c42b54daf1a733377a280fbd7b50a9b9c28cffce9c381bfb947712baccbf808a6be34f7d6f6a9e5e803e61b617c0f10427fe322d467255a0cfb5c6fb08326159f492ff6e772c3207e1e99d50f04a8c643694cb6948156a7c6cc45df70f8336969d6c768e9447a1247f84a8840fea6802d0cc01defb22abcc4203388a11c3fd028ac7271806b4b0e4fb51cb675eebe4452bf06c96b36440d8d96c2ad113602bd5311b95460dfd00f639d74b07199dcb871a869160e1126283e7bc582c16a223cac0dbe0335c1c07623717b622bb01241ef68a3bad049c2f3079651516be1ae4997d61311fceb99d218c5e8d7868b8464ce435e3fcf1c1948d969f1460af900679214f1ed4ee29da5d200d6c5421d16e7d3c8d0880a4c1bb241b3caa6b8ecbbc016971e3de49722e5bfb9c6d0dfe51a48842d1081dfcc3b65596ed8ad5adccd5493ffa36315a8a9d7c4f3cbbe874f7e8db4a0da424caf83afb3aa2e6bb1cd227a76980826d8ecb2fd0d0f54ab6adbfd889de4a127395b95a4bcbf4b533cff61824367048c0ec278f4013bd4f9ab299c1596db128371347623555100cba1927d601afed9d6c7e0424c9300cf044e30ccaeef3f9637c0476b0ab4ce5ea268b8720466f60e91283b3e80757b9a1556ab4e29fd14b534de32d821c79f4a505b7c9323bd27acbef20a484e878719f2fc88b0f2e94610ce49d1b67ffba75ef93bf4143b1ba5c775edbe07e1a4f38755c157ca4b2e2ba913e9cfce022ff87eb2c6903491645dcc0827bf0459bb678c647bc07f9833e48c13ce7903057a4885140608b5043ac01bb6c363118d01ffa6bec85f2f260679556d044dd5", 0x1000, 0x400}, {&(0x7f0000000100)="d069ed8a5cbfe3fa5233a60620bc68bea24695f1e959ab6b447f", 0x1a, 0x2}, {&(0x7f0000001500)="d1db781ee2417ea7a2daacd04b0fa302278ad8f4331d84ef5daa847cd23e3b5fc5d1f9f53455f541ee2710d04a58c1c966b56d581d880818d9df40fc82993585b6a8807b3a59", 0x46, 0x9e}], 0x100000, &(0x7f0000001640)=ANY=[@ANYBLOB='usrquota,noquota,nodiscard,umask=0x0000000000000005,usrquota,errors=continue,nodiscard,errorsckfsfloor=vfat\x00,smackfsroot=&,smackfsfloor=GPL,fsname=vfat\x00,permit_directio,obj_user=vfat\x00,subj_type=vfat\x00,\x00'/216]) fallocate(r5, 0x1, 0x0, 0x369e5d84) [ 1734.289969][ T26] audit: type=1804 audit(1567610377.384:265): pid=10261 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3741/file0/file0" dev="loop3" ino=767 res=1 15:19:37 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xff00) 15:19:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000015c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}) 15:19:37 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x7}]) 15:19:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000015d], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1734.545542][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1734.600415][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:37 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x8}]) 15:19:37 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xff00) 15:19:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}) 15:19:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000015e], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:37 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000740)) r1 = dup(r0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video2\x00', 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000380)='vfat\x00'}, 0x30) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r5, 0x400454ce, r7) r8 = getpid() rt_tgsigqueueinfo(r8, r8, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0xfffffffffffffffa}) lstat(&(0x7f00000019c0)='./file0\x00', &(0x7f0000001a00)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001a80)={0x0, 0x0, 0x0}, &(0x7f0000001ac0)=0xc) r11 = getpid() rt_tgsigqueueinfo(r11, r11, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0xfffffffffffffffa}) stat(&(0x7f0000001e00)='./file1\x00', &(0x7f0000001e40)={0x0, 0x0, 0x0, 0x0, 0x0}) r13 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r14 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r14, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r13, 0x400454ce, r15) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001ec0)={0x0}, &(0x7f0000001f00)=0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r17, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r18, 0x0) getresgid(&(0x7f0000001f40), &(0x7f0000001f80)=0x0, &(0x7f0000001fc0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002000)={0x0}, &(0x7f0000002040)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002080)={{{@in6=@loopback, @in6=@ipv4={[], [], @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@remote}}, &(0x7f0000002180)=0xe8) r22 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r22, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r23 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r23, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r22, 0x400454ce, r24) r25 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r25, 0x8008af00, &(0x7f0000000740)) r26 = getpgrp(0xffffffffffffffff) lstat(&(0x7f00000021c0)='./file0\x00', &(0x7f0000002200)={0x0, 0x0, 0x0, 0x0, 0x0}) r28 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r28, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r29 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) fstat(r29, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r28, 0x400454ce, r30) sendmmsg$unix(r1, &(0x7f0000002340)=[{&(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000240)="49c05d8b558353ffafe258992cf33895bad2378b4f353825cf540858d1fb62abc747be3a4d9e7acc65ed9b10b7db3725b4e32678e00229a33614d28d4379d758a9eca3bde4b64dcf8f1a5c4fc45f368c2f8d20", 0x53}, {&(0x7f00000000c0)="add073adc2f21e6ceda29eb4114e", 0xe}], 0x2, &(0x7f0000000400)=[@rights={{0x14, 0x1, 0x1, [r2]}}, @rights={{0x14, 0x1, 0x1, [r3]}}, @cred={{0x1c, 0x1, 0x2, {r4, 0xffffffffffffffff, r7}}}], 0x50}, {&(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000001940)=[{&(0x7f0000000500)="b5aa0ae6cf99571f393da73e63df087da2abf7918284685b4d49c54e44a1a77a74112cb641ed796d46b2d8fc97cfd265c9fa15590e6b3573129a8de239c80e55ec70992450c985b04b8f2f739bcf22bca92562f7beac355b3cf0cc6ce963fa96c0420cdc201661c4be6282531f4b06976b4c392faeafcbb85bda8efc3e21eca0cdc9623a88c9cb846222a14aafdf1d8d735d133b7fc5f3ad7818bcb3597cef44d266dc2341532b4a7fe283", 0xab}, {&(0x7f00000005c0)="9bc34f1c6b371d67ca0444c79275fa43030c86600088b10194abd7715e681f456cc4dbfc792539301ee0033093216e41a5ddd9046036d2aebcf557f2417225b37e799718367533589c8c95eeef5e8163d9b51e1fdabcb5a3c555efb6fe4f9eb37e410a4698449cc3457fa68b55bfb00b70aa48f1e7f570179a0d074f0facd39b4f12e6e744f4c41c6ac027dc8d2725e6319f2bbe", 0x94}, {&(0x7f0000000680)="dec23c85c603f0e1d0cecb2baf26c423ff42991c8f673499b3ede198aeaf529d9be9dbe693621e3498ce0dac419bf65f73c86e2bde7a87fce62f0d5e7c23734d4d4b5b018bffc8b867069a1a129949f91fb05b44eeb031ce7928cead36f7a1", 0x5f}, {&(0x7f0000000700)="62574c5874ac1bcbb996b42ffecb74cbb9a6ead8a6a7e60ff130630d7dbf6316a7cdf7d2c2b6f15b88f6da09f8f6bc128be9c3a6dafade4d68b7935adac1a2d36cee6367e715e8e53d59d7063f988c2dbabbdaa5565ec73e3b047f5d", 0x5c}, {&(0x7f0000000780)="1f56c7d6ca6b533923f1085beb79ec1be5d01d59bebe", 0x16}, {&(0x7f00000007c0)="d42e0c756227fb57f926134a1471a8400e36cd42b91b881f4f28d2bae922da7d9317114187f296abc3e7731c1c305280cd3674f9896aa389ba5d3824db1ad97c83753695", 0x44}, {&(0x7f0000000840)="1e7bd6c3cdca13a131908d903f31d706f73725ace2a6c0db13431ed9f7dce3d9e10e2004db1256cf4cf80774d532df83c15df58f6e3890c7bcf20ab437e9137fd0fbea74624c00f035d1f40f2db64db402985324b841d8a7b18cfca29150142c38891b283df8f1ad7d7a3e6a93bc2d8b1c72815bf310e4a3912951581591c1c14074ad8b0d56ba176cc1c5cbced99fb4504c85ab17c164052cb8a435fb4792c4d6ad9d3e4cd9ebf98b8e586fb67b4d951a631e594bc4ae5645a95209e49c7b81c6bd417bc1de0442aa20d1a731ae9345dc5b2ab935b95517851a1397041568d77e76416945df9ca05414ac4d8674e08e2240b2d7d19e8009079fec1030ae2c2ff879715c88c38e981b86ca0d7b32b9a3fac4072b837dd6844b79817486af487113ff863558b6420feef92a63cebcf94e9909ebae2c00f9886e78b739e73510a2bf4624f8804f095e92e8a231785ae85518ec8a52a9fb00eed2ce80a362cb51368fe92bb543eddaa6b55ecd9798f0c3dd9b646796b03adf20badcf662dee10a78e61dfd8124ac77ea3eac3ceba10fb1711c85635ebcdccfe2e619f7bd6c4d81fc17a898dd20c4dc2fbfc36dd334c7bb5d7d7c9775e5f3c0fbebbbf265ed76de643de75bf01c02b60adf3b835c01da598d0cb080e856bcbd52aa61b32b82f35167b2cabf92a04ba13b55dff219d69ca296923a51e7c0a3a7dbdc58940a34528affe5ea177d4224d7a3fb10fbd78a1dc912ff15d22f1a5da8d36d4a933f70a22e119d20d8523ff42517938246c42ea13867c03bd2401e7b90c0a3050a6bebc052a412807c08cb5c527956a4ecb1c351d89a5d1d7f49d49a2985e2071e3827d7d506d1eeb0581dbd9d317e605fbfd439d1486eb5960e5c03c9eee9d437c4747cc9a5ecbb6942a807092b19c251cc94bd64cbd6dcad6cb9b57334dd486073d4b58e816d07fac5abbdcd05b4da292573b90183946acc511ff86b8ebbbb65fe2448f4f4e799a5d56ed6a03e752a2685211a01fad6bf434e0000a54833319499edc39b9a02b93c8e3f10d42913702d820522a8a2b33875d6530450cef4f915ed60696078432f799dc0ac9d326a34c84a8582e8a56303436242f17b1c4c4d19df74059e90cf4191940e1fa052f33ef2c5ee03e80a6dc8d90e0b950bab31a61a4bda9678b7de02a51720bb1be4d44f5291e0cb4e75e5c4584da64b665a1942b51c5ff080d113ce79070c6333450cad14996ae17bcfcbd91a33d5f341e9aaffd4e56f1dabe547f5eaefc49f12b7e7143705806dca62aed7699543a18f77a3d1fc3802a45f2412fad52dbbc314051c7f7ad9cebd0aa66ef759a3c0ababa0d4347e8bf0c4f0916dc0200f3ffa9e20ec8853feefe7258f584e2f550f4df75b1a6c8c04672c92e818d44068fb78ebe3f46f1c35a99f34b8206518f96a0ef3ba420b2d99cf861ebf4a4b15959a30340f9161cd49b51cc7def5daa55e9081a789ee5d9ab5c163e6268cbef46064f8fc5b58d0aa1ab9ce93aa41502ae750cb714ab4a76974b83f6a9bd52c5a7a59add1608b23bff1e77c2c0bf12fe965bac897f73d685986e36acb345ffc429b727dee616b151a4039290280e7e6fd9465b537a08fa0ec853b98f219f0a42b5927fb0ad46cf1c40286a8856c211935086a545fb5bcf28023c6d212dce32ae034f2961be51c8f82bf8ada3ebc419243a9c8e549f70d3ab8a1b0a4c4dc951e4f77615ddc290033f453c5c20d5e4603ce7d1308e888f4244cc77bb98c114bc291d75c1878111d6c3921c1cbf768c4c540fa1e6eacc82c54e3f1ea3720a1c01a2ac3b63814a7956c30a053d00ab229179d358e06beefcbf760f191a910ae779aaf133431bf1cb314e3bccfc25ebde5d00df5610a40308cec6997dd556895647dde69f724f584bae1296f9660e21dd34b03ae7eaa7bc55aa0111f5a48f56f3a6accaa1158fb022c05b3de08cc102f37a35f848cee9a3aaf84f58f45d8bad2c1787a0cb305082ade8165db8824a35fe1c9b237ef33a73c7b863c9e99ff60636fc63156c4853934050f8460ee1448f8a13b78868058f13528d2ace2b00bab528abb9a500dfc2b56a422d422822b7490b5af51256aa2468629d419647071a8555430f2921c25bfd09d2c2acc35461c3be9b557d579ec901ce21aa43bc621ef0a6399f3fcbe3273c948a62db1aff5de8f991abdeb6e61d8e8dc14f72165436177724927dc2f2d26ab781ef650d9b73969fca6f0bf612c8dda8940194ae862aa77912639086d4cee34a0a9221237120e88fa7c764977ebde3790e87bf8f6b51f2c69e9e19ddfb3ba0d2727e9c63c2126ea4ae0c95d2bb8e1e95fc6bb7442eff29dee2c03c37d8949f30b599fae5dd982fb23eb60cad82550bdd148f61e1bf3bf788c3c430ce5c09432603a77241bc50b5292592beb1e5b7d779d5f9667cbba49a7f5e3d6ea046eba5c4a4312e60bb28b9338884f0006449dbaf691a710bb75446434e10879207577b278eed79f0df5dec96f8a395ce77bdb7cc21d4ff09f4723ff65c9ea496b95d2adac65da2f1505dd319ca743bbe2072980030048de5573d173ade9911f484a8bd81cd167bde473a2a77b40c63ae518b51bcfc4e5710966c8842b8e7e4cd8d93dab46c261da15e0cb6f3dd221577719151a89839a0d4a58b4cea325402c818c9274a4c088cec800674944071e6fa39ea2850488187b704ccf9e85f9f4fe8febd594fe43828b37a1acd76dfc2164cebdbad5df75f17d04c66fe678015458eecda90b9ffab88d7ffd1192c38feac2b76086eed2715ad26d103545bd5f033c431a5da97d503d9f34dbea804a546863d89ea96ae03fd358bec6854d0cb29503050e6f7c3c5c6c30345fd4262de718f8adc7b2f239b48d709f6e584d8fa0e0fde221afe08c467d3e05e840c43bdd506aa25ccafb7f59478a3ac15768ec37f750b80d5dcda3d723cb0ac9038723ff0efcc18fd1b5ac3536d82e8cc8f6d76dd3e360a4e85347fa911bb825a1b1398363f73968f620c5ebfd27fb05ea2e0930cfdf89eae25dc1b7344a0229e74ee86110af8e59746f889be2ee122a78da936be44e9cca491aa4fad8f132a9b6cc4475b8552a1cc55ed4178d6aede2193efea6048eb0bcf25a7e0288288f124f6a63ef4bcc43cd0539f31af3ae429f297a7ca42dca75716ead16bc3896f394fa7f2686bd2ff52404bd6f38c5808e2678d8ac4e18e5ed2191b4c480ee303141c1a8396c7d6d2856cb40c4337b8723f3d7616271f3fdb841f9122db0d9a836aac0eba6ba8cff585f984c3f22ae48f94e9035a811c854d85db9143e9140533dc6558ff03c37fd9555c8545e4ae7df404f2d38682c792f72394249a384d543cd0c55388010caba5e3b21ab7097ea3163db24067b23cdcf8c0b16a3859f1a132cd93687d54cecb2e6b36be65e0a958abdd49d94377a8059fa1a329140ef59c761b5d1f41b59a5c96752e519df8a6ce157fb2ee25bc3c2902f68c70b2035f2a34ab85156111ffe7ba8c5d67cde190fd28044e0f28fa41bcc58d541a9fa7ce9bcafa9e86d829b14d16818f772362f38a9e3c33280791a844c1acbb90200f1c3fd223bfee6d4cdb2e6a3a7f77129b6fdf2f7a02839aa8ec46b3ad2616a3b7dc0fa8434869bf04d33ab5e3e30cc84878246b86bf07e4baaf7d019b608159d7dc2e224e3cfdb891075a1f382c79a5411e9fe19c2146142853f3d0b04d105b0cb7a1c3e15755b1f812426f7242c7cfe30f474b2265ae5d8610eaddc0e1cadf1edd5f019a3a060e4cb8e6f2b570696fccc2a55d4844122becc9da4bf44800ebe81d59f53c15bc093457641e9cbcfdfc677c788532aaca961ee3d066e4fa52d1471a52407f9ad6865bebbfbf925898df71d5deea935e65b86e1ff87668b239833136412fc6892c953a053aa26cd45c945dd6afbe628847cd966e9b09bb2339b6d0e206a53999077f6326faf69df298d1a8e5cb0df3b7afd8cd95c63a296027674b1df8d05470a8c28f65b07393f0c55852f2c029aaeaf02401d18a91cccec4688bc1d76dab3eb160509d9edf51d73784d63fe50099cbb7c29a2f662c285378c1a42421b40da6b4dcdbff36893d74496382b529d101676d8cc137fdc68f137592cd7d92a1f731200a06561660c745b5cd0a036ce3eaad84871ac2067cde56c44283c1f671c2914325ff5ca32f98898df59a66115ee81fac4ec0c75e87b2b1473639bba9594a9622dba2ca99b418ffa15c4fea208002bff288b328d480710c90e2d11308ac7dfbcbba77393e63ad27181a2c89d21e699fcc943d3f94dc5585e86b99ea4ccb0b81c9fd67f2f500281cc1325daf07865817beb3ab9c39e1831eb4ac30d32a66931918b1c8b5504297912e190838460d1e539993044c2b3dd7ae807d16eebdbac831c319e54ee80c1143f2376c065013a0d3365318956f4b8ae20736a1160218c08828f4adc88990abaf7604217353abb681416db912b2d3af5428013f926d7d296b1662600bede1b98bdbbe1af1e91960ff15eaa98357a1c158af8da92835ab10d856259e74d14e9957fc056123b382a308a56b89f32d636ca8d49aad3c29f2a64dc194610336c0da7a713a457106dbbef8f3b8ec9d985aa5e3cec039aeebcaba08be4f41aa2b99f0da6c6db5767050e09027a884517532abbe130037768f1e34259900fb915e219953725fd8126f8f65d627e8d13859da0a8afe084cbfff77113e9e1aaf5b4bdc4a1bfe26820fbdbdb4f8c186d1c12bb8f4c1245f4f49580c863ae8d3984efe98122442ee43c69d10430fff69787058a33f5b0ad31962bb99aca842a98a039bfd4e23c3b02c6c1405c06050f69a6402b2f0c306b1221a43a81c6f43c0c3699646d474ac7af3ffbc1868199f1843ea9dbab08df4677ff26f9458226f66784852b97908ed85cd8e38cf76d8aae04504a109a20219903992d7b13967d5816ab07c6ad7b60c675fd71d3b5a13ca92dc5ed9b5d4401d4ea7d822fe0ceef2fa0ef2fe6f905ba0c8d39692d6684e9fd9015816f9e0b52cf02fabe832f223b6170527811dcc39b3ad7648d5673dd06469d84a2900e2e089bc0b816bba1588a1daa36afc72d9bbd74df27d3ff23713b7513373ebcce8eafecf499aac3ba980b348c00024d8e01ceb40e92167b19c42df26033d2b442e0a8fecc88081a8a20cfd575c7d8080bff08d687210f913a16b6bfe35c3f51f1bf2cff48346d2b72ee92229abeab69a442eec0ef97817620bb5f2581cfea76df554e1c359b1ba844a3b3374672bf6befeb2b5507dd00610679e85780bd783ed9b804f8e9bcf96f9579fdd48a8ce954ca918163b038d3e9e427ac58e941d842bbf0fc74bf9cd54369670862a9eba309341bffe284090f193fd12c9ac7d66a4cfc84fe959e10941b3bebe642e5de2a6a041dcba9e13e33e8b3ba78f300a328afdc6a0c460e9904b8bb50f74c56d1f0b038b541adf2d125d2aa309318e684bc59256987c10ecde37fa0af55308fb5f1ddc974548a435c9fb9ccbc13937aa3542d096f32d12c7784f9be73553cac7615eb497906a67ff381fe77ec9f5de8fb6579b0bbdf8da1871981a424f760b5981904f2b0a29520440f497aff07ff3ead793bb6b688e2b5841749dace4899aa70b86c99238332589f6d1fd8449a4abf4bfdf2609f985dec33969b2b8ba380f8b97d4c2016f306bfabfd56759a89667acbb71961fbfd9384557355afd964b88f83a5458906b7acb3bb5d5cc503598ca152c64f11146277e1ab02549c66c8941f4c0102dc8a5c5a6d829d8b88c59aea", 0x1000}, {&(0x7f0000001840)="c48b25b7cf420eba467e30128f9f0769d62b3d3082447f6cb959f7f92412446c4ef4398a2c2b750005a19a603408156ab55fe07615fa78fb4a0389ade64510248fe91c44578502dfcedb071d83e6f2b530f0a4a90936b9cef7d7c4b9f3c14e07241a5215c65e96af2357010a4a9498c292146d2fbeb475863cf3e0990b98f354e792a29d972ecb08cae18634930040fa083d856b9775cb00310e07c1a9cd7c25fa4c422150bb61baf740a81a0f12985309f16975207ffcc4d1b1e24a86dc380b6f0c4d153c3a2cd66f4408bc232425345c5c4fbcec2a05cc93100fffe58879f9849bd722ed47ce63a200783ba0ff60", 0xef}], 0x8, &(0x7f0000001b00)=[@cred={{0x1c, 0x1, 0x2, {r8, r9, r10}}}], 0x20, 0x22000000}, {&(0x7f0000001b40)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000001bc0)="7294c77863506a06373c8b5fecb5144f7b18ef7b57479a0b8d474f64f9b82f2e0e00207cd88e8e290e03bdad29adb511662a51701ae03b368ee675f906f8f6551c87ab5e72929dc74ecc622b9618fdc4676ef1b0d2287ce0ae734bb0c6fa94a98e94de", 0x63}, {&(0x7f0000001c40)="4218a57c78b732cab10c4c7f2fb323e096d4cdff193ba98c96f78afefe63cb6e796dd5816c83bcd6e024a57054df0b4a704aa557eca43ea2bd463a604727e7c4d8f1b424ecb009c4c6ae674948268bd0fb4b8e9473169fced08fc03a8e215f1e50da15685051d5410a4594f90762ccdd1a6c56a391d84889f9b8e53b874c40c3a9ff9dd3c369ee6b74a75b7c2147ffbaf2a1ba8b0cd97b9f164b1764c57c9a99c33cd09c3b2833f7b0eb1403e7b09c5e45985f8530de3b545154262a13d97c91c9638fed13663c82b6b78822140948c45b41ac02f924a7bae66dde51c355b66552", 0xe1}, {&(0x7f0000001d40)="acda2a3ca3", 0x5}, {&(0x7f0000001d80)="47affe9d16547d222009d295b8a287", 0xf}], 0x4, &(0x7f0000002280)=ANY=[@ANYBLOB="1c0000", @ANYRES32=r11, @ANYRES32=r12, @ANYRES32=r15, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r16, @ANYRES32=r18, @ANYRES32=r19, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r20, @ANYRES32=r21, @ANYRES32=r24, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r25, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r26, @ANYRES32=r27, @ANYRES32=r30, @ANYBLOB='\x00\x00\x00\x00'], 0x98, 0x40}], 0x3, 0x20000880) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r31 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r31) r32 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r32, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x2000015f], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1735.009210][ T26] audit: type=1804 audit(1567610378.104:266): pid=10688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3717/file0/file0" dev="loop2" ino=769 res=1 15:19:38 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x7, 0x265, &(0x7f0000000140)=[{&(0x7f0000000240)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0xfffffffffffffffa}) ptrace$getsig(0x4202, r2, 0x2, &(0x7f00000000c0)) 15:19:38 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000) 15:19:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}) 15:19:38 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0xc}]) 15:19:38 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x2], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:38 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) [ 1735.262792][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1735.280663][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1735.327728][T10693] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1735.365171][ T9855] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF 15:19:38 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x3], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:38 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x38}]) [ 1735.395529][ T9855] FAT-fs (loop2): Filesystem has been set read-only 15:19:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000}) 15:19:38 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000) [ 1735.519239][T10908] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:38 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x4], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:38 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x300}]) [ 1735.705307][T11016] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:38 executing program 2: mkdir(0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x40881, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f00000000c0)={0x0, 0x8, 0x1, 0x62, &(0x7f0000ffc000/0x4000)=nil, 0x40}) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) 15:19:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000}) 15:19:38 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x5], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:38 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x4000) [ 1735.817228][T11130] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1736.043258][ T26] audit: type=1804 audit(1567610379.144:267): pid=11337 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3743/file0/file0" dev="loop3" ino=771 res=1 [ 1736.304244][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1736.320678][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1736.364903][ T26] audit: type=1804 audit(1567610379.464:268): pid=11339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3719/file0/file0" dev="loop2" ino=774 res=1 15:19:39 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x6], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:39 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x500}]) 15:19:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}) 15:19:39 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x0, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f00000001c0)={0x1, 0x7, 0x7fffffff, 0x100000000}) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r2, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 15:19:39 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf58) 15:19:39 executing program 2: mkdir(0x0, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file1\x00', 0x0, 0x4f387cfac5fb91e1}, 0x10) lgetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=@random={'security.', '/procppp0proc,/cgrouplotrusted-ppp0user)O\x00'}, &(0x7f0000000340)=""/4096, 0x1000) setxattr$trusted_overlay_nlink(&(0x7f0000000100)='./file1\x00', &(0x7f00000001c0)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U+', 0x100000000}, 0x28, 0x2) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) openat$ashmem(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ashmem\x00', 0x6873bd6c9d76d2ca, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) [ 1736.494396][T11346] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 1736.528701][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 15:19:39 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x7], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1736.555462][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:39 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x700}]) 15:19:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}) [ 1736.703642][T11558] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:39 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x8], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1736.742284][ T26] audit: type=1804 audit(1567610379.844:269): pid=11564 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3720/file0/file0" dev="sda1" ino=16671 res=1 15:19:39 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x2d}, &(0x7f00000001c0)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000200)={0xffff, 0x8000000000000, 0x2, 0x4, 0x131, 0x9, 0x0, 0x401, r2}, 0x20) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000080)) syz_open_pts(r3, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x105042, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)) r5 = syz_open_pts(r4, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r5, 0x5412, &(0x7f0000000000)={0x7d}) ioctl$KDGETMODE(r5, 0x4b3b, &(0x7f0000000040)) 15:19:39 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0xc00}]) [ 1736.834814][T11568] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:40 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0xa], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1736.881464][ T26] audit: type=1804 audit(1567610379.984:270): pid=11626 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3744/file0/file0" dev="sda1" ino=17981 res=1 15:19:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}) 15:19:40 executing program 3: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x20000, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x56, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000665f0180547f6402000abdaca4a3d342a8f73ffd22f99f3ad331946f2eeea462e1b8046da9b39bcc6ace1f3be2bfdfacd86bf4a943abf078b2320dc8deae00504297c8c9"], &(0x7f00000000c0)={0x1, 0x4, [0x6c7, 0xe2, 0xf2a, 0x54c]}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x208400, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000380)={0x5, 0x4, 0x9}) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) splice(r2, 0x0, r4, 0x0, 0x20000000003, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000100)) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r5, 0x8008af00, &(0x7f0000000740)) ioctl$PERF_EVENT_IOC_DISABLE(r3, 0x2401, 0xa38) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f00000002c0)={0x0, @speck128, 0x0, "06a5fe4307e89fdb"}) creat(&(0x7f0000000340)='./file1\x00', 0x10c) [ 1736.996725][T11678] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:40 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x3800}]) [ 1737.080572][ T26] audit: type=1804 audit(1567610380.174:271): pid=11684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3721/file0/file0" dev="sda1" ino=17990 res=1 15:19:40 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf58) 15:19:40 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x11], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:40 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0xaaaaaaaaaaaae25, &(0x7f0000000140), 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000002, 0x5, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000740)) writev(r2, &(0x7f0000000040), 0x0) socket$netlink(0x10, 0x3, 0xd) ioctl$TIOCLINUX7(0xffffffffffffffff, 0x541c, &(0x7f00000000c0)={0x7, 0x6}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RWRITE(r3, &(0x7f0000000040)={0xb, 0x77, 0x2, 0x9}, 0xb) 15:19:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) [ 1737.172422][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1737.202986][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1737.203069][T11791] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:40 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x4000}]) 15:19:40 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x48], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:40 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x1000000}]) [ 1737.399663][T11817] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 15:19:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000}) 15:19:40 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x4c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1737.570340][ T26] audit: type=1804 audit(1567610380.664:272): pid=12015 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3722/file0" dev="sda1" ino=16577 res=1 15:19:40 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x2000000}]) [ 1737.884208][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1737.898437][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1737.960680][ T26] audit: type=1804 audit(1567610381.054:273): pid=11799 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir245329366/syzkaller.BC5Ddr/3745/file0/file0" dev="loop3" ino=776 res=1 15:19:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 15:19:41 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x60], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:41 executing program 2: mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x80047456, &(0x7f00000000c0)) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f0000000040)) 15:19:41 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x3000000}]) 15:19:41 executing program 0: mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x1, 0x0, 0x369e5d84) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0xf58) 15:19:41 executing program 3: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x0, 0x2) ioctl$KVM_S390_UCAS_MAP(r0, 0x4018ae50, &(0x7f00000001c0)={0x2, 0x80000001}) mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x10000, 0x0) fallocate(r2, 0xda1330ae7529f14a, 0x55b, 0x200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) syz_open_dev$vcsn(&(0x7f0000000400)='/dev/vcs#\x00', 0x5, 0x400000) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x80000) splice(r3, 0x0, r5, 0x0, 0x20000000003, 0x0) pipe(&(0x7f0000000480)={0xffffffffffffffff}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) splice(r6, 0x0, r8, 0x0, 0x20000000003, 0x0) close(r8) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r11 = accept4(r10, 0x0, 0x0, 0x0) splice(r9, 0x0, r11, 0x0, 0x20000000003, 0x0) r12 = accept$nfc_llcp(r0, &(0x7f0000000340), &(0x7f00000002c0)=0xfffffffffffffc7a) getsockopt$sock_int(r12, 0x1, 0x13, &(0x7f0000000580), &(0x7f00000005c0)=0xffffffffffffff22) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000200)) fcntl$addseals(r5, 0x409, 0xa) 15:19:41 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x68], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1738.298528][ T9857] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1738.334476][ T9857] FAT-fs (loop3): Filesystem has been set read-only 15:19:41 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x4000000}]) 15:19:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) 15:19:41 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x6c], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:41 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cuse\x00', 0x82, 0x0) io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x5000000}]) 15:19:41 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x74], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) 15:19:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) 15:19:41 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160, 0x7a], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4a0e2e3bf4e70a37946f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000ff7f0000000000000d000000000000000000"]}, 0x1a8) [ 1738.880521][ T9848] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1738.890761][ T9848] FAT-fs (loop0): Filesystem has been set read-only [ 1738.915450][ T26] audit: type=1804 audit(1567610382.014:274): pid=12187 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir877362425/syzkaller.0gYteh/3723/file0/file0" dev="loop2" ino=779 res=1 [ 1738.951199][T12560] WARNING: CPU: 0 PID: 12560 at mm/filemap.c:220 unaccount_page_cache_page+0x65b/0xda0 [ 1738.960867][T12560] Kernel panic - not syncing: panic_on_warn set ... [ 1738.967461][T12560] CPU: 0 PID: 12560 Comm: syz-executor.2 Not tainted 5.3.0-rc7 #0 [ 1738.975250][T12560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1738.985295][T12560] Call Trace: [ 1738.988587][T12560] dump_stack+0x172/0x1f0 [ 1738.992911][T12560] ? unaccount_page_cache_page+0x620/0xda0 [ 1738.998708][T12560] panic+0x2dc/0x755 [ 1739.002610][T12560] ? add_taint.cold+0x16/0x16 [ 1739.007285][T12560] ? __kasan_check_write+0x14/0x20 [ 1739.012520][T12560] ? __warn.cold+0x5/0x4c [ 1739.016962][T12560] ? unaccount_page_cache_page+0x65b/0xda0 [ 1739.023214][T12560] __warn.cold+0x20/0x4c [ 1739.027454][T12560] ? unaccount_page_cache_page+0x65b/0xda0 [ 1739.033315][T12560] report_bug+0x263/0x2b0 [ 1739.037638][T12560] do_error_trap+0x11b/0x200 [ 1739.042226][T12560] do_invalid_op+0x37/0x50 [ 1739.046743][T12560] ? unaccount_page_cache_page+0x65b/0xda0 [ 1739.052550][T12560] invalid_op+0x23/0x30 [ 1739.056690][T12560] RIP: 0010:unaccount_page_cache_page+0x65b/0xda0 [ 1739.063282][T12560] Code: 00 0f 85 be 06 00 00 49 8b 5d 00 31 ff 48 c1 eb 03 83 e3 01 48 89 de e8 c3 25 e4 ff 48 85 db 0f 84 c0 fb ff ff e8 15 24 e4 ff <0f> 0b 48 b8 00 00 00 00 00 fc ff df 48 8b 55 d0 48 c1 ea 03 80 3c [ 1739.082885][T12560] RSP: 0018:ffff888060b7f9b8 EFLAGS: 00010016 [ 1739.088961][T12560] RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc9000a781000 [ 1739.096924][T12560] RDX: 0000000000001dcb RSI: ffffffff818e513b RDI: 0000000000000007 [ 1739.104883][T12560] RBP: ffff888060b7f9f8 R08: ffff8880584de400 R09: fffff940003f9169 [ 1739.112842][T12560] R10: fffff940003f9168 R11: ffffea0001fc8b47 R12: ffffea0001fc8b40 [ 1739.120798][T12560] R13: ffffea0001fc8b40 R14: ffffea0001fc8b40 R15: ffffea0001fc8b88 [ 1739.128780][T12560] ? unaccount_page_cache_page+0x65b/0xda0 [ 1739.134674][T12560] ? unaccount_page_cache_page+0x65b/0xda0 [ 1739.140482][T12560] delete_from_page_cache_batch+0x1e9/0x1170 [ 1739.146455][T12560] ? delete_from_page_cache+0x270/0x270 [ 1739.151983][T12560] ? unlock_page_memcg+0x2c/0x40 [ 1739.156907][T12560] ? __cancel_dirty_page+0x1f8/0x7f0 [ 1739.162368][T12560] ? __kasan_check_write+0x14/0x20 [ 1739.167468][T12560] truncate_inode_pages_range+0x622/0x1740 [ 1739.173261][T12560] ? generic_error_remove_page+0xc0/0xc0 [ 1739.178886][T12560] ? aa_file_perm+0x432/0xeb0 [ 1739.183555][T12560] ? lock_downgrade+0x920/0x920 [ 1739.188420][T12560] ? common_file_perm+0x238/0x720 [ 1739.193436][T12560] blkdev_fallocate+0x23a/0x410 [ 1739.198272][T12560] ? blkdev_read_iter+0x190/0x190 [ 1739.203290][T12560] vfs_fallocate+0x4aa/0xa50 [ 1739.207866][T12560] ksys_fallocate+0x58/0xa0 [ 1739.212356][T12560] __x64_sys_fallocate+0x97/0xf0 [ 1739.217282][T12560] do_syscall_64+0xfd/0x6a0 [ 1739.221772][T12560] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1739.227903][T12560] RIP: 0033:0x459879 [ 1739.231803][T12560] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1739.252177][T12560] RSP: 002b:00007fd75e4bfc78 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 1739.261895][T12560] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459879 [ 1739.269940][T12560] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 [ 1739.277898][T12560] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1739.285851][T12560] R10: 00000000369e5d84 R11: 0000000000000246 R12: 00007fd75e4c06d4 [ 1739.293805][T12560] R13: 00000000004bffbd R14: 00000000004d1fc0 R15: 00000000ffffffff [ 1740.451831][T12560] Shutting down cpus with NMI [ 1740.458045][T12560] Kernel Offset: disabled [ 1740.462393][T12560] Rebooting in 86400 seconds..