ffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001240)=ANY=[@ANYRES32=r4, @ANYBLOB="5600f0ae2ede5285251f947fb8d227c9ef569fb3c792426fda754ac767ba8235836bd708f599c740002967a3a6af25b0110dd1220ccae87cd9d3abc46920ecabca1e1ba165993cba0f34eccf1030b420528c5c83000000000000000000dd21985064a91d4c57e4183438031889bea149e8c81a6b36ac637e919ad36fb6b2c8909b53be3d11fda7e2783bd7cc8e8663e91ab04684801cb786a57cdee79488f9378290e6bdfec664945ac9bab4a528b11e7727c3a3cb9975c55438fadc3633f54cb6f0b4da9954517e349f5aebeddc10da980ab687fe86305065d81a4a9ce0749a482db10487db457d7dd1df6351072a259f6be72d1bb2b9a2dfeeaaa6077bf482a18df4cd1e51d39adffbbefb8ce1107680a5bb884672b1158eb8033ae9c45a2223cf5f7aa301c165f4cdc6c588c405ba9b4e69e6760048d35e6d63ac58216c372c128bfaee5d8c234b6715975ccbe972fa30af3a2971568ba2c7555a247f52c3"], &(0x7f0000000440)=0x2) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r4, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000080)={r4, 0x1, 0x3f, 0x44, 0x7, 0x8}, &(0x7f00000000c0)=0x14) r5 = socket$unix(0x1, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1758.500005][T13485] FAT-fs (loop4): Can't find a valid FAT filesystem [ 1758.521916][T13492] attempt to access beyond end of device [ 1758.532219][T13470] loop1: rw=0, want=2391, limit=116 [ 1758.551309][T13492] loop3: rw=0, want=2390, limit=116 [ 1758.564023][T13470] attempt to access beyond end of device [ 1758.571886][T13492] attempt to access beyond end of device [ 1758.590512][T13492] loop3: rw=0, want=2391, limit=116 [ 1758.597184][T13470] loop1: rw=0, want=2392, limit=116 [ 1758.604947][T13492] attempt to access beyond end of device [ 1758.657408][T13470] attempt to access beyond end of device [ 1758.693099][T13494] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1758.716714][T13492] loop3: rw=0, want=2392, limit=116 [ 1758.739270][T13506] attempt to access beyond end of device [ 1758.745875][T13470] loop1: rw=0, want=2393, limit=116 [ 1758.752151][T13506] loop5: rw=0, want=2390, limit=116 [ 1758.795027][T13506] attempt to access beyond end of device [ 1758.797226][T13492] attempt to access beyond end of device [ 1758.813159][T13494] FAT-fs (loop5): Filesystem has been set read-only [ 1758.833623][T13492] loop3: rw=0, want=2393, limit=116 12:19:31 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') r4 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r5 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r5, 0x1000000) sendfile(r4, r5, &(0x7f00000000c0)=0xf18001, 0xeefffdef) connect$inet6(0xffffffffffffffff, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1758.845648][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1758.851169][T13506] loop5: rw=0, want=2391, limit=116 [ 1758.863564][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1758.869467][T13495] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1758.879217][T13506] attempt to access beyond end of device [ 1758.887759][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1758.900207][T13506] loop5: rw=0, want=2392, limit=116 [ 1758.911104][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1758.911294][T13495] FAT-fs (loop2): Filesystem has been set read-only [ 1758.921315][T13506] attempt to access beyond end of device [ 1758.940051][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$VIDIOC_ENUMSTD(r5, 0xc0485619, &(0x7f0000000080)={0x2, 0x200000, "b544fa859f55d6c545678ffe75cf6b84124ea2cded04a145", {0x3, 0x5}, 0x5}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) 12:19:31 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x3], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1758.962077][T13520] attempt to access beyond end of device [ 1758.981619][T13506] loop5: rw=0, want=2393, limit=116 [ 1758.996159][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1758.999464][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.005171][T13520] loop2: rw=0, want=2390, limit=116 [ 1759.029917][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.057827][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1759.060217][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.084946][T13520] attempt to access beyond end of device [ 1759.098371][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1759.111909][T13520] loop2: rw=0, want=2391, limit=116 [ 1759.125254][T13523] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.130946][T13520] attempt to access beyond end of device [ 1759.140551][T13520] loop2: rw=0, want=2392, limit=116 [ 1759.140718][T13492] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1759.145816][T13520] attempt to access beyond end of device [ 1759.160848][T13520] loop2: rw=0, want=2393, limit=116 [ 1759.166680][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1759.183792][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1759.192469][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1759.200998][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1759.210194][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.237365][T13523] FAT-fs (loop4): Filesystem has been set read-only [ 1759.263319][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) 12:19:32 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x6, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1759.289477][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.309992][T13523] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.324213][T13543] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.332770][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1759.342968][T13543] FAT-fs (loop1): Filesystem has been set read-only [ 1759.359692][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.367899][T13543] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.391427][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.408826][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1759.439705][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.456392][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.465040][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.471856][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) 12:19:32 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r4 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r4, 0x0) keyctl$restrict_keyring(0x1d, r4, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000001c0)='autogroup\x00') write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x100010, 0xffffffffffffffff, 0xf8027000) socket$pppoe(0x18, 0x1, 0x0) [ 1759.484801][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:19:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss={0x2, 0xe498}, @timestamp, @mss={0x2, 0xfffffffb}, @sack_perm, @window={0x3, 0x65, 0x8}], 0x5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r2}, 0x14) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r3, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x100) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000240)={@mcast1}, 0x14) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000]}) [ 1759.526102][T13506] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1759.532247][T13520] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1759.555215][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.634736][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:19:32 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x6, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1759.701499][T13559] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.709088][T13549] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.722363][T13559] FAT-fs (loop4): Filesystem has been set read-only [ 1759.729143][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.738629][T13559] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:19:32 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r1, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x6, 0x9, 0x2}}, 0x30) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') rt_sigprocmask(0x0, &(0x7f00000000c0), &(0x7f00000001c0), 0x8) connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1759.749356][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.758373][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.767860][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.776905][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.784878][T13549] FAT-fs (loop3): Filesystem has been set read-only [ 1759.792627][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.811776][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.818118][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.823927][T13549] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.837230][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.850390][T13567] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1759.863985][T13532] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:19:32 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r1}, 0x14) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8441308}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0x2334, 0x13, 0x100, 0x70bd29, 0x25dfdbff, {0x11, 0x3, 0x4, 0x2, {0x4e20, 0x4e24, [0x6, 0x3f, 0x1f, 0x80], [0x3, 0xdbcd, 0xffffff80, 0x7fff], r1, [0xfd35, 0x80000001]}, 0x9, 0x3}, [@INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "4ffd6753ce7908aedda354b32e62952d88d8aecf03d8d3aebf24e06122fbc0be13ff3a69bd19aba27a9ec3850ef3f83c42b3d80d9348ae5186d3c038e9b12ccbc821bf6c438452430f2c20edd8a55aedea598c7d17b149e2d2446b0b9fe4c78a63dd3daa31b5262c13e225e1907c0afc54a433108b74156fa5b5b4886d980bea320803f9755e66a93cfac8cdf4f8582cf637d816465c2a71a4d4976233e10f4c61c1c208f64d4ec93bccdc08e18f1c5cd798ac17d5f4150dc31e1b8b2e917f28dbe24e8685afd19485236e50f1ddbb48789bc9f874ac8d302fd33eb050fa8fa73903a883246b3f19a7f56ebe7fcf3e64adb1581ac8878ed14e130f642d2c78f8bc4b2f4be68f24ecbabf723ec0f93c8846bd61aa24fdd713b332760eff17ca989c0a1ed37bde71836323c98077a5d3a5b17a95b02946569fc563ffdb38aafb50788a3960c8e5b7c329b37f0cfd85832a038774cdb5461e2c6d1d3b6be6779eadf1d34c7fce54f42124b5a4d108f2c9c5bddcd94c94743083558196ab7c6ffe26bd8992c147669f9b6bc46d3e23405426afdab9773da1583fcaa26a80d0eb548de8282a631a8bac87e1c8599836b1bead69a08c82da49bc8d449c67c39ac2d4eb8555e563de5de66b5c5aa9c0955082f2bf7fd2ae3a0704aabaf26e457e00eac38d8107bca6bd7fc1bed4bca14d3786b832cffa6b5003c3b96ce809fab26b194499aa12e2c705b5d59d53cff43aac80d0ac84d091ac4dfe9eeb4790b5945d5772c72cd59019e00b9ddf69cf991e8168c7a9865e55c05d8da8c8cf6d983a130c32b4accf76a042c6b95d64c83c7c4fc5b22cb36c07e92afe2660719537962168d2286adb4246bdf5fcd0c2d06acd7ba52785a0a25058a102b4450416c6ccc9b0dcc4f74597663f17aa221806a49f75ab40da9697250af6b7256f2cfd57f04f0c1c476f46fcfb8fe4686cea8f42262bd93ee674a54214636d7ecb4cd3f87dfe3c218aa64abe370076cf6f697ef740a4be288fb96671d8f3cc8c2011e31658a03ab4fbc378480ca1b140a482c0633ed62ce0fb66984d19d02f24955537ef835d84e879f5d7f0b99ecdff8549f1ea89cec8f0dc45c1e7d7dc1378f3b8defe85b9d55bb3fb0a56407de284c25a9881924fa6d00d90244a3da7103b701e192094ad29a1ca510a83c00077349e368dec677978bae30cc798fd2e1315cc6cc8f668f44882fe5bfe52970d17b9e5d2af5631d2a9af908915003f1dd1a82f46d1cf8197134131a3731e2fc92565d70f848e6c9f6e615759a76eddbcdfdc0e21f43e4f9ac524cb13f75f0ac1b9e0d8ee38fbdc74790fa4bb3cfb431abc5285a85676bac5d8cb1233f4739709849233701edcea46c3f9fd63f3df326884cb500515fa673ecb7cb1227aaed7778f38518e500657acc7ea8fb43bb6e965e07ce30f03904e9364150925c9b2d8c55810eceeee6ea1420aed880577b13a752b119ced0d8bad5dba4d46c2a99f45be4770d39d79744e07ac94da86a9445e44289d7630a016817d133351144dcb08bc68ce102cc067571a655c71c5bd5a8784b9e31da8313f5881bd1164f5ef8e9db203b1689c6003a3e8c5f406cfecaba096ac0200768844b3894570db66192ee04bbab012fee0ef51e95fbdc890f9337cbd72ee3544a7bfa278d2220e27d047b1a4763c41d75e718e144df1d7371be08909e819516e26cf1c4546a17a80fd82b938178c14561224f15fec5e6bb5844d159abdca974a37eaa59b2388f143fa591e4913a6e457a9b46f137fa513484785a48e9cfe654ee5405563c90e59d5b13745cece4d6673522abc28d14b8aae68dd164643235dc0e76c6cdd639594d3c4aeb2b1449b7a1ae54d2f6b864a07ac338193114a6881b7b4d11589bca75853cfb6e50f85cc203694deecae5e0e99ea62679c37e0fe24481c43c5db03de5148b676f954843f2d0e93ba0e20719a5725ddc76ab12bf769479ae6bd784479ef10252d28831a6e5c98f71a945959520100b056d6f1872bcf2b1f749d7b8b290fd214ba34f3f11124c2310f391a32b52fd5bfce76c4b942a90acdc665d6964b4dd68ab2eea0c3cdec00c457a2c5f4d72a8f803d9f8ae146d3e52693bb05a01e02ded3b3173b0095d91cd9a38a14fd7be299b2d816fe2621c8d896f94f35374ab80aa852475d6f75ed9e49c2b4cf726ec995d1f452022053f5bde90cef94f3e47f7e2200e69ad877947b9dd1b32fd661f987b2f616367c95a18f154c8cfbe8386c825a0bf8224a9bf7d1be0b7edc734b5c9309b91cc68b69db23c7e27251c36734629d3b2cf448cded12b6be85d0c98be4c8faf1ec2565212c3a9a4018c86eb75d00c52285b221ff95e2bce8ed690c1f00995583715120909ffcae7997a78dab674fcbb8133fc098588f93768f02d7fdefcc2d9b3fedd70fb955028990f72b97ab1f635d807a7521df090d70af2bcb9c1a3a812a489aa3c343744478e0e736d03d44bd61895a3bf345b3d5777d1bc269aefb124f70892935da80db7b1c5c360ba2b2e1637c8c3a67f82649240d9d260f82d4eb325c2f76c0e4136d6607fb70ecefc7188b2d698e34a907e1da6bdbf35e9903cc389aa4656fc2cb66436cd7b8c8a4f3e0d1402add60ec4b4485600ba0fb81b407ff9a9420afeadc12146e48ebcc200dca4f87ea13f2dc2d4e830b449d4d159c40b3817017a58ed47f229be9655d5ea977ada231c0e03b1288caac9e12756490815834cf1ba2b649b4d171aa106572d04f3a93f71d40c733db9b28f5b52695cab667f0f33de4e075d2595292e12846a54326efc32c041e4c1011a9029183bd88e6ce0eac72df6979efcae9f4a5bbad4067aaad6208005b3b8fd9d1393a38d0ed9b945211860a1f642872f30945d13cc3b64642629a4ef80b9015964f1266e06280572736cfe371c6edaffba3e873e50c86d9d31ffc63c1a86a0f2cfbd39b7b7005b7160eaf621ad09b9ddf0cf9f53d6cb7e3739a393e8b9b6ff0586a529a6156ccf7cf664ba639824494ba9756590629064e5c090a0d4e339ec7e3e1b7b562f2021c51a83d08afc53a3d17fe281ccc389c274e5ae8ac212ca63252724a5ee4119f8ee41fc66170515e14c594d77ff8bf9c797b7f6b1274745532aee5f56cf87c896c011f60f9648e164eedeb5de9893305e25c38c12af7963358291b1ec6f140962f4c55e5593eb88c28da18baee8382ab6b812fac07c22562dd34f513a65402c4d9fbcdf3a8fc0ab526805fe4a1879ca6aed312a9de99b3dbb774ca06349e6a5ef533197153a4fb94200cc1e6be8544bf01d29d58aeed7f379ddbc64003ae6636cf7476e240d706204bf662cb10e039d18e125101f515ef4719b8a276a8f14fbb286c9dd014bf67178b4d8e75f54d42b949840ace44cc83a75131e1a6d92df15b637dd3caee20bb99a5c254cda67c7a7d2f86e0dde71090a0a6190b5dc11f987036ccb3c9aa78876f13090a3aef52c5e2e0b8c280b3acb5d6be2065905833ffbe360e9b2e55ee8689c47a99b1167ac3cb115614123c27b21121928a387386cae7865374de4fff76b9ce428f787d6f69ee38610c36206bc68338c7ed8d1e7f04dbdf3b9cd2625076f6d487445a8676a43d57d1180ebadbd8a5dd1c35857a6b3d0496a210f68a536c0c2d4a56f34cd9e1904db9601d8fa0b40c3e229e45a3466b13cdae447dc128dd4a20918181ed441510e4317d763e7c66dff284319b9cfe7bcd23a0985c21593d613b22fd73b26ca795fe8a07ecc81f4f7caddb5ff55657cd9ae17f54ed400ab932a2f519558ce5b3cb2e827a368c978bcbc6a196ef49178232933e3642f7b7ab2e7fb313009a2ed77ce4d105f25545e778c77d5ca49b461fbdb2470468b936f049915677bf97813a4e1a4019a97d888d4d6ca5314e13087de01cb9941dc10261f0291fbaa605ab22f135e03b20ff7ba5a90b418cee5d8e0ff8d257276ea672c9db48cd9e6c86dd1c7e565ea6af47d7a5a9a5b97cb1530200103e7731127248f12692c97a1f0fad712060ce633bee2087c53549681de58d6f11dca39eb95c482ddde656dd8dc826f2d794fd5a4b3fe68aba7e16a427d6ef08ef0bb225257349328d605169d22238a42aa0364976f6d434f5d6052931111cca9cc918fc5b90c3b370896fc21d7a9a16cf6c7fd702dabf42560e69351d03f21c8240a465bb0e93b7d6c2286da6d082e81144e53f2b57e6ffc5e62229bcf2eae9ffe881a119b2bc5c73c556f251f2deff6941bc1548343cdd427a72fd50ec89dc9dccee0b07ca38223310c073d8cb8e86ad66fc977c2d52a20709347d7cc69e1b59bde9aae59887ebb8b3167b7c402271efb094d7db1a5b4888fcae5ef69f869c538df28dfb9ece606a233e6b932c16ce126752896e3a255912b81d02eda5d994f873d4acb33a65da5607c4c1e58c4e7ba872e9d9bf2423cb66a4d3e4fb0dcd02d21231d0bd9cb6dd5e42c3712b9e7b2c60c024c0df014cee0faa96d7e43e603c3acdb12cd3ca62e062402df9760bf3ad185629358cfb44d0f29327b46564e6ade47db1fc992bb80963e88feb2261190300b4bd1ba3387473aa5bf3c409a54b4f0cb1dc41608495483be8e395dc289a80e889f06e6a390139094e244c49a8bf78e1e895a95553ee6f803794c78935a0550b1f4624989f5603e8d4a6b0bcef4dc01aeb9c3f8e34d98122bb1d3517aa9d1a002bc3dcff2b7fffb3350fbb17c260df2336b4fd91110ba5dadf736df578d9d4b693a69b0a832b1ccd0f558d7f9caaf7eaccfb704b719b15823273c30798c8cacad9aff4ac2fdf0ee59794b21f749c464eff9a578031eeff1433433f6ad9294b5831b8e01895425f8218bf74c42d9f8c6bd7f2363228f37281d924b5e692b0809c0931ec1bf4522816aba84ade047a058abbf4e392d42921b64870b47c8c56bd42e2d8fc3c7fb57388798db7c11269080eb2d9e38eed6a02d3fcc5c6e7414976f042fa533835b98b1f401215a7f8f2374900864bfe2eed72c2781042c6e3bf8fe561c098841496457ee96cb1cb7c522395b08502332b562dc611414d803ed85e04ff2bc79775349e6744e4d92702949d0282cddd8ebc88f3c40a2860adf5c2c921df4cfd31ceee4d1f4cddc4597f5577a0a59fae6643a65f2c8e822e590d22575de763789d9e13a31fb7afef8aa5b42288b483958d331a98c1fc1310f342e58bf7e3d77572dc7a77fbc2923adff0757cd84abeb37ee6f5ac83c18352a1dbfbb1f3be6160705881062b9fdb115bc027a8f471b6e42780cea82fda6d8ed72d8022787395b307b5a08fc6892d6cc2498e29d073b39599f25d14b54beab8553d3ecac93273b9e4dadb7aad69d3aa04477d8443a16fce1e9b151bcb4c3a88209aa60a8d7336124642fedf05ea2d76a6ad91a30d965d59c33d1ef92d0dd58f13e57f52d853cb293aa89e0188b9d64bf2cc8ee510e1418c4c2cbe6f864bdac001c1827c27f3f0371690f69242e95671096d6ea3b2b689a150203e6f85b31466fafad46096e7c9374dbc478f34d33e3f1da6cd3c43fa27f1ac761f355e3cecc79928bfb44e4b9083c00d33cecdd1b72ad2542108c2ace069877e8154566f2f88b3b9c42c107fe6c937aa02c3bcd94f02ee4bd2e67def2eadd10c6d04389f62e2aa248bf181a3656213068eb43fc48d8c027374cf2213cb16e5f5b5b4c30ac99746eb95e75a8854cb2adb52e02d75bfafe5f4c9a9a1bb69a6e1d84d5d53d11eba3cb5c71a8d748d8ac370c32bc77496188d9ba030c68156c8e76f64b428769fa903fd"}, @INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0xbe, 0x1, "c597a17ded8e05b1365a16a5aa72fd4e7fbd8c3c437e270b3479c105b8ddb0986081b9f4f8cb7cad3eee660302b80b532b1d55c8fc5304734e0eb6e665bc58f165e0e34c1d69101be9fd63a4e90da17621bf7ef605d13c6fc1be67e015877a431513c92dc5c2371b291e3f4900f7d8f5316420941d42e80fa9123775cba1a133348907083065d1b02d4c0dde0a2f513f07a80f11a330cee167cb4ce5b08dbce88eed885e4713a60438f2962e9f50b052d481cee7ff6bb2fa883e"}, @INET_DIAG_REQ_BYTECODE={0x59, 0x1, "45a888bc686e31183cd3b12088d6a2b0c8618be1a6bc67031cdafe63de79fc2ee37a7b635dbb8b4459b40b9118f30634026d460dbe18a45c355e7e87ff2b3e55e361f391263b48387b2c8c368e66f15d721bd4e047"}, @INET_DIAG_REQ_BYTECODE={0x38, 0x1, "f11f58dbd1f884040ac1861f96d95314d7218429ea21811c5ffe853fb2bf853164e308a338cad2cbe66b0ae962cc124bd5e093ca"}, @INET_DIAG_REQ_BYTECODE={0xa3, 0x1, "f5bcdc4423a501a572c677c1148c0cdb16b37dfb0eeb254f9bd2540317d54ca9ecb527533faf35db43e02e663bd18f38d0f972b0fa3275e55154b69a2e83db69c64c9be77a09546e3e03907e254fdc4ee72af5d313426b1b0fc9a8b027154813955f3688f900c9fc6c21677da7d5f0f0c118936310bc74b3c320a6ddf8614de879ed18e2737eb4e344aff1b2b7ad5ec824ab96b0ede76c6817185f118d9e06"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "bb9a4658b794c105e1badce12b70721a54333cc23508ed294d887980c49c04a508df16bbdbb10d58109d8ae9712a1f4cf3824f7329fa8c3539cc244ffaac219cc3d803e8f8c003ae1dbc90c507967ba7f495190b7f42e1cdcf36bbf1f07cfca58bfc7b524d8fc522f5b3f1a5a7f3365ac84f73a3c146354d50cf8a0221e8f7bd13a302003433d5bc0bcd172699f415b943b1eee6960b4cbb03cee23d43488067e198323e42b9967e7ba1447ae235984a1ef3620fb4244ffc1b55ae8a56ebb33af358f39552debc7a55db0a4ab18955c84200c1d56253cc9d3bf333d9d0c1a59a86881554f7552fe40092b2ba291a65ef5188e33484b799c2c8508e96061261fcd398f924ffa64d99ece61afbe398e43d9b5aeaf6ab8b1590ede0268fdbb4ae6579c1e4b3187bb175e6b6f7ab990070b6c690b5b86ba313983ab659f2ec8d051dafd1fb4ca20d7408989688b09354612c2edccb091dfb2e49bcdbd535213df4fa2ef4c1586162a4d55ff672032a6ba989dc19626db0c0aa99023d6ab21d120f6b4ce8a84f75b9ca39581255aa99fa3b0c9535272cea55b5f21c0a5357d95979471e27ba921e61dd17a26fd8cc9f105acc3cc12bfc6bc4325ce11a97015627593d4cc36528877538dc09f76b610751f99e6043f3c5e956f691c6fec7c07104c904fd1d43a104c98e9d2d74c32d4b81bcd8106bd96a0b9283b3c06a59fe5610946f44bfc6e6c503dce99f1637b88cd925a468eea8c2ccb0ce62e1ff7b7a326b91e40798c70c5e2833ea80dea23e223fc46bd92d840559f67312c2ce2fe4c37c73ee6aa9d565aa1e5ac0f702db05889d7bed8917e813acb39b130eee75e8a13ac11dc67435829ede000f0499bc01a59358482e6bb6f7604e8cf15ed87736a02e10b168f3d53d1fbe19ba368c26dcdc3c5e02ed9c5bd24902ef04067d615057bb97ffe4981e1feced04d2afaccf5bed55006ddd38323ad4ff2ead4e5d60c8499cb5e6c8b814798c30e6270fd2bf3ef58d82228dc067276fbcc389ab94fa8c49ff0f0d42634328f9bf13015fde2561b487be0cb6ec03daad5085926c0fb20775cce99e7042a91c23a210fe5405e43b34ee5bb262a6cf7a0b14fff83e4ea08da4401419fc5b83fba1882b233eec4a2d038733d4e5c86e29602ac66fdeb4b77300c8da4bf3ef827c5a88db74a5758959fe296cc5764ede5a1d44e023108599e117ea9a4f85823be8baf94c88f929ea598086785c77b16ae00eb36eedef2b2898b654f8d209131ecf7211c372a85583113710e4d6421eac40e132575371907f136ae25a0dd4e9e8fddfbe0a879b8f2df5a4b8e8c5dcafa23b1a1b37c0ad84e1f198e24f2f629e90939c78d58ea4c0618b34f22592ff2b26c53a36cae9647a84dd5104f8cf0a350fdce039f61c9b013e9487850ba443698f2e7eaeb22f0bb336febb2dcedd33717e213b8b68270144dc5217cf9925609b3f15e055fef119eb063b638d2ca776c8cf56f043f009f0a9afa8df9edf745df0216d51971af12205adbc32cc8c31f1296a72f2efc8f3e3a1e103f5bda0eab6cc598d0ede3b9bdefe74df6a9398b1853c35a35dfa2d8039483d26ba3d8e033d2d450799895c2e8875a41cc5116a80f53ebec808419eefcc92694bd77bbfd2ff8e1877c5e5248641d739478eabfe4f801883565f3bf24e564c9507b1e5cfe324bdfd95b17bd218761077cf3066d5ae391131401a1b2a3c596a868785f12a7d9b1895f1e2296a33671bf701ba45a48d85d568458353f100768b56611aaf07e56c660759decf3efd99fd51954f1f84ef3c61897c1b828161dcdb0e2354bc9bac1566ab53216a38b685620d26eecdb662de7414cb46c67d0ec3d82afcc8e6afba68ddef3e13b4cc9c9dea36f9a8efac21d8a1181b2d64987ad047676244f0d9421ef50317c37781340395a956d0de5b102d5fe87d2f1edd90a0c339a8cec546fa5754b740b85df36bcedad6e166ce578b5fc128e690c4ac9a1ad2a2a7a3f9e5504963681ef3cfb07ca384056a13b2c6b2c1810a7300a059c9fbcb303870fa70759d5f72a09a405f03d3ef2dadf14b35556660a6b78efd03cc426069f756a8c34d60a4f13ff389091a6782023cdb7ec33490b9e80702a59c1288ea2d2e119f1ce6ab31154a78dba76291f59ec04374bddbcf5564e717e857d98cc7f2f64e37e4609fdf9da49753422fe6bdcca705a3ecfe4aa5fa48ccf7f8dc76e6ee4219135fb68d043a4e0110b0e28847b57b00c1b5baf077bad0780ad0689ddb7ebe7eb393ef8b67cf96cae094a42d0646239012cd0db39d173fa32b9f8379dfe7c0266a04bbac6c74c9d32e0ff67ca7ff9d36fb6dbcc226aba783a966e3157d83b67f4543b47b812f7a7dabb6cfa0c88ed574302bd779b3d65a0dbbc2931e8487fa27b49d7c7f1b0f19513b3b38c76fab9acb08abf6b2d202cf9bc7c0994b1115e8eb7f4f7282ab683f40ea2c8b41e67c2f08c029b88c1e6df9819278d5acd0cedab89b50c2c2a930aded272bdeeac132bbd910ee9cfe2f8774866b29fdaf26fc4fa61358e299ccea1562e901cde90397225d24e61e72d01fb8bfc28f9c996c45519830218717e097dc71372a5ff86de8a887bda1e58bf64abea2f311266ddea8d02b07a72120f8d1989fb6076965ef71cedd03a3d05114e4eb194b41707f3c299adf2cbfe3735ef039aadbe125e68606d68edccde230c138ba8f503dd2cea6a3c783e6b6d59ab165bf5c504503cd4c772ca52b671b55949c5ddf16258617082ad2c54e7249cd7dcb99d28fefc529c7da58d883c4cadc68983f372fccdcfb011779601103034b6912bb2c8e338e7422f27cb7420bae34ab92f804ed85475de48e2028ee10721cf43d60c8310e1c5ab23be28c7e4e1244cd1c314d47f127a91bfaa2b64a868bfc71d022b4e56efcedddd4ed9bdb68be423f83781366b5442e53faedcb207147c363101342c9ddf61f9ca920cf5b64b141ffe79a820d4ab24a269cfa47a3a44d16a141c3994956a21b0b9fec44e8e3767784e0e881f78f933058e6bf06c16442b0efb87c3e5c7a272e4be32f3ecc2a09896ea6bd30a2b8580bd4c91fe9ed925be76b0f3acb3f32c61a8422a48939a0a74d5481ddc92cb8e3de4c0af6e0391bf283252b663d73ba528c5d2bbae5935b26e6e4bc6ec5711268a5118801c3dc3f713751316b6e46254884fb9f4e75cdcec52af61196659271490cf8d872c2fbf78730642510a4babc250fecb9035053c68a26f24e4a1c8bc52ca0e1ac639629fbcd2d54e66e6c897fb99654b6c5ab6240385eff406bea757eba0d03c5bf6dea4eea6aaa7fc4633ff1f72aaa8203aef5d8fd65305d91a5ba9f89c7ed7762bc201e275b72acd5c1aeec34747de2760b3640a37d9e16c72ec24705c9175a45ff9dcb7c42619a43d282c57996c77b43e3ece0d613d0a8783ecef91494739d7c5f5f5441e9204a18f45a02b1c6f47c50dc8bd31d523229b22ddc669fa4c2544eac305bc1a01eed2194d0951dd24f1ae7f9830a6d07681044b27fe43a8eb5f80be6a477cf84d71d664aa696f8efabe716dd90bf7032700cc1bbab19f4ef28c322342ca368778fb66de6aa963e9683247d9e29164d1bccc10526c940d32d39bf7f51c29c9307f18b21d90b51eff37b3a84e65bf4d836c6931e9d39667bbbaece17d7ae658ba171ba6df91e03f2dc007f7d0278998296fca383b2e8864fdcb9caaaf2bf67f4f1a39126c3b4d7f93b03cf04e00a3362f478a3fa1cb3d595506e1f98c091c23d144dc0cbac9cbf34e29d05f620675b0dbcc6daada988c6f3cd90b546635434a33924e4ea421bc418b13e946dd8c4119540d1bacd263e0d4dd762eec4f481d8e9be93f5c3fb837e81aa44ae99378fa6d24680076e192464c675b90f20a95ec6ba5cbfe44fa12da7138572e537d711ae003e2b944d0903ffa2ccb8cbd10470eba6db42aad701ee71337812cc4c5cd4d3f1bdf96d7f999e8e758ba07904b7ba1c9a724733fe79e11ccc3158f4a513ade88377c4605092ec74f7007b7dfd6125cc2c2967310165c381ea765afc44e4a5748f82b3071f006b670feab5734278faffc9e6bc0c473e6f0e963c96bc1bfeb8498ee740edaeb188e078dbe866662edcd760b7dbe610839b6c6cea0734cbfa01c9203c55b9ab402b57cd38a85d72e16e52c6b83c8b3ded9b80f19e4f93633c3c529ad497b58aa5e1a58c0528a0508ef6eb6c07eda67b7b127381cab9d9f9fa35245588d45a2385438947990589ad36020ce833e0c4daf1de9dfa8ef0fdf20d8a34d98a0438231d9a413b8723ef45962b529720894389a80cb4c5974909a75cd78e3dd904f4d7b3678d16f6cd60787cb796730faa1b01502fbc61c5a5887388c1272302838ce67e5d1bab822a64db498a7d6d5b952babf729e563a3e7925a8e2095fe9c3528edad7eb77012397d3170880eec1f3820eeca96aafd930f33116b8f471b96a8c133117e433bcffb160dde9b4b50807361c7b90377d4f4156d4cc122b40d264af98449e917281ab81e0c7a608d6a92f6c2b3c9431e33ceb7255feb7af1e8c35bbf3d2674eb5caa69fa8522a331443d66bd783e7cdbe18fd52c815ac159dfe4aae7c22f50a7c3f0ea529a8abc7239a3499f07c045776be49efcaa159210c8ae0e8e6d63b8d26a8b43376047412d6efe6eee7b3fe2b2f27a1b91c709a8c19369da5669c7b5598c28850efe2934c14dd0cec7f05b31e8385aa4679708228adcf417193425b5f5321ad4c632d14e7c84e3e7d22d132571a11e67613becf88abb98f0e334aef7ccb21c6eb996cb79c77140460c29db1eb23082df85d9064379cce58db8ba8d580b359e0d13eacb872aba62caa63b142d4b7594c4a02abbc61ec315e0c4f4b42efa77507113ce728e4fde75584c5e47cad48d8217fc03b2eeef0f1d9916c21e315209e841f99e59eb44d7a5cfa3fead340a27f36684f93e6b3118842b146f011ef4b6c9f53b5a5e322210bbcbba6b5e9cbc91cb25b64d9b53ddae8e5cf4e0321713af144211dd186758c804394b7c09e3aa70ba1fa6739c9adc0206b3f8935ce46eb81b1a6c1fbef414c8800f56d27b3a372446017f08334d8a49222bf14d33e479813ee4529d99140bbdbcb8f10b13c3af832217c7d4bc062807891b0aefc75560f8c40dacf8673f8faa44dc798b4063bc63fc2515156e59b7a076351ec0906935a8fee35702919cb78977008f09e949bad0db27809babf3aa2c3defb025982fd9cd9ff89feab438347a58408cbb1d99919d5fe2cca2ef088cec139e45f9ddff3be6c700496d8bc0da0f483e88e158c82ee6181b52652da106db7f6703b47cf070da23097462948abcb18be6f2ce7378f3e8cc3642fd7d1340485bb450045576c4d74ae93130ad28be6fa55110bd23504ae1673aa1fd580a501b24c47772f0f54054d9b5a5c817cede1969c32c371038c6fe8e479cc6e017d4f97368d2852323fe280f999b09c5a6862d92c132b293ab505e203b8e6830a9dcbacb4a2654c4e52e3bc65a780e15ea752676789749d27a48da1355d4b6a028d3f8859b4640419af0e5e80a243e4a2fa6876f3e257af279a2904d657a5f251b78aba19034b5bedf7bd4a4a15952ea28778e14101cc44a0ad0f73501348be23ff4cd6a3c743ab3e94cae0b1879971bb779cd3220c821188f2fbec54dd94fb1058cc09c01f9153a64fecdf32c061eed575b69a526a217e2c766059ec4333029b34dd1924fdaa7fc6df04359e005b58bccf1b5a1a71397cf290347ef47ece31f9d38dc"}, @INET_DIAG_REQ_BYTECODE={0x7a, 0x1, "5a332261d8fbe89ce1f5ebc7c225a7fb1c33bb5eaee33449e663447e332d5605ee8ff4c9a2faf902288fc52ed33121e0b5c94dc5e6375da355158a86a165c9a65b65a03218a6cf8872e1f417c730386e56e85a6cce15a9f2ed7bda6f0cf42e403363f5807592abb5f05408db6dc17b78bf37e7681358"}, @INET_DIAG_REQ_BYTECODE={0x65, 0x1, "8b585e6bfbe174a003147330d93564929c48786e639eec6c751559122f00a91e00e419aa029504e1f99bcb72ea39a9e4c7b59e6f4d48d4212ee7f1d258ef0351e0588b4d382ea11d4f6aeb688f03c02b0be35ff434d9f473c7b21298849958554b"}]}, 0x2334}, 0x1, 0x0, 0x0, 0x10}, 0xd5) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:19:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r3, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$sock_inet6_tcp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000280)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x80000000) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x100, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r6, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c000000110a010200000000000000000a00000108000340000000070900010073797a300000000008000340000000030900020073797a51000000000900020073797a320000020073797a32000000706518554000000008"], 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x4805) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80d0]}) 12:19:33 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r1, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x6, 0x9, 0x2}}, 0x30) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') rt_sigprocmask(0x0, &(0x7f00000000c0), &(0x7f00000001c0), 0x8) connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:19:33 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16, 0x8}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x20, @ipv4={[], [], @remote}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) r5 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r5, 0x4, 0x47800) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000001c0)={0x3}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f00000000c0)=@v2={0x2, @aes128, 0x8, [], "d60a70e607eb5487cc2a1a3dd1e24ae1"}) [ 1760.416007][T13604] FAT-fs (loop4): invalid media value (0x04) [ 1760.429797][T13604] FAT-fs (loop4): Can't find a valid FAT filesystem 12:19:33 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x4], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:33 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r5}, 0x14) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r6, 0x0, 0x10, &(0x7f0000000080)={{{@in=@empty, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@multicast1}}, &(0x7f0000000180)=0xe8) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x114, 0x0, 0x10, 0x70bd26, 0x25dfdbff, {}, [@ETHTOOL_A_LINKSTATE_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_LINKSTATE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKSTATE_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_LINKSTATE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKSTATE_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x40}, 0x40080) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) 12:19:33 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f00000000c0)={0x4000, 0x10000, 0x80, 0x0, 0x4}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1760.711869][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.723618][T13615] FAT-fs (loop1): Filesystem has been set read-only [ 1760.730653][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.741660][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.750712][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.759764][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.769243][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.778571][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.788362][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.797345][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.806237][T13615] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.860038][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.868761][T13632] FAT-fs (loop4): Filesystem has been set read-only [ 1760.875460][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.886878][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.895888][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.904892][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.913684][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.922381][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.932559][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.941418][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1760.951012][T13632] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:19:34 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x5], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:34 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$TUNGETVNETHDRSZ(r5, 0x800454d7, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000001c0)={0x0, 0x4, [0x7f, 0x75d, 0x3ff, 0x5, 0x81], 0xf285}) 12:19:34 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f00000000c0)={0x4000, 0x10000, 0x80, 0x0, 0x4}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:34 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1761.359891][T13657] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1761.360902][T13656] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1761.392682][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1761.399210][T13657] FAT-fs (loop1): Filesystem has been set read-only [ 1761.403427][T13655] FAT-fs (loop3): Filesystem has been set read-only [ 1761.424078][T13667] attempt to access beyond end of device [ 1761.430087][T13668] attempt to access beyond end of device [ 1761.435765][T13668] loop1: rw=0, want=2390, limit=116 [ 1761.450737][T13655] attempt to access beyond end of device [ 1761.450902][T13656] FAT-fs (loop4): Filesystem has been set read-only [ 1761.457383][T13655] loop3: rw=0, want=2390, limit=116 [ 1761.471871][T13668] buffer_io_error: 65 callbacks suppressed [ 1761.471957][T13668] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1761.491242][T13667] loop4: rw=0, want=2390, limit=116 [ 1761.502837][T13655] Buffer I/O error on dev loop3, logical block 2389, async page read [ 1761.514945][T13667] Buffer I/O error on dev loop4, logical block 2389, async page read [ 1761.524560][T13655] attempt to access beyond end of device [ 1761.536527][T13668] attempt to access beyond end of device [ 1761.543351][T13667] attempt to access beyond end of device [ 1761.561180][T13655] loop3: rw=0, want=2391, limit=116 [ 1761.570038][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1761.571285][T13668] loop1: rw=0, want=2391, limit=116 [ 1761.584517][T13663] FAT-fs (loop2): Filesystem has been set read-only [ 1761.588580][T13667] loop4: rw=0, want=2391, limit=116 [ 1761.600927][T13655] Buffer I/O error on dev loop3, logical block 2390, async page read [ 1761.618874][T13668] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1761.619362][T13663] attempt to access beyond end of device [ 1761.632548][T13667] Buffer I/O error on dev loop4, logical block 2390, async page read [ 1761.644172][T13655] attempt to access beyond end of device [ 1761.656484][T13668] attempt to access beyond end of device [ 1761.657529][T13663] loop2: rw=0, want=2390, limit=116 [ 1761.665547][T13667] attempt to access beyond end of device [ 1761.677290][T13655] loop3: rw=0, want=2392, limit=116 [ 1761.685040][T13667] loop4: rw=0, want=2392, limit=116 [ 1761.693918][T13668] loop1: rw=0, want=2392, limit=116 [ 1761.700744][T13663] Buffer I/O error on dev loop2, logical block 2389, async page read [ 1761.703994][T13655] Buffer I/O error on dev loop3, logical block 2391, async page read [ 1761.723084][T13667] Buffer I/O error on dev loop4, logical block 2391, async page read [ 1761.731899][T13668] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1761.738724][T13663] attempt to access beyond end of device [ 1761.751611][T13667] attempt to access beyond end of device [ 1761.752588][T13663] loop2: rw=0, want=2391, limit=116 [ 1761.761537][T13668] attempt to access beyond end of device [ 1761.772493][T13655] attempt to access beyond end of device [ 1761.776075][T13663] attempt to access beyond end of device [ 1761.784901][T13667] loop4: rw=0, want=2393, limit=116 [ 1761.792706][T13668] loop1: rw=0, want=2393, limit=116 [ 1761.801579][T13663] loop2: rw=0, want=2392, limit=116 [ 1761.801860][T13655] loop3: rw=0, want=2393, limit=116 [ 1761.815476][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1761.819143][T13663] attempt to access beyond end of device [ 1761.829132][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1761.839924][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1761.851414][T13663] loop2: rw=0, want=2393, limit=116 [ 1761.855107][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1761.869142][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1761.870172][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1761.888250][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1761.895575][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1761.897245][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1761.922794][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1761.922843][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1761.942344][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1761.944141][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1761.961326][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1761.967850][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1761.981842][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1761.993643][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1761.995490][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1762.006053][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1762.017338][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1762.029526][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.038181][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1762.047900][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1762.053282][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1762.063507][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.079295][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1762.081609][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1762.102914][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.115084][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1762.132117][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1762.142322][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.149346][T13667] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1762.153727][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1762.162237][T13655] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1762.179386][T13663] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.200895][T13668] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:35 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f00000000c0)={0x4000, 0x10000, 0x80, 0x0, 0x4}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:35 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x6, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:35 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x6], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:35 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r1 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r1, 0x1000000) sendfile(r0, r1, &(0x7f00000000c0)=0xf18001, 0xeefffdef) fchdir(0xffffffffffffffff) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) setregid(0x0, 0x0) r5 = gettid() setresgid(0x0, 0x0, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000380)=0xc) r7 = getgid() sendmsg$netlink(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbfb, 0x20000000}, 0xc, &(0x7f0000000300)=[{&(0x7f0000001440)={0x254, 0x1c, 0x300, 0x70bd28, 0x25dfdbfe, "", [@nested={0x188, 0x2f, 0x0, 0x1, [@generic="0dec0172aac539233c81e32c3ad9cc8e157384884727ea4dfd229cfb82ad50d678f7e207280e408af8940902debf33ed0d42590f8c5fb0bcb5ebe89b1f7cd74823dc0b3037c232e89b6bd96d8e74edbc9c3869812ce98b37250f9338d7f04af755f897a03cff8b37006e2bdf47357d76c049db7868acd124b69b74b21c373e706287552693ebee3136f64d046facdd2fe15a880adbdb998f2fbf", @typed={0x8, 0x3c, 0x0, 0x0, @uid}, @generic="4306ea98d8d2d0beb09c63605ff719068a6814d955d62249c7ccf77f08d5482eb3635f1de6f5a14673ce4882909caf884e82e454883120f95010a76ced4eea3589c7bef79730dee25bf51edae4f115e9a6506f8f61c48931c03e8a25b6ecfb4eef0d93ae961277e7491ba6", @generic="0bc9ebee189c5ca5dca7a97393a9f4c59598441503f70d70847976eac0f071b22954bb1dc775d4a9dec9dce475e376dff8870075df0b57c1b5580f8bf7f2799bd2469ef541d3fe435ac6e1e91a3d691f2a157c8380caa69643c8", @generic="bde1074a2750dcb6b53f9e17c71dac492de348046fce6c9c7365ca1131"]}, @typed={0x8, 0x5, 0x0, 0x0, @uid}, @typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x14, 0x87, 0x0, 0x0, @ipv6=@mcast2}, @generic="b1fa39cb5fb089db7ae5d149759f614996d933cd5e02ef418f8372cf97e462c3bf84eac10328bdf0983cc8442d23f3b1891bfa58202c699e7d045545af76c1000e667098d39f6a7700e74d289a3f9b6a15695233158dee971bece8b2f539ed6c6d6910c350b3ebeb45a314f78af17374648a278a2b55c0bab5c400455f44e29861ea90ec2f1ff7a70f4b2cee1e01a26ff6b0c264939c921f"]}, 0x254}, {&(0x7f00000016c0)={0x248, 0x1a, 0x100, 0x70bd26, 0x25dfdbfb, "", [@nested={0x163, 0x52, 0x0, 0x1, [@typed={0x14, 0x44, 0x0, 0x0, @ipv6=@loopback}, @generic="5e5e402248db411d6890afbd0cff680bd95191e85e55cd36698aca40587806f545271d55eb169d25e74291af6d", @typed={0xd, 0x59, 0x0, 0x0, @str='/dev/kvm\x00'}, @generic="46d1ae15e8bec70f17d54ec9f007d0db6897e6ae44d5692ffd661899f8264b3ee30131aa", @typed={0xc, 0x1a, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x93, 0x0, 0x0, @u64=0x7}, @typed={0x89, 0x94, 0x0, 0x0, @binary="4b4e71640daffcd20d7741f2bb7d4d3a358267996b7f1e599f131492da842bb4d548b04bc97c89092466dbf9ef77c525572a9458abd6d916afeb4be5544ab816f89d53de282b53d1771cfd74ec60b8e1dd4c3ba83d292f5159ede97c15c57e8000c32eabcb7ceab70706d9afb9cb12ec8cdbf05d390f84d9839bcac4bb86cb91f3a2508a4e"}, @generic="828edd6735073d4022d17ba559730bd3708c4f1bd6af4e085a60d7e01e1e3bfb9ed138d33d664c1f77867d4259eeb3f0f30dda469cb7138f5c36376759b69a82750e79c2e8bf"]}, @generic="eeaf0cf5218f6d445ec7175db0f850602269ca54e3f0e1ef272e1b06087871fd57386051839528c708120ff242c42e6cadcb2da8d527658bf5cfe228a4316bb1ec139cfab4c15361b0fef506525b6e", @typed={0xc, 0x56, 0x0, 0x0, @u64=0x6}, @generic="313f9eed8726659004f17f75448eafd3990def8a53800d07a5123db841699308e527e199a54e4ab64c6b8ddc1a3d9f90fe749fb6f2f5644d5636f6d2ab71bdcadaf4190ff485edc6804a682e7b8093e7f6b2d9886e00ea5313eee21f8645f0f5b2c0f99f0f74b5bd3102", @typed={0xc, 0x58, 0x0, 0x0, @u64=0x100000001}]}, 0x248}, {&(0x7f0000001940)={0x210, 0x13, 0x300, 0x70bd27, 0x25dfdbff, "", [@typed={0x8, 0x1e, 0x0, 0x0, @fd}, @typed={0xd, 0x1e, 0x0, 0x0, @str='/dev/kvm\x00'}, @nested={0x88, 0x6b, 0x0, 0x1, [@generic="251ca5034ef01c2eea1ad94d0ed9c024db008b3e838319f798ddf741f38db6916c7a9a9aaf522c36f2da0d9244b22f9f51c2d1dc1844a765353bd24f6e7863eca56be59f8e5665d66b96eb184b802f5e60c1146f2907928ec385a274d6a2f27214550e10c6b8aa85c4", @generic="cf28b6e421cc8ae67c2d52326b829f548c3aa5b016d3c000f6114d"]}, @generic="1f1a467256237fde66cb783b416aef800c54c87b3e42b497a34265e11279db7c5baf5dfa5a314f38586416c28dc2efe20405c19b2cb50a4de6312c6d5e6a2fb897ac8e4f734daa39acc6bf1b56614c04f3206ec071917edeede15691f18c018cff90eda8027f77", @nested={0x3c, 0x6, 0x0, 0x1, [@typed={0x8, 0x33, 0x0, 0x0, @u32=0x7}, @typed={0x2d, 0x9, 0x0, 0x0, @str='\xc4,locgroupkeyring-posix_acl_access!bdev\'\x00'}]}, @typed={0xb, 0x53, 0x0, 0x0, @str='vmnet1\x00'}, @generic="e96b935df42a5a7371228e2dc23a57b068b529109844b8ca96a47f07fb2463b35f4717c42519c42e083f90746630b57d2e09742abdbbea9e4f55ff7cb3a9987b7ef5583f4165ccaf1f37f1cc680e8e3a65862accbe708e13f9dbb9f6841d2bab278cc2ac1f29c712fbc987374c8cd7e9628b6144b5e447525bf892fe617b0ab10b20866e5fb4a65e2dd8b8a2c82bcc93bd72f4ded04cef47335da39117c4cfe294178a909c7542", @typed={0x8, 0x24, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x31}}]}, 0x210}, {&(0x7f0000001b80)={0x2a4, 0x2b, 0x300, 0x70bd2a, 0x25dfdbfb, "", [@nested={0x286, 0x3e, 0x0, 0x1, [@typed={0x14, 0x83, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, [], 0x1}}, @generic="b4d3953000f56645f25af2a4880a19b72ef41d920445e16cceea7f4e72aecdb145534e4845ad6a0426fa4936103f1ab64d509aa53a55a909d7486380ca106c8dabd81bb36adbc498361fd643bb3b9f0b090e6fe715e1708bc1952a10e04c61f670a01cfeea299fa3606201274feac9bd3dc8b16f8a01de7b47dfac33c8536eb47ade0955e42ab6d0ef8af8682eb893f573c9c16b5ddbc5d57ece", @generic="fc37802ff645cfffdde45edca1b8c272a05729ba0635c4a690650df8249fb71c22f6194356231fe55d61954c824d774a981aef75f503d4adeff4b39c4574ccef686b911cc1ac7d060743daa7665854c94a337197621fb20a40d22460c2b9734a585b7f1ed58636993f3d9be73e2d76ef5d53394d7000190149d31cad0aade248e6080bb9", @typed={0x8, 0x73, 0x0, 0x0, @fd}, @typed={0xd4, 0x1b, 0x0, 0x0, @binary="bb85eb5c68cf2b41010d9a3ba4cf02b52685caff233f1b000e88898adee09fea1ba414a37f54141bcb52fee7658330ed5748312000c8a1e1f3dfcbfe63fe5419faf377226a78288f5bd0baae41bad44deee42ab08eff268393c7c595f759024122d12729c401c4f08ba0caff86b241dce1a20b2f0d6becedb99b3fff270bc1d28e12679ace6eb9d237c323d915f1ef757a199e231bd708d3a4ea4b7a3159509238878575380b6f75da96f0d2545b54cc9e6a363def5447cc850e2288e82283a4394b0ed3bd1a1316e0d7a7716d25e795"}, @generic="a90f69f648bc3b87a5819d35ec0b0b53ef56d9477227cdd6fd9a04c4ca1e606bcb3a27a7fdba3c8a3c63a75f66f3648de38f00d730c7611db9a67b97a07f482563a33bb9853e05ae8ba08e9cd1dad31d7e6ccead4d9ac1f3934c367d9a849de16911f15a37b7f83246166715", @typed={0x8, 0x1b, 0x0, 0x0, @fd}]}, @typed={0xc, 0x28, 0x0, 0x0, @u64=0xfffffffffffffffc}]}, 0x2a4}, {&(0x7f0000000240)={0xa8, 0x25, 0x300, 0x70bd2c, 0x25dfdbfb, "", [@generic="53185682404854b1f8cbd79529e6a2f318378c40e8d91f4f484b415a714db971eb33bd0e0670b7a3fd63fd2acc91954ee264953284d7a2cbedfbf02afbeece1aa59cba57ebb4ecfabcc6abb4b65e18241ba4ee015d78588ad374a8461ebe22acb8bbdb0cc7ba04e756292ac6e01cb73000311d49500e92a724e2b5f2d9eeb6996496b3f3e9e5f6d3091db3a5", @typed={0xc, 0x49, 0x0, 0x0, @str='{cpuset\x00'}]}, 0xa8}], 0x5, &(0x7f0000001e40)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r4, r3, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r1, 0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, r4]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r5, r6, r7}}}], 0xd0, 0xd504f3413e739155}, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58bb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) [ 1762.630950][T13685] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1762.647798][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.655706][T13692] FAT-fs (loop2): Filesystem has been set read-only [ 1762.660443][T13685] FAT-fs (loop3): Filesystem has been set read-only [ 1762.668662][T13692] attempt to access beyond end of device [ 1762.675303][T13692] loop2: rw=0, want=2390, limit=116 [ 1762.681246][T13692] attempt to access beyond end of device [ 1762.688520][T13692] loop2: rw=0, want=2391, limit=116 [ 1762.694474][T13692] attempt to access beyond end of device [ 1762.700963][T13692] loop2: rw=0, want=2392, limit=116 [ 1762.706948][T13692] attempt to access beyond end of device [ 1762.712803][T13692] loop2: rw=0, want=2393, limit=116 [ 1762.719374][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.727869][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.736352][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.744403][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.744966][T13707] attempt to access beyond end of device [ 1762.752519][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.766698][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.774571][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.782715][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.790643][T13692] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1762.799377][T13708] attempt to access beyond end of device [ 1762.840225][T13708] loop2: rw=0, want=2390, limit=116 [ 1762.897858][T13708] attempt to access beyond end of device [ 1762.922517][T13707] loop3: rw=0, want=2390, limit=116 [ 1762.956121][T13708] loop2: rw=0, want=2391, limit=116 [ 1762.961783][T13707] attempt to access beyond end of device [ 1762.985837][T13708] attempt to access beyond end of device [ 1762.991636][T13708] loop2: rw=0, want=2392, limit=116 12:19:36 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x7], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1763.006104][T13707] loop3: rw=0, want=2391, limit=116 [ 1763.016039][T13707] attempt to access beyond end of device [ 1763.021721][T13707] loop3: rw=0, want=2392, limit=116 [ 1763.046016][T13708] attempt to access beyond end of device [ 1763.051744][T13708] loop2: rw=0, want=2393, limit=116 [ 1763.075832][T13707] attempt to access beyond end of device [ 1763.081937][T13707] loop3: rw=0, want=2393, limit=116 [ 1763.125849][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.133736][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:36 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x6], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:36 executing program 0: write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000240)={0x7, 0x5, 0x4, 0x40050001, 0x10000, {0x0, 0x7530}, {0x1, 0x0, 0x87, 0x5, 0x6, 0x7f, "1951e2b8"}, 0x5, 0x2, @planes=&(0x7f00000000c0)={0x1, 0xd29, @mem_offset=0x2, 0x40}, 0x5a55, 0x0, 0xffffffffffffffff}) accept4$x25(r0, &(0x7f0000000100), &(0x7f0000000180)=0x12, 0x800) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)={0x7fff}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff4bb]}) [ 1763.188342][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.235827][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.243692][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.265863][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.273718][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.292606][T13722] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.305831][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.313758][T13707] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:36 executing program 3: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f00000000c0)={0x4000, 0x10000, 0x80, 0x0, 0x4}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1763.353852][T13729] attempt to access beyond end of device [ 1763.375827][T13722] FAT-fs (loop1): Filesystem has been set read-only [ 1763.397111][T13729] loop1: rw=0, want=2390, limit=116 12:19:36 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f000000c000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x81f50000) ioctl$USBDEVFS_DISCARDURB(r0, 0x550b, &(0x7f00000000c0)=0xb3) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1763.445668][T13729] attempt to access beyond end of device [ 1763.477129][T13729] loop1: rw=0, want=2391, limit=116 [ 1763.495282][T13729] attempt to access beyond end of device [ 1763.501645][T13729] loop1: rw=0, want=2392, limit=116 [ 1763.530609][T13729] attempt to access beyond end of device [ 1763.538250][T13729] loop1: rw=0, want=2393, limit=116 [ 1763.543745][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.552204][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.560520][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.569534][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.578095][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.587868][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.597315][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.605277][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.618847][T13729] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1763.627709][T13731] attempt to access beyond end of device [ 1763.635325][T13731] loop1: rw=0, want=2390, limit=116 12:19:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) [ 1763.714773][T13731] attempt to access beyond end of device [ 1763.730076][T13750] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1763.766248][T13750] FAT-fs (loop4): Filesystem has been set read-only [ 1763.774398][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1763.783168][T13731] loop1: rw=0, want=2391, limit=116 [ 1763.805800][T13733] FAT-fs (loop2): Filesystem has been set read-only [ 1763.824305][T13731] attempt to access beyond end of device [ 1763.839363][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1763.859901][T13733] attempt to access beyond end of device [ 1763.865642][T13733] loop2: rw=0, want=2390, limit=116 [ 1763.871820][T13748] FAT-fs (loop3): Filesystem has been set read-only [ 1763.880487][T13731] loop1: rw=0, want=2392, limit=116 12:19:36 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r6 = accept4$rose(r5, &(0x7f00000000c0)=@short={0xb, @dev, @remote, 0x1, @null}, &(0x7f00000001c0)=0x1c, 0x80000) ioctl$sock_rose_SIOCADDRT(r6, 0x890b, &(0x7f00000002c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x80, @bcast, @rose={'rose', 0x0}, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null]}) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1763.925589][T13731] attempt to access beyond end of device [ 1763.943080][T13748] attempt to access beyond end of device [ 1763.956055][T13733] attempt to access beyond end of device [ 1763.958223][T13731] loop1: rw=0, want=2393, limit=116 [ 1763.985149][T13733] loop2: rw=0, want=2391, limit=116 [ 1763.985806][T13748] loop3: rw=0, want=2390, limit=116 [ 1764.003865][T13733] attempt to access beyond end of device [ 1764.015799][T13748] attempt to access beyond end of device [ 1764.028830][T13733] loop2: rw=0, want=2392, limit=116 [ 1764.048937][T13748] loop3: rw=0, want=2391, limit=116 [ 1764.052503][T13733] attempt to access beyond end of device [ 1764.054464][T13748] attempt to access beyond end of device [ 1764.054480][T13748] loop3: rw=0, want=2392, limit=116 [ 1764.054504][T13748] attempt to access beyond end of device [ 1764.093378][T13733] loop2: rw=0, want=2393, limit=116 12:19:37 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xa], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1764.120888][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.133217][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.141297][T13769] FAT-fs (loop4): Filesystem has been set read-only [ 1764.149962][T13769] attempt to access beyond end of device [ 1764.163047][T13769] loop4: rw=0, want=2390, limit=116 [ 1764.169255][T13769] attempt to access beyond end of device [ 1764.175076][T13769] loop4: rw=0, want=2391, limit=116 [ 1764.180699][T13769] attempt to access beyond end of device [ 1764.186914][T13769] loop4: rw=0, want=2392, limit=116 [ 1764.192364][T13769] attempt to access beyond end of device [ 1764.195788][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.198976][T13769] loop4: rw=0, want=2393, limit=116 [ 1764.212026][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.236215][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.260328][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.268708][T13748] loop3: rw=0, want=2393, limit=116 [ 1764.273974][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.277092][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.285207][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.309106][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.315337][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.325270][T13778] FAT-fs (loop1): Filesystem has been set read-only [ 1764.334802][T13778] attempt to access beyond end of device [ 1764.341246][T13778] loop1: rw=0, want=2390, limit=116 [ 1764.346825][T13778] attempt to access beyond end of device [ 1764.352639][T13778] loop1: rw=0, want=2391, limit=116 [ 1764.358438][T13778] attempt to access beyond end of device [ 1764.360424][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.364256][T13778] loop1: rw=0, want=2392, limit=116 [ 1764.377874][T13778] attempt to access beyond end of device [ 1764.384192][T13778] loop1: rw=0, want=2393, limit=116 [ 1764.390024][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.392594][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.406226][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.409150][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.420116][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f0000000080)=0x4107) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x200003, 0x0) sendmsg$inet6(r5, &(0x7f00000002c0)={&(0x7f0000000100)={0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, [], 0x26}, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000140)="73c53ece9adb7142ab447c3a7ec10e559e5695dbc84678b7f9b2c121e9f95b5193", 0x21}], 0x1, &(0x7f0000000240)=[@dontfrag={{0x14, 0x29, 0x3e, 0x2}}, @dstopts={{0x20, 0x29, 0x37, {0x11, 0x0, [], [@enc_lim={0x4, 0x1, 0x1}, @pad1]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x4}}], 0x50}, 0x8040) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1764.430894][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.446567][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.455685][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.464097][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.470214][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.486995][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.496450][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.496829][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.515404][T13778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.523761][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.542501][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.565481][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.584079][T13769] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1764.599683][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.607739][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.634232][T13775] attempt to access beyond end of device [ 1764.641972][T13775] loop4: rw=0, want=2390, limit=116 12:19:37 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x48], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1764.652550][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.662934][T13733] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1764.677812][T13775] attempt to access beyond end of device [ 1764.685185][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.709890][T13775] loop4: rw=0, want=2391, limit=116 [ 1764.724102][T13775] attempt to access beyond end of device [ 1764.731068][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.761300][T13775] loop4: rw=0, want=2392, limit=116 [ 1764.773674][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.789096][T13775] attempt to access beyond end of device 12:19:37 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x6], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r1, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) mq_timedsend(r1, &(0x7f0000000240)="4c631d36cff894d360017210eef37d40891f1b881a2417fc15d3b954467d5350fb319fb974c0606800b9f5630f9b9a12f62f7f6c1732da9c7913adab0b40875c3563693d49e462fda4776f2f6e917ec5d6364cc1ec2ccf3626760291903975788932aee1e73e74f7756406611eb42099c62ced8f54a5c0894062cc4b9833035fc6ec0a7e4c85f22b53745e09c97b497130a40ad276ecf30dd761c7df86830ebbf21cd986b00103e0bc09896b7f015123ab114f583239c259d2987b6bd5bf9b271704628efde5e1cade470921c0357c6acb72a8806c8d0ad3d38bae34e7e59b53b89a02cbd2f89a63", 0xe8, 0x5, &(0x7f0000000100)={0x77359400}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x200000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r6 = open_tree(r5, &(0x7f0000000080)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r6, 0x40286608, &(0x7f00000000c0)={0x3fd29a06, 0x8, 0x5, 0xefd0, 0x3, 0x200}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1764.812401][T13748] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1764.821656][T13775] loop4: rw=0, want=2393, limit=116 12:19:37 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1764.944070][T13797] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1764.993789][T13808] attempt to access beyond end of device [ 1765.002132][T13808] loop1: rw=0, want=2390, limit=116 [ 1765.010072][T13808] attempt to access beyond end of device [ 1765.016691][T13808] loop1: rw=0, want=2391, limit=116 [ 1765.022299][T13808] attempt to access beyond end of device [ 1765.030865][T13808] loop1: rw=0, want=2392, limit=116 [ 1765.036824][T13808] attempt to access beyond end of device [ 1765.042808][T13797] FAT-fs (loop1): Filesystem has been set read-only [ 1765.043327][T13808] loop1: rw=0, want=2393, limit=116 [ 1765.056693][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.065008][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.081453][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:38 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000380)={{0x0, 0x3, 0x80, 0x0, 0x9}, 0x3, 0x6d9, 'id0\x00', 'timer0\x00', 0x0, 0x4, 0x3, 0x9, 0x9}) socket$pppoe(0x18, 0x1, 0x0) [ 1765.090201][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.099507][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.174339][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.230172][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1765.248716][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.257266][T13814] FAT-fs (loop3): Filesystem has been set read-only [ 1765.274209][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.284394][T13809] FAT-fs (loop2): Filesystem has been set read-only [ 1765.294688][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.308486][T13814] attempt to access beyond end of device [ 1765.325242][T13814] loop3: rw=0, want=2390, limit=116 [ 1765.335932][T13809] attempt to access beyond end of device [ 1765.344598][T13808] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1765.370078][T13814] attempt to access beyond end of device [ 1765.379519][T13809] loop2: rw=0, want=2390, limit=116 12:19:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}) [ 1765.423401][T13813] attempt to access beyond end of device [ 1765.433312][T13827] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1765.444122][T13814] loop3: rw=0, want=2391, limit=116 [ 1765.450325][T13809] attempt to access beyond end of device [ 1765.459416][T13813] loop1: rw=0, want=2390, limit=116 [ 1765.477819][T13833] attempt to access beyond end of device [ 1765.492862][T13814] attempt to access beyond end of device [ 1765.501383][T13813] attempt to access beyond end of device [ 1765.512051][T13809] loop2: rw=0, want=2391, limit=116 [ 1765.532300][T13827] FAT-fs (loop4): Filesystem has been set read-only [ 1765.541792][T13833] loop4: rw=0, want=2390, limit=116 [ 1765.550482][T13814] loop3: rw=0, want=2392, limit=116 [ 1765.554956][T13809] attempt to access beyond end of device [ 1765.557158][T13813] loop1: rw=0, want=2391, limit=116 [ 1765.568267][T13833] attempt to access beyond end of device [ 1765.590421][T13814] attempt to access beyond end of device [ 1765.594498][T13809] loop2: rw=0, want=2392, limit=116 [ 1765.611365][T13809] attempt to access beyond end of device [ 1765.619033][T13814] loop3: rw=0, want=2393, limit=116 [ 1765.628470][T13833] loop4: rw=0, want=2391, limit=116 [ 1765.633769][T13813] attempt to access beyond end of device [ 1765.635026][T13809] loop2: rw=0, want=2393, limit=116 [ 1765.650958][T13833] attempt to access beyond end of device [ 1765.658838][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1765.659006][T13813] loop1: rw=0, want=2392, limit=116 [ 1765.668795][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.682210][T13833] loop4: rw=0, want=2392, limit=116 [ 1765.694805][T13813] attempt to access beyond end of device [ 1765.704148][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1765.714075][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.717832][T13833] attempt to access beyond end of device [ 1765.741978][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.744596][T13813] loop1: rw=0, want=2393, limit=116 [ 1765.773082][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.781520][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1765.792077][T13833] loop4: rw=0, want=2393, limit=116 [ 1765.813050][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.815480][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1765.830179][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x3, 0x200) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x10000, 0x50040) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r5, 0xc06c4124, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) 12:19:38 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x4c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1765.853649][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.861504][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1765.881791][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1765.895830][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1765.913555][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1765.927064][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.940593][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1765.941638][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1765.960559][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1765.976124][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1766.001412][T13809] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1766.015005][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1766.028790][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1766.052400][T13814] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1766.072783][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1766.100498][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.109560][T13855] FAT-fs (loop1): Filesystem has been set read-only [ 1766.119205][T13855] attempt to access beyond end of device [ 1766.124951][T13855] loop1: rw=0, want=2390, limit=116 [ 1766.130468][T13855] attempt to access beyond end of device [ 1766.136512][T13855] loop1: rw=0, want=2391, limit=116 [ 1766.142107][T13855] attempt to access beyond end of device [ 1766.147921][T13855] loop1: rw=0, want=2392, limit=116 [ 1766.153277][T13855] attempt to access beyond end of device [ 1766.159148][T13855] loop1: rw=0, want=2393, limit=116 [ 1766.162957][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1766.165239][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.181774][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.189702][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.197912][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.206427][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.214632][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:39 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x6], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1766.223351][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.231662][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.239908][T13855] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.250134][T13833] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:39 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:19:39 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x60], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:39 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f00000001c0)={0x0, 0x3, 0x100d, 0x1}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.current\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001240)=ANY=[@ANYRES32=r5, @ANYBLOB="5600f0ae2ede5285251f947fb8d227c9ef569fb3c792426fda754ac767ba8235836bd708f599c740002967a3a6af25b0110dd1220ccae87cd9d3abc46920ecabca1e1ba165993cba0f34eccf1030b420528c5c83000000000000000000dd21985064a91d4c57e4183438031889bea149e8c81a6b36ac637e919ad36fb6b2c8909b53be3d11fda7e2783bd7cc8e8663e91ab04684801cb786a57cdee79488f9378290e6bdfec664945ac9bab4a528b11e7727c3a3cb9975c55438fadc3633f54cb6f0b4da9954517e349f5aebeddc10da980ab687fe86305065d81a4a9ce0749a482db10487db457d7dd1df6351072a259f6be72d1bb2b9a2dfeeaaa6077bf482a18df4cd1e51d39adffbbefb8ce1107680a5bb884672b1158eb8033ae9c45a2223cf5f7aa301c165f4cdc6c588c405ba9b4e69e6760048d35e6d63ac58216c372c128bfaee5d8c234b6715975ccbe972fa30af3a2971568ba2c7555a247f52c3"], &(0x7f0000000440)=0x2) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r5, 0x6, 0x0, 0xb5}, 0x10) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000280), &(0x7f0000000300)=0x68) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000080)={r5, 0xffffffff}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000140)={r6, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x900, 0x1, @private0={0xfc, 0x0, [], 0x1}, 0x7f}]}, &(0x7f0000000180)=0x10) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1766.661724][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1766.672969][T13871] FAT-fs (loop3): Filesystem has been set read-only [ 1766.716929][T13866] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1766.733796][T13871] attempt to access beyond end of device [ 1766.740863][T13871] loop3: rw=0, want=2390, limit=116 [ 1766.752506][T13896] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1766.759718][T13866] FAT-fs (loop2): Filesystem has been set read-only [ 1766.769572][T13896] FAT-fs (loop1): Filesystem has been set read-only [ 1766.788928][T13880] attempt to access beyond end of device [ 1766.796490][T13888] attempt to access beyond end of device [ 1766.812139][T13880] loop2: rw=0, want=2390, limit=116 [ 1766.830766][T13871] buffer_io_error: 70 callbacks suppressed [ 1766.830778][T13871] Buffer I/O error on dev loop3, logical block 2389, async page read [ 1766.858269][T13888] loop1: rw=0, want=2390, limit=116 12:19:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_REG(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x14, r6}, 0x14}}, 0x0) accept$packet(r4, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000280)=0x14) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="000228bd7000fbdbdf2514000000050019000000000008001400", @ANYRES32=r7, @ANYBLOB="050029000a00000008000100020000000500190001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0x40000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) [ 1766.879553][T13880] Buffer I/O error on dev loop2, logical block 2389, async page read [ 1766.913653][T13888] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1766.930700][T13871] attempt to access beyond end of device [ 1766.947489][T13871] loop3: rw=0, want=2391, limit=116 [ 1766.949787][T13880] attempt to access beyond end of device [ 1766.961593][T13871] Buffer I/O error on dev loop3, logical block 2390, async page read [ 1766.971733][T13888] attempt to access beyond end of device [ 1766.995612][T13880] loop2: rw=0, want=2391, limit=116 [ 1767.004405][T13888] loop1: rw=0, want=2391, limit=116 [ 1767.004663][T13871] attempt to access beyond end of device [ 1767.025307][T13880] Buffer I/O error on dev loop2, logical block 2390, async page read [ 1767.035668][T13888] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1767.053410][T13871] loop3: rw=0, want=2392, limit=116 [ 1767.076441][T13880] attempt to access beyond end of device [ 1767.084895][T13888] attempt to access beyond end of device [ 1767.090223][T13871] Buffer I/O error on dev loop3, logical block 2391, async page read [ 1767.103467][T13880] loop2: rw=0, want=2392, limit=116 [ 1767.109364][T13888] loop1: rw=0, want=2392, limit=116 [ 1767.127180][T13880] Buffer I/O error on dev loop2, logical block 2391, async page read [ 1767.137684][T13888] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1767.161674][T13871] attempt to access beyond end of device [ 1767.162510][T13880] attempt to access beyond end of device [ 1767.176290][T13888] attempt to access beyond end of device [ 1767.188415][T13871] loop3: rw=0, want=2393, limit=116 [ 1767.192057][T13880] loop2: rw=0, want=2393, limit=116 [ 1767.210955][T13888] loop1: rw=0, want=2393, limit=116 [ 1767.212891][T13871] Buffer I/O error on dev loop3, logical block 2392, async page read [ 1767.234033][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1767.243112][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.249724][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.269919][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x1) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000140)={0x1, 0x10, 0xfa00, {&(0x7f0000000080), r5}}, 0x18) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1767.278388][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.302792][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.304346][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1767.320986][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.338951][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.345582][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.359118][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.377114][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:40 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r2, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x18, 0x0, 0x1, 0x0, 0x0, {0xa}, [@TIPC_NLA_LINK={0x4}]}, 0x18}}, 0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c0000003a076bbd44bfbe9d70ca7aaadb1a3a826a9559141e22614487bea918b977aa554f8feafe25f81122d0eb09a0d1d4abf32af7d08f6f6af22515167c7cb9a2bcfcc2b334b0f2ec505d4838b52f0fdbfacf82bc1a11443351624d4b3778301d3717a74e3c99a10a87186ce7993c6d844c9167fd8c13b088c1b8886297eed5f78343c1e237c221b08a56e4ade1a699755daa424db578be5e75f0e4df1b20df99addb943c972cbe1448cbebca204333831bf15d7b9464810ae7223f04f978dd8c3121bee3e8f26a2f13a98545212adb94cfeabb2dc0", @ANYRES16=0x0, @ANYBLOB="00002dbd7000fcdbdf2507000000280002800800020007000000080002000180000014000380080002005400000008000100200000001800048014000780080003000104000008000200040000000800058004000280"], 0x5c}, 0x1, 0x0, 0x0, 0x1000}, 0x8000) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1767.377283][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.393094][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.411559][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1767.429581][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.447968][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1767.465856][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.485368][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1767.496523][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.502136][T13880] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1767.536147][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1767.538437][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.581791][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.598529][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.598916][T13922] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1767.614131][T13871] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1767.621071][T13888] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1767.678028][T13922] FAT-fs (loop4): Filesystem has been set read-only 12:19:40 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:19:40 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') 12:19:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200]}) 12:19:40 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ftruncate(0xffffffffffffffff, 0x1000000) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0xf18001, 0xeefffdef) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x8, 0x40, 0x80, 0x0, 0x2, 0x3, 0x6, 0x1da, 0x38, 0x200, 0x4, 0x3, 0x20, 0x1, 0x4, 0xfbff, 0x1000}, [{0x2, 0x4446, 0x8001, 0x1, 0x8, 0x20, 0x6, 0x800}], "85502145da413e45a014406bf16c9c7dc7fd1679d9ab1f9973ded5ec872fa8321f3e30109889621e96906c8f022e6f8d6de19aba751b537d6524b3ab870f8e9aa33e0099ed6a26b0d750618317a89b63c831dd0c337488251ea507a9707dfe97ef94b7c78d1b77969d949298b8ef36a2e0937c374bd2cc0231fc196dfb1e3b039d520c34f1abc954845d2799e66b9192129c1bc1d984ffd1f90b6bbc37216dd9891e7f2594b6d25bdd9e86f9199f14ab66aa6377eb", [[]]}, 0x20d) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe8fe, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) getgid() write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x1010, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:40 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x68], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1768.231471][T13959] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.281989][T13967] attempt to access beyond end of device 12:19:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000080)={0x2e, 0x4, 0x0, {0x1, 0x3, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@known='trusted.overlay.redirect\x00', &(0x7f0000000140)='\x00', 0x1, 0x2) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1768.363796][T13959] FAT-fs (loop4): Filesystem has been set read-only [ 1768.370716][T13967] loop4: rw=0, want=2390, limit=116 [ 1768.371103][T13969] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1768.385810][T13969] FAT-fs (loop1): Filesystem has been set read-only [ 1768.392999][T13967] attempt to access beyond end of device [ 1768.399951][T13962] attempt to access beyond end of device [ 1768.411504][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1768.432124][T13962] loop1: rw=0, want=2390, limit=116 [ 1768.443487][T13953] FAT-fs (loop2): Filesystem has been set read-only [ 1768.454915][T13967] loop4: rw=0, want=2391, limit=116 [ 1768.457503][T13962] attempt to access beyond end of device [ 1768.480561][T13953] attempt to access beyond end of device [ 1768.488724][T13967] attempt to access beyond end of device [ 1768.495456][T13962] loop1: rw=0, want=2391, limit=116 [ 1768.510212][T13953] loop2: rw=0, want=2390, limit=116 [ 1768.520897][T13967] loop4: rw=0, want=2392, limit=116 [ 1768.532048][T13953] attempt to access beyond end of device [ 1768.541581][T13967] attempt to access beyond end of device [ 1768.549011][T13962] attempt to access beyond end of device [ 1768.552912][T13953] loop2: rw=0, want=2391, limit=116 12:19:41 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x3, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1768.564089][T13967] loop4: rw=0, want=2393, limit=116 [ 1768.575085][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.587790][T13953] attempt to access beyond end of device [ 1768.592250][T13962] loop1: rw=0, want=2392, limit=116 [ 1768.602224][T13953] loop2: rw=0, want=2392, limit=116 [ 1768.610174][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.632123][T13962] attempt to access beyond end of device [ 1768.649782][T13953] attempt to access beyond end of device [ 1768.651852][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.664336][T13962] loop1: rw=0, want=2393, limit=116 [ 1768.685451][T13953] loop2: rw=0, want=2393, limit=116 [ 1768.698990][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.705351][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1768.723230][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1768.734388][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1768.746963][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.754918][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1768.786725][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1768.810056][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.823765][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1768.833570][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1768.841496][T13985] FAT-fs (loop3): Filesystem has been set read-only [ 1768.853035][T13985] attempt to access beyond end of device [ 1768.859124][T13985] loop3: rw=0, want=2390, limit=116 [ 1768.864396][T13985] attempt to access beyond end of device [ 1768.871040][T13985] loop3: rw=0, want=2391, limit=116 [ 1768.876651][T13985] attempt to access beyond end of device [ 1768.882356][T13985] loop3: rw=0, want=2392, limit=116 [ 1768.885679][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1768.888114][T13985] attempt to access beyond end of device [ 1768.902508][T13985] loop3: rw=0, want=2393, limit=116 [ 1768.903294][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.908161][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1768.925715][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1768.955011][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1768.963693][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1768.978749][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1768.991035][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1768.997390][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1768.999451][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1769.019628][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1769.033339][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1769.042561][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x40000, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r5, 0xc040564b, &(0x7f00000000c0)={0x4, 0x0, 0x1008, 0x1000, 0x2, {0x80000000, 0x9}}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1769.050248][T13967] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1769.059500][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1769.070764][T13962] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1769.078940][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1769.090081][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1769.100190][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1769.114212][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1769.129471][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1769.142921][T13953] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) 12:19:42 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x6c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1769.168874][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:42 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) dup2(r1, r5) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @ioapic={0x2, 0x10000, 0x8, 0x19, 0x0, [{0x3, 0x18, 0x5}, {0x7, 0x1, 0x1, [], 0x3}, {0x4, 0x1, 0x8, [], 0x80}, {0x1, 0x0, 0x9, [], 0xe9}, {0x3, 0x0, 0x6, [], 0x1c}, {0x4, 0x8, 0x1f, [], 0x6}, {0x9, 0x5, 0x6, [], 0x1f}, {0x40, 0x0, 0x3, [], 0x80}, {0x81, 0x7, 0xfc, [], 0x1}, {0x39, 0x4, 0x2, [], 0x1}, {0x80, 0x3, 0x20, [], 0x7f}, {0x7, 0x1, 0xd1, [], 0x22}, {0x4, 0x3, 0x5, [], 0x2}, {0xff, 0x8, 0x80, [], 0x4}, {0x2, 0x3, 0x5, [], 0x6}, {0x4, 0x1f, 0x6, [], 0x5f}, {0x5, 0x5, 0x3}, {0x6, 0x2, 0x0, [], 0xfd}, {0x0, 0x6f, 0x3, [], 0x19}, {0x7, 0x1, 0x2, [], 0x4}, {0x0, 0x2, 0x8a, [], 0x8}, {0x20, 0xfc, 0x57, [], 0x2}, {0x7f, 0x7, 0x9, [], 0xe0}, {0x6, 0x4, 0x9, [], 0x1}]}}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:42 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1769.230445][T13985] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1769.259850][T13991] attempt to access beyond end of device [ 1769.266759][T13991] loop3: rw=0, want=2390, limit=116 [ 1769.306494][T13991] attempt to access beyond end of device [ 1769.330292][T13991] loop3: rw=0, want=2391, limit=116 [ 1769.359903][T13991] attempt to access beyond end of device [ 1769.378096][T13991] loop3: rw=0, want=2392, limit=116 12:19:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x400102, 0x0) ioctl$VFIO_CHECK_EXTENSION(r3, 0x3b65, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockname$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{}, [@bcast, @netrom, @bcast, @default, @remote, @netrom, @null]}, &(0x7f0000000140)=0x48) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1769.432777][T13991] attempt to access beyond end of device [ 1769.470400][T13991] loop3: rw=0, want=2393, limit=116 [ 1769.481792][T14014] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1769.539868][T14029] attempt to access beyond end of device [ 1769.564250][T14014] FAT-fs (loop1): Filesystem has been set read-only [ 1769.589410][T14029] loop1: rw=0, want=2390, limit=116 [ 1769.598764][T14022] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1769.625714][T14022] FAT-fs (loop4): Filesystem has been set read-only [ 1769.637467][T14029] attempt to access beyond end of device [ 1769.651924][T14035] attempt to access beyond end of device [ 1769.665579][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1769.679163][T14026] FAT-fs (loop2): Filesystem has been set read-only [ 1769.683037][T14029] loop1: rw=0, want=2391, limit=116 [ 1769.688152][T14035] loop4: rw=0, want=2390, limit=116 [ 1769.707696][T14029] attempt to access beyond end of device [ 1769.712643][T14026] attempt to access beyond end of device [ 1769.734048][T14035] attempt to access beyond end of device 12:19:42 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x3, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1769.749552][T14026] loop2: rw=0, want=2390, limit=116 [ 1769.758494][T14029] loop1: rw=0, want=2392, limit=116 [ 1769.759411][T14035] loop4: rw=0, want=2391, limit=116 [ 1769.782091][T14026] attempt to access beyond end of device [ 1769.795621][T14035] attempt to access beyond end of device [ 1769.801373][T14026] loop2: rw=0, want=2391, limit=116 [ 1769.802160][T14029] attempt to access beyond end of device [ 1769.814846][T14026] attempt to access beyond end of device [ 1769.821540][T14035] loop4: rw=0, want=2392, limit=116 [ 1769.833555][T14035] attempt to access beyond end of device [ 1769.839826][T14026] loop2: rw=0, want=2392, limit=116 [ 1769.842304][T14029] loop1: rw=0, want=2393, limit=116 [ 1769.858298][T14026] attempt to access beyond end of device [ 1769.864055][T14035] loop4: rw=0, want=2393, limit=116 [ 1769.884721][T14026] loop2: rw=0, want=2393, limit=116 [ 1769.890799][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1769.892393][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1769.932009][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1769.932045][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1769.950377][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1769.966299][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1770.002015][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1770.013665][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1770.014108][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.029538][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.037673][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.045741][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.053596][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.061741][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.069796][T14029] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.078615][T14032] attempt to access beyond end of device [ 1770.082770][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1770.085919][T14032] loop1: rw=0, want=2390, limit=116 [ 1770.098839][T14032] attempt to access beyond end of device [ 1770.103493][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1770.104513][T14032] loop1: rw=0, want=2391, limit=116 [ 1770.104538][T14032] attempt to access beyond end of device [ 1770.138668][T14049] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.146620][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1770.156116][T14032] loop1: rw=0, want=2392, limit=116 [ 1770.158031][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1770.161386][T14032] attempt to access beyond end of device [ 1770.161397][T14032] loop1: rw=0, want=2393, limit=116 [ 1770.166480][T14049] FAT-fs (loop3): Filesystem has been set read-only 12:19:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x18, r7, 0x1, 0x0, 0x0, {0xa}, [@TIPC_NLA_LINK={0x4}]}, 0x18}}, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x1a0, r7, 0xc00, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6b3d}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x94, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f34}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'bond0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @broadcast}}, {0x14, 0x2, @in={0x2, 0x4e22, @local}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x0, @private0, 0x4}}, {0x14, 0x2, @in={0x2, 0x4e24, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_NODE={0x34, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xf4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x800}, 0x20000004) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400]}) [ 1770.201442][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1770.209129][T14053] attempt to access beyond end of device [ 1770.223300][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1770.234881][T14053] loop3: rw=0, want=2390, limit=116 [ 1770.247372][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1770.253927][T14053] attempt to access beyond end of device [ 1770.270401][T14053] loop3: rw=0, want=2391, limit=116 [ 1770.278127][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:43 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x74], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1770.299668][T14053] attempt to access beyond end of device [ 1770.320887][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1770.335136][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1770.354372][T14053] loop3: rw=0, want=2392, limit=116 [ 1770.370208][T14035] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1770.379982][T14026] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1770.391417][T14053] attempt to access beyond end of device [ 1770.404238][T14053] loop3: rw=0, want=2393, limit=116 [ 1770.433444][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.474943][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:43 executing program 2: r0 = semget$private(0x0, 0x2000000010a, 0x0) semop(r0, &(0x7f0000000200)=[{0x2, 0x0, 0x1800}, {0x0, 0xffffffff}, {0x0, 0x7}], 0x3) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x401}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x81, 0x1000}, {0x0, 0x1, 0x800}], 0x2, &(0x7f0000000040)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0xb, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x38}}, 0x0) [ 1770.574604][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.613883][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:43 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(r0, &(0x7f0000000240)='io.stat\x00', 0x26e1, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r2, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)={&(0x7f00000000c0)='./file0\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) dup(0xffffffffffffffff) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x40010, 0xffffffffffffffff, 0xffffc000) socket$pppoe(0x18, 0x1, 0x0) [ 1770.622316][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.630925][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.640266][T14062] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1770.698918][T14062] FAT-fs (loop1): Filesystem has been set read-only [ 1770.715789][T14075] attempt to access beyond end of device [ 1770.732692][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.783561][T14075] loop1: rw=0, want=2390, limit=116 [ 1770.798727][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.818299][T14075] attempt to access beyond end of device 12:19:43 executing program 2: r0 = semget$private(0x0, 0x2000000010a, 0x0) semop(r0, &(0x7f0000000200)=[{0x2, 0x0, 0x1800}, {0x0, 0xffffffff}, {0x0, 0x7}], 0x3) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x401}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x81, 0x1000}, {0x0, 0x1, 0x800}], 0x2, &(0x7f0000000040)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0xb, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x38}}, 0x0) [ 1770.853955][T14053] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1770.864520][T14075] loop1: rw=0, want=2391, limit=116 [ 1770.918757][T14075] attempt to access beyond end of device 12:19:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) [ 1770.967648][T14075] loop1: rw=0, want=2392, limit=116 [ 1770.998210][T14075] attempt to access beyond end of device [ 1771.030574][T14075] loop1: rw=0, want=2393, limit=116 [ 1771.039903][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:44 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x3, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:44 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000380)={0x7, 0x0, [{0xb, 0x4, 0x1, 0x473794a3, 0x7}, {0x2, 0x0, 0x8, 0x0, 0x75}, {0x80000000, 0x200, 0x8, 0xe8, 0x10001}, {0xc0c0e76c6703de14, 0x7, 0x0, 0xef, 0x5}, {0x4000000b, 0xe04, 0x8, 0x200, 0x6553}, {0x80000008, 0x0, 0xb, 0x9, 0x35}, {0x80000019, 0x0, 0x1, 0x7f, 0x7}]}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) ioctl$BLKSECDISCARD(r2, 0x127d, &(0x7f00000000c0)=0x1a30be91) socket$pppoe(0x18, 0x1, 0x0) [ 1771.103795][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.142189][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:44 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1771.203834][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.241432][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.252539][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.266315][T14102] FAT-fs (loop4): Filesystem has been set read-only [ 1771.281912][T14102] attempt to access beyond end of device [ 1771.290182][T14102] loop4: rw=0, want=2390, limit=116 [ 1771.296006][T14102] attempt to access beyond end of device [ 1771.301818][T14102] loop4: rw=0, want=2391, limit=116 [ 1771.302974][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.307840][T14102] attempt to access beyond end of device [ 1771.323399][T14102] loop4: rw=0, want=2392, limit=116 [ 1771.328969][T14102] attempt to access beyond end of device [ 1771.335780][T14102] loop4: rw=0, want=2393, limit=116 [ 1771.341054][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.349086][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/slabinfo\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f00000000c0)={0x0, 0xf09}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, 0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000140)={0x2, r6, 0x1}) ioctl$TIOCGRS485(r5, 0x542e, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1771.441808][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.450872][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.461535][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.477065][T14075] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.508743][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.517015][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.535380][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.543344][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:44 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x7a], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1771.552533][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.561554][T14102] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1771.570843][T14116] attempt to access beyond end of device [ 1771.582600][T14116] loop4: rw=0, want=2390, limit=116 [ 1771.645393][T14116] attempt to access beyond end of device [ 1771.651075][T14116] loop4: rw=0, want=2391, limit=116 [ 1771.695471][T14116] attempt to access beyond end of device [ 1771.702202][T14116] loop4: rw=0, want=2392, limit=116 [ 1771.732639][T14116] attempt to access beyond end of device [ 1771.765447][T14116] loop4: rw=0, want=2393, limit=116 12:19:44 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x7a00, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1771.905172][T14129] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1771.963794][T14129] FAT-fs (loop1): Filesystem has been set read-only [ 1771.974315][T14143] attempt to access beyond end of device [ 1772.002358][T14143] loop1: rw=0, want=2390, limit=116 [ 1772.014203][T14143] buffer_io_error: 54 callbacks suppressed [ 1772.014216][T14143] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1772.050321][T14143] attempt to access beyond end of device [ 1772.062212][T14143] loop1: rw=0, want=2391, limit=116 [ 1772.079203][T14143] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1772.100729][T14143] attempt to access beyond end of device [ 1772.117281][T14143] loop1: rw=0, want=2392, limit=116 [ 1772.137405][T14143] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1772.151008][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1772.161104][T14145] FAT-fs (loop3): Filesystem has been set read-only [ 1772.175325][T14143] attempt to access beyond end of device [ 1772.180978][T14143] loop1: rw=0, want=2393, limit=116 [ 1772.193123][T14145] attempt to access beyond end of device [ 1772.222404][T14145] loop3: rw=0, want=2390, limit=116 [ 1772.235320][T14143] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1772.243868][T14145] Buffer I/O error on dev loop3, logical block 2389, async page read 12:19:44 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x4, &(0x7f0000000540)=[{&(0x7f00000001c0)="eb3cd06d6b00020421000200027400f8f39890911daeee39083f92f604d1968251cb00004c8f0000", 0x28}, {&(0x7f00000003c0)="646cabf275461b60af9bbc600d5a924d1a956486a47e62403358e8d3ba68c8937d8074a730de59b1821690c43cb0fb6cf193d8db5ed3f5f7f9ce17cc023def50ed91619ea2cf442f3dc7354fc8a666d091e2b2455ae37ed719b3e69db0d3ca034d6e9dac6796aee88010b6dca87b31736e555ae308c98d32bd5eb11b11e8a0bbc55a463fdfdbf12176e7fbd195ee03e833d4880e6f1dac91d2eb8013cf0e5d0d83fe", 0xa2, 0x7}, {&(0x7f0000000480)="71922ddfd6c2ce40eb4bc4b69aae50e19b9c5528e3b9dc3fdf9d1c3146232c2950ba88b459240f55add9371bb93adc8bdedb3070092de8cd9f1f5c5d6fa47775cffca1c5936a1ee7463fcd7eb16dfa27c868f91966ec898926f11d7cf75668814ae1ca07e67f571540c254700fd182ef557fc8f5ac82cdb46d13c4848cf0624559e6d32df6604042fafb6d986ebbaa888155ba8618ade164cd5397b762a869af54853539805954630f3ecc38e72bfdb3c482fd838ae12d", 0xb7, 0x80}, {&(0x7f0000001300)="849722d33eadc1e386bcb0e834558dc860661be1e150307a359f811c340a72f775324364ba020fe14b846ea8472ce2cc4b8b098657d15e413ab153b7156ef2a38fdf117a3b159ecfe1e14618dde58dba05cce99d22b9cb7a7d7cd8de3af44adf59a97ea71efe6a9138394d8420a5489b4440181fdbd1840b036cec0b2a6d3c568d96907142a2aec3488a69b72bada984aa317da3c95f0ac2d2f0c052e2085c3e9948239091777397287b36ded3e0928fa076c8c1e67fd4c8c884ca0e91f115fea20d69d682b7436d8a71c5b81d1c8280f44820dc6c88574514907dbf63d5a80f828e432e78922fee20b650c24ca848c788973f923822bdc10f02b3135448db997025905716d8fcc2799ebe74d425a2dffc57518b9cd12a41572dec8e42e5d7a35924a3ccdc4d41c35210fe55112b04400f423481540aefa142e9263dec7669a9029a54afec286341f4800b3636ed87a68a2c90e4443e630c6d8d48dcc7c5659e71e17564cf952720d46084a26b6db2a99175ba6748dac3c4d777192876421b2f9716d60622c305599312db09b8bb4028d7a1669fce5026ac01bb245fd83b641b17d7115466979ff60e97a75b0132e9f8daef70074a6db6523545ad7c020009e249292a22e6f5d481a1009f83496e7cf3d9d37d73046b84e28ce7ce355c9492517c950eb3468a709e84e10e2f2c5efd70787ca7aa1a011b56df3e324818b52a93a9539e25118f38fe846373c3e4d6373019391a3cdae38c69d63d224b64366afcc5d08448ebdc13243dc5c65b4aed6e59f913aabc79beb10f16eac860fd7bdb59c6457bb4daa96effe00e220e69ea2a2e2cff1ede911a3d7b5be9f1f0a5bd010c3eac00ce920521e9c91d757c32558ec5058cc256b5ff0f5dbf557cb8acdd6527dbd5d9746958bb0f49461f6055590f67bba09c2ed881043f0ae6c9f178ab5fcf07e81ca1b46d20078e48d4024466f569e80074330d31121c72e676e24f4b1243a159968f05b5ffee8c82cace214a9b4e22624806f36a01d8ed8e0cc9f086c40a8a6a44c015b22ecc6cf69efae206193c83fa39d712514d438f4534f137899c96b99c0d38218d9844d2151d0629aa44ca09721484a5e65700824e7204b4fad4da3e830f9df31d5017db9bf64067e7b65e44e6adf1d0432128b5bb842931f2fdf0e73c42234ea9add1c667ad1509464363f005d8b3d7986a7d029321765744839a54bd5634b78ddcb619195dc515489cfe638f379c9fbc477916b6acb86209f9e8eaa8599fa3f7c2626ebeab8ee3b11e746a0f562d7f59f9fdf970840cd7bf0311010f5089563bc2f8c0161dffdeff52e9fc98cc60e0177a8d95d6249cc8a904674b5d6543c83551e67df688e14f01f5a4b85cc1de69c979d765a5ab40113d7a3264f9686bc9f9c394eac997c58531ae9bacf00913113b5f30889155763547223013944e9f6fb2485bda36a036242181778529a457a6d7e0ce8a80921f06338d8df33494fa7a7a67f90122d2bb7231eeadadbcf613087800ddfea9d053d5fa3833f45299f37c40e1a609c3ebb1882e63756c8fe75d246a008c0ff9afc5ca34d9ecb68f2be9430f96efe17557064c8e759cd46ff9301744f7b3f43c64c2fc804462cfe8d72379b3e1853fdc11f6a5d062f2fc9564d35e5406d84d361fa909be0ae4bae5c431d6ed58da0c1b7eedf601ed2f101feee2a394b61de2b206c2bddf0b9096fd675f66020043ab0b5356f1576f09f40eb41a42d893113cfaaf34bfb429d07992d12a3624d8c31d8505009920a436d3002740ecce38ce7bb3ba0f71e401b683c892be803143ed785d9399dc2bb10a3188c85cd081cfba415018f082366523d01bb9a90ca6c56c50544fb469a281b0ef3c3a87647b5255870eecc341363c7818f27c0bc637456dd39ca3b359ef36bb2e2d2aac45c98370eb3eb5233a24c41c127ac808ebbdaed3a22cffd8700effe35ecb14d0d09a10193e53790c002169b41fe30ced4d675bd24eeb7dcca9b3de89487cd9a8669bdb9640c40642e9a2c14a2f3eb8b37c0b26cc3ffa4b28ef4c22fbea92989cc9416b5a6e2e91d5327a9c41ed6753a5707f4bd0373f771c0b59de6f20cd99071bae7c17f957c3b560eb3f5ab14dad5711053a01cfe78893e6de2993dfd0c050833022d233a191ddbf9c31a64524897e7caec7f9e499b3980fc3cefe4f502972d5fabfd8c49df95c43e192fc6896cc919222684cb1c93268f277db1e8091fa2273867d2b12fc9460f2e4d5e5a958a7048128103c1e1fd471f4f0d2e96921058d472567cdfe2913d9fb7b1f4a507dcd9a5e8d245ea78c74d945bc9c4a46b6d16fdfcb8b3853354b060bfe9cf217f2c58f4a3894123c100fec3eeecf177016f715664d45597c1f3e52c6e2e7d3dce26f55e94841e55a2b758e704d182eda169bdc1d7c9836c6efc0155dc939d98b157cdcab60314dd0c534de64a81770b0e7976be968323f0d9c02749c50bcad57f8f113bafd33bbf40b4e6886c3dd3cf016200cac18de8738ee909252f0c2e378a401973edc0b2fedb28f88deadcc41c634072d1232cca9abeb5c70781b5464fbb6af8f75d63e6ae317f4ebb3b3ea860a1cb10f6a2533a44661fef21c1b4755b052bc31474c499ab018fd2e80961aa9e6d19993d2b9f68cf0d92f4556f5a655b2fbdf86bf8b13e02b92c3f004ac8651d218d99e1b2e4865afbf7cf60faae06d65ff60de15a538dc8da3e9b5a98dae8c2f527a2a0b9d8d1b2028d350237b67e70aec21be4cabbb19f520d39841fd9d1500068eb51e6cb82d230f4eb0b335692aa8a31f879acc4f3b63c5c830245cac98a4a0e54c76bc7a6fa04ad234ffce5d3754bdd4e5d3453b812b8a68ac277bd9042930a058ae96947380fb4d380a470e0d7ba8c99c17d2e51d82831780df74ecad751140cbd8aa37795d7e88c2027befb9a91ad977ac5d0303e9230867ca578b743294bdcb3df1ee37c2a7cd54d6f20d9cd3b873c314a426038ccff4e4d045af272571a23f626a1e7d3c42f5bccab13d5fcd704f154299b3db26a3723f0824f3f5a5db6eb5807e63d77d24ee07d197a8eee89eaa6cc0847afa2fe2286f6debc860ff6021d36493d04bd82103db997e7258e4d656fb531cd9ac3bf59ac841f565d0080f7a69e3b479b94209f9ce146147ed93cea1ed4342cb60ba97e9936c4f7fb0e07912fe532505a370afccd32fc14fc48a692f30840bcfb680af361122cee5cd4d4cd33a33189eb7a169dc2f8e0e4eb6e6998589a0f07cef9ff589be852275e8241785e719af09ab0d42997449184d77c2f1edec2b0af7073e915cec6a1aeca0a04085c3e0df9d109feb97a5b78604e26c23a878c871ace342110f5317b42ffeb2f4c420dcf22c5ef11d6147d5932928cb2708e11c6d990b2fcbcad46a97f30394d59d61480e425fc68214ea5a5c88efab556be38cbee947ee710fa1babc1eb20a99ae1491f428c15c2dd4448bb44079b2bb926920ae2e8163d6508472b32859297e6a28b549a9c9856b3af0bee84b17cbe89639f4f694a44b06f9fe7a9ab21a066d6cbd1b8ca87b20368ef83e4cbce5af415728a48b01924659657561dd4d7e1705943bcd1227f0de54005a8c89b5efba6f0a1fe6ee3194d775011e2d2c244fbd754ea4f6591d9fffeea53df3ef4d1d8b439e1fb369ea6c71d573bed0f6b1f218a83e64a9a57a985211c65bbbc851415d752659091b61c89a0898bf20918b2d130c7b560f5de52dde904a1a9a25c2aaa67c91dbf3c110afe2099d40bbc1409f3a0cf2e18c53e6f78ab78dcd4f59519c1d6e4c4abe4b122c82cfe9df42e6d1ba836920a9d47bf6aceebbc6e694c859f26a7e5dc2b9b8f7b5905011a48a3adb65eb55fbf4d33e2b6ac358931b36b013f6c97893acc26925cf6df7aa4314b1ddf0f33a9e17b858cd11c9390dca9523889ab9b1d92d419687d85d48a6fbe306adbb45d115bcbc75d7dab44a35fef4d43532556d01e757a7be62e5781c414ff15abeff35d8eed460a8749dd143157f741ab71e5e6292e7c2b9d737e881128c729f2e979e42f145b90d5b1c3da9a27f1fba3b5c47d9c26f785bfa488822e92aa0959e8d31b05a71a7d30331763826ce6f4771c699961c468b4c8422684ed03d0f0ee6c12c63ab8bfc6d1ef17c7de6590939029028f81deb835a2588e7a4f8e73cf9f2dda3322d2a5c5bb1171a74a16646c93ddd2ce1e91b815f39befe0edd9ac3c60be62f9e39b5e617e9d2f197e637b463a78cf33717626d4a5b368d2dfdb22ab3a7cb67d9dbbb04c8ec5182e205a09ca089455f1d2bd6a2a0bc83d8dbc886b4d5923467c66a226a57e305328d31b024806076d83a356aeaf63ab104cea8b21c2d5eb0bf96b731017044cd1f69da2a9a0925a6966fcde46804f37a96cfbeb0328f21248a1b7e1e8f3dd90ec5e1c05f48584e6fefc7e67d464b54b481b30a7fcd9ed141f083a6d496683a4e48e3ae72df90500d97509749a33cab7833946552f2bf04e6153d8c75642b4c72c8a542bf8b2d9a2a5f4c17147669def3643a4edd0afc51abce8da1c2661cad374f435fc0387d576704fc3b488b24f5bab0d99532f174dc4a5982f04600ae3dc90819a8035c6d6d88770b91fbc695f9f2703253a878539db37ed5c36a4964d412c45a7c5703c7d11618b29826cd304abb3b6224eb715724f36609f2a6cc4e8e7749bf6f91dfa64010922a7f22191fe73317d6176c8c896bb572cd0e739654b993441f0458c613f7d7446c582056d0de3b78637d8c078bfd5f45ad2726b27acd2d876165e138cd48d2fdb85c14a5689b22b4c1c4c70c049e2084ab835b5421009eea80a7deb5fff33f42d7da4d93f94db36b8a32a0cd9d9085e68525f7f117d97cbc4914da6daadd6249a8244e2f3c6334f4db32b55fb9c4386c5091d022d1851c9c07b96e974658998491fd191e60643659386d0056d70b88185e6ee21c8e566bf2d7a70479623b75e076c97b9384d1a617d957b812432f9aec22968d68e4877570568b5de17ae3c6ab9cc147c56fedbcb7bc41b950f5a4754845dcf5817f48652fdcc86bb4af3550d44f247406050d8d8626593357eb8c70afcce0653903f1d9cbfe0ecccf33165fed892f7bbef18a47c041d22e0c6ede5fb120275de84221611e7d031a2d91d15d7d7083c9c66efda6084fe819b7cb02b09868dac66c886ecdafe671e8476c7b765aba166d528ed2056c9332c40b14b0b2d5fa09dbbed7c76d1c45b4cdaaf24426f4b46a8dfbe591704c7af946698ece687ec7c6b48c094b2815b43a7b0dae29b30053cdd81c768607cfa687860c6987481c2b66948259afad1908ab4c91a6e4a3d9afa7111fc7078900572a9ac47e4950b36dec2ea7dff79a4c5a98e2e5ac6d8ee603370cf747d7ebb0be34965a3326b2534d5f276372a63cff177d7a37a85da972838e68197739f93ec40ebadf91f98fd3c496242243cf15a62f2ab6a1c574047b40c7a6fb33f5620b1fa6861f6de79535b0f479e093044fa13d99d6f5de84f7114a46f58e33fd5dc343697571528437666f17501855e6466578e0c8c0f8dc94da188bf4e653bc85a4c752fd72b322ed43692eadc20b22172471ebf9d703ebf41e2d1a5fac9d123fd099d2bc58a75289d31cda1d07c91218d2b25c3213b160cc21dadc6c1c272b00e9da7b477fabceae5f83af22f91c15708776843c86ffa9ca20f778f98dcf0c1a384ba978ea212bcb28fea69928f843c3d315319744a2e092f9d7bb1b6a0a14ec757e0ff79baae5d9df77d459dd7d6374f36a2dcbdcb2cc", 0x1000, 0x80000001}], 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0x1000000000000f, &(0x7f0000000180)=0x57bb, 0x3c) setsockopt$sock_attach_bpf(r4, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4) close(r0) setsockopt$sock_attach_bpf(r4, 0x1, 0x44, &(0x7f00000012c0), 0x4) r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r5) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f0000000200), 0x806000) write$cgroup_type(r6, &(0x7f0000000080)='threaded\x00', 0x9) [ 1772.275354][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.283407][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.292965][T14145] attempt to access beyond end of device [ 1772.315318][T14145] loop3: rw=0, want=2391, limit=116 12:19:45 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x6c00, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1772.320744][T14145] Buffer I/O error on dev loop3, logical block 2390, async page read [ 1772.335881][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.348075][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.359519][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001240)=ANY=[@ANYRES32=r5, @ANYBLOB="5600f0ae2ede5285251f947fb8d227c9ef569fb3c792426fda754ac767ba8235836bd708f599c740002967a3a6af25b0110dd1220ccae87cd9d3abc46920ecabca1e1ba165993cba0f34eccf1030b420528c5c83000000000000000000dd21985064a91d4c57e4183438031889bea149e8c81a6b36ac637e919ad36fb6b2c8909b53be3d11fda7e2783bd7cc8e8663e91ab04684801cb786a57cdee79488f9378290e6bdfec664945ac9bab4a528b11e7727c3a3cb9975c55438fadc3633f54cb6f0b4da9954517e349f5aebeddc10da980ab687fe86305065d81a4a9ce0749a482db10487db457d7dd1df6351072a259f6be72d1bb2b9a2dfeeaaa6077bf482a18df4cd1e51d39adffbbefb8ce1107680a5bb884672b1158eb8033ae9c45a2223cf5f7aa301c165f4cdc6c588c405ba9b4e69e6760048d35e6d63ac58216c372c128bfaee5d8c234b6715975ccbe972fa30af3a2971568ba2c7555a247f52c3"], &(0x7f0000000440)=0x2) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r5, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r5, @in={{0x2, 0x4e22, @rand_addr=0x64010100}}, 0x7fffffff, 0x6, 0x1abd, 0x1, 0xe, 0x9, 0x7f}, &(0x7f0000000140)=0x9c) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000180)=@assoc_id=r6, &(0x7f0000000240)=0x4) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1772.373443][T14145] attempt to access beyond end of device [ 1772.381657][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.390728][T14154] FAT-fs (loop4): invalid media value (0x92) [ 1772.399742][T14154] FAT-fs (loop4): Can't find a valid FAT filesystem [ 1772.424136][T14145] loop3: rw=0, want=2392, limit=116 [ 1772.464305][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.480048][T14145] Buffer I/O error on dev loop3, logical block 2391, async page read [ 1772.570402][T14145] attempt to access beyond end of device [ 1772.580656][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.596122][T14162] FAT-fs (loop4): invalid media value (0x92) [ 1772.606616][T14162] FAT-fs (loop4): Can't find a valid FAT filesystem [ 1772.627491][T14145] loop3: rw=0, want=2393, limit=116 [ 1772.645539][T14143] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1772.661544][T14145] Buffer I/O error on dev loop3, logical block 2392, async page read [ 1772.688025][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1772.698477][T14158] FAT-fs (loop2): Filesystem has been set read-only [ 1772.719064][T14158] attempt to access beyond end of device [ 1772.726899][T14158] loop2: rw=0, want=2390, limit=116 [ 1772.732239][T14158] Buffer I/O error on dev loop2, logical block 2389, async page read [ 1772.741720][T14158] attempt to access beyond end of device [ 1772.748676][T14158] loop2: rw=0, want=2391, limit=116 [ 1772.750767][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1772.754130][T14158] Buffer I/O error on dev loop2, logical block 2390, async page read [ 1772.775152][T14158] attempt to access beyond end of device [ 1772.784208][T14158] loop2: rw=0, want=2392, limit=116 [ 1772.797694][T14158] attempt to access beyond end of device [ 1772.808837][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) 12:19:45 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_dccp_int(r4, 0x21, 0x6, &(0x7f0000000080), 0x4) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}) [ 1772.836440][T14158] loop2: rw=0, want=2393, limit=116 12:19:45 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000380)="f66fe32bd0e6c9881d1a06da059c402aa9f4eae7eefee73cf9d05f602711ce308b82a966b9977d880103339331f6f7bae8ce4fbc0be3f6e9cc9a54cc3ced3fc874d6982d398cae1e24a7a359878ae41d5525e36c6dbfac38b44d688b60ba7ec4f7d82d8883b393213089130f7773e5ec9f4d52e358f7a0f867b6629d15468b02a2cefe31bdd3b4ff4e2a04d0fa57e5a18c04701b68bacc14fd1561f934fca148f58af4dbe65bc3c3b4fb") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000440)="ea44764a887e18f24d3522280df33e01dde37352493f8dc146d0baaf7b1cf48ac16f8814b5d70284e7b15f2b2999761a24ec35272cd56b31f15aa11f443e1bc664223a203500729d2a4e06779ce41686dfc0b898ccaec21b0fb6c5bd73c5d67e9411b89faf0c3e7e844b385c25daad3f95729b90f1aab98d99b569b0101a2442959fd75bc131f21d195da7dbbef0053cb513b0fa", &(0x7f0000000500)=""/213}, 0x20) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x1000, 0x0) [ 1772.870269][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1772.893017][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1772.902124][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1772.926619][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1772.938064][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1772.954823][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1772.964554][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1772.980755][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1772.989052][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1773.005884][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1773.015145][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1773.037414][T14145] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000024f) [ 1773.047520][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1773.067902][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) 12:19:46 executing program 3: prlimit64(0x0, 0x0, &(0x7f0000000140)={0x9, 0x91}, 0x0) r0 = getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x492492492492565, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x29) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000340), 0x5}, 0xeb081d50f30dcd9, 0x0, 0x20203, 0x0, 0x0, 0x0, 0xfff7}, 0x0, 0x0, 0xffffffffffffffff, 0x3) shutdown(0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x2, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) pread64(r4, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000400)) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000c00)=ANY=[@ANYBLOB="7f454c4608008000040000000000000003000300ff0100005200000000000000400000000029010000000000000900000001003800020005000300000204000000ffff0000089b000000000000010001000000000002000000000000000500000000000000f000000000000000060000000000000004000000f8ffffff21000000000000000700000000000000b80e00000000000045000000000000000200000000000000f7ffffffffffffff14490a3ecde1e088392fb465305027568947b61534a614c71f0098e4ff4c0636af8f9bcbdd9786b20aafb91cec915536b6ad342c977b1e6659b2d96fa9568f893b000000000000000000000000ab3058c40bc73a160000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000080000000000000000000000000000000000000b000000e2ffffffffffffff00000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f000000000070332b18380decab00000000000000000000000000000000000000fbff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000054742000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1a39e27cacf43b4702fc74e657e6fda8b4dacaa0a8ea7405d3e1c427726096511e6daf6d3ee3feda9d29f277490423b773ec5dceeb90fe4d04fd6737bf145379470fcb8ec09586a7f8c2c5e8d9302049a611fe5af9c493a28f7976f9a3c50e5bc81546cf6add4d98c9f39cd71ca53204cab4ecea5abdf2c3ff5ef1e8cedd9c957c0001f6c20ba179181332297d9656c8a416bd0ba134c4f0966d575157f73251a6c20fb6ba6314a4afd543d48fe0493bceffb0e1940bb5182ef044a68f4f70ae8ca335637096350c5464f71fc0c5eeb679938da643e5ecb8d8890462fa5c18c83b68a393cd3e0501d054b3268498e97f28296eae7cc87e7f9dc280264f81ca1c8aeb657be434b238e02b6113278d29f371fd44064d0bfcd4729f38cc4af80cb26fd91edb4abb6ce7e1c55b848b7b37920ec3e7266db2aae98bf3c07cc22127c783aff41260f9f7df02f2d9b4bba20477572feae73aaedf90f2cc1950dbb3021856525b4f78cda82632778030d9d90b69e5724057d773830c1532a2de8658543390750c837e33c37184e9976c84b387556d"], 0x393) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x10) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 1773.115292][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1773.131656][T14158] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000024f) [ 1773.148176][T14166] attempt to access beyond end of device [ 1773.177893][T14197] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.188195][T14166] loop2: rw=0, want=2390, limit=116 [ 1773.225360][T14205] attempt to access beyond end of device [ 1773.229885][T14197] FAT-fs (loop4): Filesystem has been set read-only [ 1773.231484][T14205] loop4: rw=0, want=2390, limit=116 [ 1773.243441][T14205] attempt to access beyond end of device [ 1773.250307][T14205] loop4: rw=0, want=2391, limit=116 [ 1773.250813][T14166] attempt to access beyond end of device [ 1773.256010][T14205] attempt to access beyond end of device [ 1773.267716][T14205] loop4: rw=0, want=2392, limit=116 [ 1773.269979][T14199] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.273538][T14205] attempt to access beyond end of device [ 1773.286958][T14205] loop4: rw=0, want=2393, limit=116 [ 1773.292268][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.300362][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.308458][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.317746][T14204] attempt to access beyond end of device 12:19:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f0000000080)={0x6, 0x7, 0x1, 0x1, 0x3}) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1773.323806][T14204] loop1: rw=0, want=2390, limit=116 [ 1773.329244][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.341607][T14166] loop2: rw=0, want=2391, limit=116 [ 1773.348261][T14199] FAT-fs (loop1): Filesystem has been set read-only [ 1773.360574][T14204] attempt to access beyond end of device [ 1773.369203][T14166] attempt to access beyond end of device [ 1773.375127][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.383657][T14204] loop1: rw=0, want=2391, limit=116 [ 1773.389062][T14166] loop2: rw=0, want=2392, limit=116 [ 1773.394486][T14204] attempt to access beyond end of device [ 1773.400245][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.408242][T14166] attempt to access beyond end of device [ 1773.416262][T14204] loop1: rw=0, want=2392, limit=116 [ 1773.421568][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.430218][T14166] loop2: rw=0, want=2393, limit=116 [ 1773.436008][T14204] attempt to access beyond end of device [ 1773.445132][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.454773][T14204] loop1: rw=0, want=2393, limit=116 12:19:46 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @ipv4={[], [], @empty}}, 0x1c) [ 1773.478624][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.489938][T14205] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1773.504412][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.515295][T14207] attempt to access beyond end of device [ 1773.520672][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.533156][T14207] loop4: rw=0, want=2390, limit=116 [ 1773.541262][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.564882][T14207] attempt to access beyond end of device [ 1773.574486][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.590598][T14207] loop4: rw=0, want=2391, limit=116 [ 1773.602682][ T26] audit: type=1804 audit(1587212386.566:89): pid=14219 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir289842035/syzkaller.IPhdpU/2844/bus" dev="sda1" ino=16364 res=1 [ 1773.616200][T14207] attempt to access beyond end of device [ 1773.633293][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.654691][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.672368][T14207] loop4: rw=0, want=2392, limit=116 [ 1773.683236][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.696575][T14207] attempt to access beyond end of device [ 1773.708921][T14204] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1773.718584][ T26] audit: type=1804 audit(1587212386.626:90): pid=14223 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir289842035/syzkaller.IPhdpU/2844/bus" dev="sda1" ino=16364 res=1 [ 1773.746094][T14207] loop4: rw=0, want=2393, limit=116 [ 1773.766178][T14211] attempt to access beyond end of device [ 1773.773124][T14211] loop1: rw=0, want=2390, limit=116 12:19:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000001440)={{0x1, 0x0, 0x80, {0x114005, 0xf000, 0x1}}, "ca8f5074e01fb42607947cdb581f457d13ef1111809ade8f13dd6aa2e8bad5adea6c3ace4eb59ee2f756deb0d23d4820e79d874d5d80648d6043a59d79fc958486bce940c7a03bb4d00f61d1efaf173598ebd3fcf6c01b8c20f9328fd0e83eeae94189061e4102bcddedd680adb1638d39fbdd62653a1f5ab932d89ed4b651dfb0b7480c7ed7b14f68d004315f89933d9ba29b664e1f60515d9fd40d7f392be861e3e448e3c918b0ffdfbbb1efa8f8b0ceb6d5d39ec4d16fb671ae7b492270a2013809e5353afdf1205dcadddc5141301b86054b6d7d78f311831cf11fa629cffe38df29de74d8d1e8b2ff86c2478cbc7e7f213c47f581c3624f197aa21ccd4b30697daaafe517199f977778c27d8864268bc537846861fa42c1fe4b304e235b44c339fc11ec5042d8930c26d2ff6709744928985751cd80e2efb94831fea00ca190959ae8c1e4860d0ed6569ad0e6e09fc39941b2d58e62bdac8a2d19eb21d807df87d7395ca38581345468fffa9c5bb4b781008bcc03e3b892bfdcf09621a23daf2561029457e4d5a7281da9a88ef1a689e47b41f01540e25383e8fe9113bb60d871e1ad06d097f463b1e69ebef393aa7de15d9206de4149a7978cba7122d5514d75c9a6273dadb1f58c5ce47f0dea6368bfbb7d8903ba7ee4ce281a8d782b7e8c3d7470b835f576ffedcdbdc4de41dff46352662c65d5d3e1b7f112604aef0f87aaed53c77d37ac41ebc3d242442ed2e66e8b9a837c90e3db0052b3d5333fbf44c19e342067f33220da0ed6afccc23de1837d06387c471c2c571f0a48be9a3acedba71068fcf7cd1d50db9856775bb6aa8b1c62f0ecb35aabd2ddbfdc8ab170ef387a6166fb96f63988e34c5f6935c819f1077117ecb662ebd63c23d5a786c7ef86cfb529aefb399742921a38b6083fc5fc83e26722b8277a45a11a3f2d14ad90caac1c7da5e5504325739716c6aca733d568a1c993f09126f382cfdca8ddd53484ff9e95c2bc2f1f28453d1efe5bd12eafdb04c681f7df8a946113365ebea1ac753d932fd96b8a83162eb2aeca14cd19f28b94d10993944b0c6d06e8ac4025c43c471c7edc65b58f92a79a0a1119a6e45a49b1243634a95bbc34e643e44667dccba4c697749ceeadb9dda4f5064fc5c48f2e1bac1378774e11f9b4007ecbfb1d0a61f2de0964fa1bb31a6797053d195c0a239c912b5e47e798f2f765a1a8c433553b017a098c4bd224945b4841b13c3526bce2c3613e58f585b83270baadf9011602f4c15ac44a6e12a93b8adf1ccff088dd2083a991eaf3e07490bb455899d45fe445c6ed2fc7fdd1e0720020ccd847d17c81aadf6292db713e5fb9efce8c2e0a0ec4454e1525e58ff37c6b375c9456340fcca2787b4eeefc18db5fc03b0af78fb26f5baa579e08a73e09a22705478628b62da96fbbbf0e6b15bfc6692bec3ffaa0926468fef74632aa2bfa7c57be0722cf4dfabf250c4c1b4d18bce062661bad0170efd2e82935b7a0b3f32d48ae2698492ec951f381bcd6d46b1d2084db033800e651a28a78641bcebd93425ebf5e70708d58b3dd46b20dc57ab18715c5c4495eea1ac9d89f32aa6a343c93748f33bfefbf7e0bed684c25d86a8e8800f5fdd45add49b6935f32035b68ff32f78e7c7f1c3a700976f1a28d1cf2fa2519eaab9798461d7a77af3ace78ca0816fb0225f1c2d5317a48db99db91bcfcb190bc10c133e37d40d69b1abebe9dc8efb7e87d357c25b1fbb000fc21b2c924f1fe4c1a26ea397b9eb213918017519268ff00077a711a9114d2d2e4aac27d37b7d49512324434d28ec0ffe482032b8572105fc1a79c6a2555fa25eac90187d3d7518b4207c06510b7ee453591596b1617b19116f6b2c8f2e6b272be97cbd612b1cff423642c780735dc7798eb88823631ed9dce8eccd1f0e437d584d222b76ad36823fca68cef6abd696dd859a7d08bca2df91f0dfb83214f72335b6790ae1983fb515ad78586341bf99b2129cacd70de4dc5852cf007f1c22de2702bb85ce6ca2d1598de71fb44d50392a4bcf4b3f7383e75f5cf3429727bc15e472dc6dd6cb1db2f5760f33cdebdc51b002e36dafeadeec5e3cda4f645bc99cc20d3f02e5875e8b9fe7f2a3e7f75461e13a65d3da840c1eed4f8466de20c88a5f30511d296ea01d460ebbf3807c1dbcfa4c41cc29d038f1c668fb4ef1334209b7022e1bc1b54ff3f6ad06ce1b83b7bdfb4de456cbe306ba8c052d363dd8c05dc414e6db92b5222a921c8660d724a85bb1afca16dfd17f9551dda92d5e8c2f4ebe2adaa4eec611e2d986f203139efdb7d082ffe1c33c1926f45ccf487ae90cab589267164b1ee3049a7207eea550979a8ebfc1b84db613121e9a4054ed8279db671f695e7eef4b950fe851341aa7b3a92fd3fe84b9e44898c85096bcaaf211bb5a06a36a63a0cfd03bf53ba4ff24b1bf408b2610371e1400fee46207147cb251141d898c462fea3eb993eaaeeadd81bcbd07c3bf0614f0365391bba9a48f666e8ac2f985862c22b6d856c3e64e859bbc3746cd019e891ec27c622c0f1b2509d75aa358119742ec0a0de99733230ead03b592ec0aaabd33c7c74e6f51ddd693c780167a76a5ebd7c86ceab8b4e028fa0975d589fff212b53292393e2f822441d6965dc79d824d2ad0c88620e6463a8c2d86de5d830c1fcc0e0d435d946873314c64709b6d2f3854dd4760631053e9dd5ff47e291887b6380464059e871d0087c373fb6d32d36aa565586151c0d83b59e35a1f978cb19dc9288dfcb560426e151bf6520f6531f0668863311f8d587188ef40e473bc27068061d11bad6db9e657f775b99607a866c329be773cd548d4067473b0ca508a3b0c428188a469bb1dabb8cf688d822ba8f659c43ab17fe6f4b880ba4a0e38f91a138203cba96b1e0aab703f03a4a3ccac3c04488b95e9fae786c9da3e00f7fc762f3a36e8390b8efc9b7f10f4a5d181f948d3bfc9f25759224884f1e5fa54fab20ab507e15186d5b8b35949d6e2a36e92300b315e2cbeab9fd14c12e829f17dcb4ef139b3c512299844332fb4fa2f484c03c2ab0401791810313c9a48c7674025f2d0e274a690e91447a174db49bbdda9e0ca20fa6675bbc55c39633e024d0452f00733018ea05d078a081e24b47642c37092bf700fd90f3025f59ee633c2a14b176ad522799a76651ce171a80abecb1a1b1ad3e90a42ce5170d6a73761d3bdcb88e1b3fedc2a57b2af7d83dd0f394fd5d00c2ae2bcbf016ec6db9cbdfd47767441beaa6af75c6208b012875db461e9c8fa5f773f70988fcfb9ec0b5523dbb1d0bd3af8ba82aa66bd489ad753ca5717e6b4e8de118713d910a95876e4a3bbe6823f9c657b7396d6cf90d347eb7b80712d68d31bdbd7901c7174ea9006d8813c8d64ac6d6d6d37e3b5773bef6b09c13459c54cead0e6f820c6ac09d61bcf94ec7c13db011a65ef4fbbd7c15304bf7d4317fe5fcb9b2996c9e31dbd76fecb3bde82dc82f35f29f89a0d9bf2873adb848a3f33b88d53e7d4ead92510d67ba7c0961ec18dd60d14785c407c8a662a43530b06286edb3832cd7443b5015faab08274f32e8f10726017534614e4d2146a453e6330d14315cfa465b1a5f98d2b69b0d708fe5e08e052ff1d268abd2d9c232f47ecfca4efc9e85fcdfaf7f1070b09eb786a2adb6b24ad2a7ee7b72fa5915cdc4284fa6ba2258fcb7e7d21cc5b91b4548214394661727b322184c968b10476df54dcdbf3d716eb6a9b8f504b1d562464aa94af7caeb536e59ab7f1a3fe34aa953d7881bd27f347682f6a7f4169f06306376393fc2513dc75e4cc45ccfe8bfd518e254fd3a50361cf119830d9b74d69ba2f5ddd06411d120f4f7d3c578469a239de0e9e1dd1101dd5987b59beeab13c494fc9306d7c5276017d3f1c54c5d0aaf01c99d17c81e7762c988d8d16d33d819388fde70ad371d92bd1bbe529ec99668e3c55bd4f8986e82becaf8f8822e4517ea83e6a63e2d1c61cabefb9c41e4191bc84579bbdde08b9623f332c19a3615ec47a6f47c1c769545eb4eadc799901c9c5058384feb465776b8befbe6e6717750a97cb76be5a7e5fe78e2deab5a96adaf42a522064292e318ca0e8605626be5bed43969b865ece635d634ba1d7a8d1b81e3d94e426bc1f5dc6b55493fcf922106c75eaa37a67aaadbe15780546a534478afcfc4c721dbc27b5869e14bca1a237d3d3bdc1a54f18aa388ea26b78c522ddeae79830f8d228bd2e70c467cc6e6cfadeb742aafb7b4e58018b0fb73929e47270a315161b4e634aa6d81938f2609565876c2064e286f7d6c5e8705ed02b92bad4bb875da2960d08930eff796c28a7d5351118e8a0aea37f823978a206c2fe68ebbddbf6e7c7caa6a0f5c100903fc61237db45d561bae28105b2abcd9243f6c459da92ce12fa0a26d8a269fc3c1449944ec824029571248ccab190d49082c16cb36dc8acb9c42a12c599341777d1031ba1fd28b039448c2d5ea33ba58de249ed93da304b8b50471e31485b3cb8e2b2cd307858704f4b5949ccae7c74499e55fe52e1605645afe7762c2b473460e85988d99f2632bde498fe593a4006d5b118719ca0bfb198bc2a7335c7defd88dee997787f8704dfbe190e47e6627855f118f2284748ffd2eec2a6777c0a4111398cfab9e437014b2f2ad93f631dd6378e5de6e3acabf419e5e8b6e85e194a062d854cda32888d9ecfb80c58003b570dc5cae1a343af26b9c0cc89080d83278cc80f47b8b4ee49733a4ddc13e00215d660dab62ec1acc25759311f19933fc290dfd58a4d57b1ada194c32608848793d8c58ad7c0a485739c2c5950697a3128f774e44004e1d83c8f9b9a36beb552f835c972cfaff998d68e320dee5c91df4548ff411e67f3120212e4a4a5c31c24d4d5babc87d2b40d5724b4b2c4c5bc6ceaeb511360961e682eb0b40fdf044a15fcedcbb35db33bcf8a6bdc2625af41aaa62d941d05b5334c4610572f77e68169b6a66a96f7c51d63bdb0ff0bdfc39c8a6f718801756802eac3577d9c70cbef8150e6558107e7a620b92f0756e06fcd77da87d9c631baa17e5133229021358ac9920f390b60246263715fb77ce67d2c67f7b56ac09998e5fe9a920828de0407b4cc41713a7ffacddaf997d684e4b43d1904866bc652225f369f495f2ff6f789e21fee238aba35d4a56433aead5624f80df3bc80aacfe8d98d36223f9beb89d21c47ebf5eddffde0e8c0044a423b2c8fb5e3380bdbaa9ae5cf0a9170c30391085f61993fb39ae8fac1350c1d0b7d482d1850e92f4efb4006c692c849317d7666910d6dacbdc6de6ebb21f2dac6c57838619dcdf0e7655adbebf8dee7f974c8dae738986771a0dff57ec796676560c041ce22a95927c7701d8db2f91a48d88e3010c40dc7766466d86920734ef3b8ac1323e2394fde5aa71dd8de9dc7f5a01abfc45d9b904b52e27a63071d6da5c5e914884260f8c073efbb77432f78c5c4ccef94cdf8de6ce8e0e1e5c18964be904a1e58d5f5de7be45431df2618c2bfb457d2134082e442ba0ece4340853206085500c3f84d637054ecce524423fbab0566605f1bc977624e0397f046f6eeb8a3f91d09a90feb4da684dc3a5bfa5226561b3ea58c4412c1fa6c47b82653c28fdca6d0caf0316eba00e29a9862c9cf430401dfb0e11673f70fafc57a52cf21999af7b78f987251ecc2b8a6ab3abd8d01858acb30a75730b0876ee3b26a3adcc64606a8202027d985d9a3f1f791ac3b0d288ce51693dd55d0fa8b7d74b26", "e94fb1afc2511281c72cef719e4731df802c20011bdfcad918676a834bab3ed94e1c555e1e1a8a600862eb0835e3cd59c5752cb2eacf7e08591436938323b488961475f06460a53d4fbdba53d3f15e57a8fcb6f4f2b76e6539a84eb0e2d6fa32f71dfac9b2a59160d6b7d2f867315534b931ea2d32148d3a4c7404fb1fba0d22821ce6814768a110b33f232924f1fbcccbbbdd95b2a4a6b38746fd5d2328f36da9334332be81a74e449a2d6f17583b9876698e0a913bc18ffd597fedc117725780c1fc36d61b133efe92cfb9c925b1d237d03ff7b8e6021eab39166af84ffc83e1530ae68a322db4b7d3dee43eafde0674e6609b95feb746ed47526f3aea7b8555595360fc32c5120f152103cfba939558525f888a8e2d7f67b3de0f9e4ab488620645fde029551f86d626f771ca438b67fc8fdfe59534975f604e656eac39da5de25756487d4bf60a32f0662428b03d6c9721b5ccdcc6ebaad550c187c32de819db3bd989f09d18d71636378c6231fcddf462d383b65abf877ce843cf428eb3c502b5103cbf1ccb3503e837f2ac165af17b68c50e2e36301ed19b3bc06fdb006db1483df39963ecf6a4385fe94e2439ebca684c6003ac473b29cf36c238b9c1e883a912e1c9410f5ce37dc22c7cc7c9bd85b2b8ce4d40f4787d963f28b5b0f063086bcff66cc06a6c6fdfd60f1bb55e36cbabcf27b752d4783255442066ada973819563b1819ec67097cd7f0c2f1bbca3516765c73ca3c00f67bb4df5e9534211d04be6ada95a590ad1668ae76e630c351511ba71eb32cc0ec2fdc9a53e2fa3f5e9ff915c7df3cfd67fd969281f7fc1a8ae4c952ca68df4aee17d17e1e31a998c1d47e306df5d8e189a46ee09b9a2ad143adc56b953c9b67f419a81e3ca3c7f18335380ed0d16632273851d279d9b5429f1b4a0dfbbc775e06c966c5aa735ac6f666bcc26b36b85edd8256f2d1ec784fd23a53bf561fe9c9544551a36e3811c56e5941af1f26383ff0d223668176c72f2d2b0db266e038d8360de9d7c3a9e49e5a406fa20705df4339ba7bb3124827bab419d1d739d2047b069cc02ff03895e927afe6a51ce06966ea6a26d9d5cff2312028c279f73119c1ff0848f967f869b7d9f883e81db7ba152df218473a7bb8a1350c803ccafc70692203c5fd9e4f145603ffb9cec9f9fea9feda63c798345a48a5584958f13c4e11629ee1454a4a5d41bfb0f48c7f2b89c09cfe54cd1757972eceba6d171345fc541f7a9e539be4204b45a37bc800f73508da6380c4c2755a37ca712381622a576c371d8f4ca6077f8368048fc1d2bb1d2a7d0d2bb940be4a144901c38a9ec9f155a3d9aac325b07e05f38fd2e2c937ad5b3cb7ce27c67df5e10b8b917d14cb2ebffe751f179f6cb3175a8e3ec9a423a39916c97d04993948fc54e69142857a07cc5cfd7672b0c24ef2cf47e90b6d68a17ece9c8b551233c7429fac75f6dfe1641c03ddc65a6561de7a6bb156df0e1826d7f9db2b10b5d4844203058568cc2cff31fe91e493a23971e927e20be708c1a337572f74c7a8e4228100c0f23533f74181cf431c6a3262cb9251fb936172eda3478e4a8fb436f6048258261d6846bb2c804c41ddb3524b78a4237d1537bcc8d6997a88191539dca771ac514a9a7b3db81128a70de4b7ccb4a8d7c386eb60af27bf59dda011349221fa7821575a3aa1f5fb424e7b49eaea470bf8c742318067bb8b0a12ba366d5091c1b3c8fb682f549fa174d4d60acb8e7f7926338a725e8afd45f8505788f144bf4232949c2a862b81ba628d8f2777f3f03f6311b8fc893dc8d55ea3f0486f2912113d22f74f2b5731f5c4103fe98d23f9259bd15b951d181164fe274457c12c910ba57973cdcf46f06ce5e3a2feba9a72ee8272a79c6eab6028ec6a5506dbc9f435f309c945b91d4cb9c4174f65003edd4a20f7660f259d5e2bebf62ce23a2493fbcb24759a928cbf924fc733f7aca0adee8aec1e2b1ff0c05a725499082f0afcbda0a3b9e0242d2208ad3075b7545e22ab716610148479d7a6eb8c7e961902055a01211c8827aeb08a5e4b12ea6b91d3d1bb6cbdd685b47282f9971b8291820915b655de65777cbbcaf59866561a8d9bd7652f810c5f546d6a050599987025c649ea49c4fc9ca5e73453879cfd9060d82756c2666ee593560eb79e46dfd5c2084941269c47c67a837cbef9771608dd3f05a11005b076c8b26ebd82380667831504b13d5e70504bc81fea0d4ed3c48443eb99e43327f172e0072662f84c27f396c7c523b52d067667cd2652ed05d91accb37ddc1526ae6a8c0b465f7c5198d7817cf6a6ee45f089b96209b240825418af0fad11f383a2c964b96d7ae7f9cc30e2b0e41054da480f22befc56f83b41a0f4249fac9ac2b1c764893822082eab76ef336c639b540bc60ba6ea07f6a108e4a4675594829f75dae63ec4ddff49e060243c07c8d4f481b234bed4c74a7dde1a263c82db9d8b2e5e1626431ebda022c1ff4838afca0c3a0765961112ea515524de9e1d7135259bc45531020398d19fb26b5058ae1c9110db9e985d32d831ba2cce010083582caf81f59d8f793fd4669a9ee2de9c883515066a2733839d0394d70c3b383bafacfb5d81b0603186302873d67680261ec953732d4294b58a7030283309d97e204e5acf4bb66116ab4c3eeb3c09e6752b407de050402b8649098591fd1d5e423c0b5e01fea7995e0a11bee524447920dfc2da93365a9d106992844f1f65238bacc385a8381f29516dc40535d6e73e58f253dffe8138907787086d88c1102ad272c0e169f1e79d16fa30c5acd06f8bcb3f252c256d260608c5abfa8e4eaf2825f3f4f5420ca7136dcf6988dac7c6e04ccbb1b85066b366c8d6020e457d60ae48c44e8611ae51128fa8f3536a8edfbf3a096cc44c4eb37c24fdf463639426cd0684a255936e882f68c579b3c3327466eee8df995b4cfb35f5cf5a520261f4126fa8e78982707f2cdd2c1d396b20f684fd384c42d291e547fd3f16a0f09b2d38f694f46ca971d4d0eb8550324861742075b5f6b8ee4bfabfe83ca4197df0dd19fc359209204f1dd2539ca08c9a96ae4aacb29c472621d8a4d831de95f2d0ce38bc48c135baaa6cbd955c81862b06d498e8b8a339ed655e72166736eec1f944c3438fa0be6c09c7881cd92fdfeef5b7b71918635a9acc0ba9eda94e4964ac8d718f4ed1fe90eeda90edf291dcdd4f32bf7d003bf42801090e0ba9011a7d0f67737b1f7d891ce99ee56ef77188ed78e9d4499cc01481c898591920b1e7f7c1d47441c97f37aa8b13816b7ede6487afabef920b06549a42434f79d6a393d9ffc55ff47a173daf819009e395e21c514a9aa3dc6be2feff188182172e714207f93e77ba12c400a803a3f8d0deced90c40e3db5597b5dffb31df17b91d4f7cf049720788926578be8bcb73efcc933eb860cf79a2215a98735782a16f67218788d5dee9fa59bdf9d8d6821a3b185a427c6950e44775ac4452fd4f1248058ca9c924e052b927136275a3d6751d6296122acbdfc9ee83fd811ebc254dd1165eb1dd0c4409f314767549425559b3ff58337db915ae5142197524eb8beafa8086e0ec4262be5c3085e43c473a5a6bdfae46e1543dc065deff7c0a458a166c7764fa4a0da3cc470a8e3a167965bf4359e65eb8675d9fa366e5a4a4d0911c5707696cb336c7d1e386f058614165a11ee35f7e5ba0e0021bb622779462e868eff5a42799c1f8e3682af1f4ad403b013b1a81ebc0e7b8687126e7104f5b8fd8e6d532327d331dfa5007ed493e836137ed32c102af74a060f0683bc0b5a9b1c1333a2ea5a0ac732f1289aadd08e2746fcd8c909cb88f5acc1236ac808bbe2e8f4951c94aed99a247893bd245c637ce2a979837c51b3d556608afeff1ae7053cea1c17c1402f7e5cbff709d2dc03c8e88da7192f9588b56f0cc9f6b9c9711e73d8b82954b043be1c1f71287d42f81a911378c06b1e7c0db5b66ff6a73599ab940b1a2be603036278140069d5b75d1dd96ef9c5743e001b4bcd4ba5518f61223435891a34b0b35d8ecee856576837f718f1ef8e446abe5e644e22f8b28696a5f615a2ffddc7db3246b11994f4f5133585750517e91a073964280384f83bd35a95431ecf289bd956bfa21e05e81ab62ecfb47b549c9e22922aff5565c779b71d2db1e80c6ab0274d4a4db1795eb4255b3956715467ff04b405f9af57899f59a749b9e4ecea895e6f714eee63744943fa6ff5e182ad59bd16507df4f0bcd87955f8737d715381e8d34edf86e189e8d79e4338b45002474c26187ed4a19107552ddfdf00c092bdf2775415a7a893473292c2245e5d501b4652029479366dac16ea3e116c425cfd6d81394827a61e017300fd6b357b4d93c1ff006154d97ac07ab1faead4e5e2440340bb7d14b3fae6b5b7bd732b0c510f410d42a3f07fa8a620f6a7c0f95d9c0891ea442757813c76f93c4cb30f866df20bb839a3a01055994db49b4ceb55bc89f543fed4d0e6255fd22f4fcae184baae10b350f611784f3523c8f4402b1120cf0ba0b0636f5bebdc8f122e1be7e0f125be276e06b0d8f3a5e3abe938b0b4ce031e92eb88a8cfa15ea20abafa6102a8f804e5f684bc60686a014089dd4905aa808b9cbc50fcc984a50f8dd3cba08e9b4acceee3546343ede383f4b277da9eab0d0f7e1841198272202f9b29b7a8098b1ab39f39777f6fb14f291b875741f20b2ab66acb96519e92d129f993b895e89310d3c3e1c34627c10607afea1a83f7bb7d111dbef86a27b57d89633fa204047a6bfa734c8474ce7d6b052890769d80bd94ce5e2db4cb6dc2a1c1b10a1f81647c191646a1b41dfeb6d5228e4866dff68a715583cc3a0c76c8b2b6262395126094bca540114a7a227586810665d8e516346d0c9f81384d69e0872c3bb9e3ce6f7bdf2e6feed25c22e182818627d11bc4a8cd5705d9879aa4ce06da6821ef509acfd53c82bbee0ca00b75b8374dd9c98a9d814ec4881489a57a1e99d0f50432e5a4cc12b59c12b5c4423cc23c3ebcd70b3fc397163c94cdc1f7123fbc4a23cc429eafc21577c798a321ccc778540da39292ea8a25ed27dbf4b9f44a991169daee4cc94107e8bf860e770c26216d1129e86a7ce421a368a5cf0f98a44be89f6a853e08a42a9c939afc2e0aaa6842406396c26ce34e88f32c0715b0fec74deed3ee9c03e7d0f3a7ea391ad88b00c37762de62ea9a4f8ec85b3c002ad61ff97ee12d8a4b7055e4211387374364b111f87af5a597fc61be26fd74082a3e3f7a90e53626757b4e4272b8f510007ed4fcb3416b770dc9739645539998dbbecd39375888b7b38591a97a98f03e1cbb75b50d440c23c4193b578bd43100dda407022e5d8339ae359fbb998dd9db9de68d10201552b4af6cc2190b6da1a0d24ff158269cc930feea061cec6cc066dbbe28f5fbd89a45bc42ad9d20973a01c3d68173b6104c8b97cf80a9aa87435ebb35d3765b6f846ed765fd58e4880bb48699f9ed0da0c532366ac77606ac92b3928d56c2c33d15934e86bc6bb5150c1c5ea6d420eb4aefb1750b1cc60763de573ecc851e8ee1df18526db26644457d0a43d21fb85860f5ee36ad7c13d5f01c4207dac1397c759caa9c692f4e4f48c905c0a6a45415fcf4609f0a49e532f47be00d53ceb51711a2cbf4d4a8020ddf7a97d1b289f37d18bd848e536a27b4430a6fba690733192ee3fa0c3752cbb6f061a3f442df0bc76dd8c9c9052b85d2ae4ab881e30ae0e84591f1454db6"}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}) 12:19:46 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.nlink\x00', &(0x7f0000000380)={'L+'}, 0x16, 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x204001, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={r4, 0xa, 0x1, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7}, 0x20) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1773.804613][T14211] attempt to access beyond end of device [ 1773.825150][T14211] loop1: rw=0, want=2391, limit=116 [ 1773.856340][T14211] attempt to access beyond end of device [ 1773.886823][T14211] loop1: rw=0, want=2392, limit=116 12:19:46 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) times(&(0x7f0000000000)) [ 1773.915966][T14211] attempt to access beyond end of device [ 1773.935842][T14211] loop1: rw=0, want=2393, limit=116 12:19:47 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1774.161323][T14255] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.183084][T14255] FAT-fs (loop4): Filesystem has been set read-only [ 1774.198582][T14243] attempt to access beyond end of device [ 1774.205624][T14243] loop4: rw=0, want=2390, limit=116 12:19:47 executing program 2: munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) shmat(0x0, &(0x7f0000001000/0x2000)=nil, 0x0) madvise(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x3) 12:19:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) [ 1774.224527][T14243] attempt to access beyond end of device [ 1774.249089][T14243] loop4: rw=0, want=2391, limit=116 [ 1774.265343][T14243] attempt to access beyond end of device 12:19:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) [ 1774.285195][T14243] loop4: rw=0, want=2392, limit=116 [ 1774.329161][T14243] attempt to access beyond end of device [ 1774.360892][T14243] loop4: rw=0, want=2393, limit=116 12:19:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r6, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) sendmsg$NLBL_CIPSOV4_C_LIST(r6, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x420, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x90, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7c9daa6d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66a17187}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4a3ef971}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x34}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x75}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xba}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x56072fa4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x43}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6c72590}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2130ad2e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x21dfc2da}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x136b0099}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x39}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x19c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x35e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x60db}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3127de31}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5a45fcf7}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x11f59d8d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc562}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x443dcba7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x399569b5}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc438}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x96bd}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3a81}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x65040250}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x56d7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4df3d6a9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x76851abe}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x45d3c708}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x11f2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6f72}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xed44}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x676}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db604a2}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe9f9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x21b344c5}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe238}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x40009b4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8930}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe5d9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8067}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2a7c5ca0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x33203e12}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xff}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb504}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x464b5cfa}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7aa1a7f9}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf20f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7f8b1ac9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x61c5}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2252}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x81c6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x359c}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x500af94c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdcfa}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x441a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x70d86429}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe70e}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x1b4, 0xc, 0x0, 0x1, [{0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6066e2a0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0eb}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x33b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7f7e9492}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x39c722e4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6e68}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5215690}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x505e}]}, {0x4}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58b9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe70f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9d50}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8aa4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4671638b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe856}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x326b81ef}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x35b6a06}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd385}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x323d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa796}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x69451c7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x85fc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9694}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2cbcf814}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8a89}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xbcfac9a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x219db86d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3ba3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x217b8a9e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5cf4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa6e5}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x43fd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x544121a8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x288e3de2}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7fe37333}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x72102577}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa0b1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x61ac}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2702fe46}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3cce}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1225}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x13ff}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7fab}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xa673f24}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5d85593b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3fff}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3c3f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf78b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xce63c}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x614a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x18ba445e}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}]}]}, 0x420}, 0x1, 0x0, 0x0, 0x91}, 0x10) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1774.388738][T14257] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.435762][T14267] attempt to access beyond end of device [ 1774.438993][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.441582][T14267] loop1: rw=0, want=2390, limit=116 [ 1774.462248][T14267] attempt to access beyond end of device [ 1774.464547][T14257] FAT-fs (loop1): Filesystem has been set read-only [ 1774.476309][T14267] loop1: rw=0, want=2391, limit=116 [ 1774.493072][T14267] attempt to access beyond end of device [ 1774.504595][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.529967][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.534322][T14267] loop1: rw=0, want=2392, limit=116 12:19:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) dup(r3) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1774.558235][T14267] attempt to access beyond end of device 12:19:47 executing program 2: openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x20082, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000003400)}}, {{&(0x7f0000000880)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f0000002c00)}, 0x200}, {{&(0x7f0000002c80)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000003100)=[{&(0x7f0000002d00)=""/189, 0xbd}, {&(0x7f0000000140)=""/46, 0x2e}, {0x0}, {&(0x7f0000002f40)=""/211, 0xd3}, {&(0x7f0000003040)=""/26, 0x1a}], 0x5}, 0x38000000}, {{&(0x7f00000006c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f00000046c0)=[{&(0x7f0000003200)=""/226, 0xe2}, {&(0x7f0000003300)}, {0x0}, {&(0x7f0000004340)=""/155, 0x9b}, {&(0x7f0000004440)=""/156, 0x9c}, {&(0x7f0000004500)=""/46, 0x2e}, {&(0x7f0000004540)=""/135, 0x87}], 0x7}, 0xa09}, {{0x0, 0x0, &(0x7f0000005e40)}}], 0x5, 0x40010020, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000500)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r3, r2, 0x0, 0x800000080004103) [ 1774.611159][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.636441][T14267] loop1: rw=0, want=2393, limit=116 [ 1774.649417][T14273] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1774.662089][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.671318][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.696369][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.710770][T14294] attempt to access beyond end of device [ 1774.733525][T14273] FAT-fs (loop5): Filesystem has been set read-only [ 1774.733754][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.748659][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.765980][T14294] loop5: rw=0, want=2390, limit=116 12:19:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x40000000}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) [ 1774.788329][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.803534][T14294] attempt to access beyond end of device [ 1774.816867][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.822225][T14243] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1774.849579][T14294] loop5: rw=0, want=2391, limit=116 [ 1774.866307][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.866325][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.866342][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.866357][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.866441][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1774.867383][T14267] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:47 executing program 0: ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f00000002c0)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000280)={0x309, 0x1}) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$KVM_RUN(r2, 0xae80, 0x0) alarm(0x101) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}) [ 1774.867842][T14270] attempt to access beyond end of device [ 1774.867859][T14270] loop1: rw=0, want=2390, limit=116 [ 1774.867875][T14270] attempt to access beyond end of device [ 1774.867886][T14270] loop1: rw=0, want=2391, limit=116 [ 1774.867898][T14270] attempt to access beyond end of device [ 1774.867908][T14270] loop1: rw=0, want=2392, limit=116 [ 1774.867918][T14270] attempt to access beyond end of device [ 1774.867955][T14270] loop1: rw=0, want=2393, limit=116 [ 1774.879667][T14294] attempt to access beyond end of device 12:19:48 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x3], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1775.012013][T14294] loop5: rw=0, want=2392, limit=116 [ 1775.026594][T14294] attempt to access beyond end of device [ 1775.038850][T14294] loop5: rw=0, want=2393, limit=116 [ 1775.052641][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:19:48 executing program 2: r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") write$nbd(r0, 0x0, 0x0) close(r1) close(r0) [ 1775.095065][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.123202][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.155054][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.168784][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.189309][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.200757][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.210892][T14327] FAT-fs (loop1): Filesystem has been set read-only [ 1775.221030][T14327] attempt to access beyond end of device [ 1775.221976][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.226975][T14327] loop1: rw=0, want=2390, limit=116 [ 1775.241125][T14327] attempt to access beyond end of device [ 1775.247214][T14327] loop1: rw=0, want=2391, limit=116 12:19:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) [ 1775.252670][T14327] attempt to access beyond end of device [ 1775.269004][T14327] loop1: rw=0, want=2392, limit=116 [ 1775.280919][T14327] attempt to access beyond end of device [ 1775.286733][T14327] loop1: rw=0, want=2393, limit=116 [ 1775.292962][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x40000000}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) [ 1775.301187][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.310062][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.318412][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.327410][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.335386][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.352133][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.360604][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.380304][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:48 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000580)='/dev/urandom\x00', 0x400002, 0x0) write$P9_RXATTRCREATE(r0, 0x0, 0x0) [ 1775.407152][T14327] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1775.419568][T14294] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1775.427539][T14339] attempt to access beyond end of device [ 1775.434169][T14339] loop1: rw=0, want=2390, limit=116 [ 1775.460171][T14339] attempt to access beyond end of device [ 1775.473652][T14297] attempt to access beyond end of device [ 1775.480795][T14297] loop5: rw=0, want=2390, limit=116 [ 1775.501682][T14339] loop1: rw=0, want=2391, limit=116 12:19:48 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x20000, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r6) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="02000000010004000000000002009c23", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32=0x0, @ANYBLOB="02000100", @ANYRES32=0x0, @ANYBLOB="02000100", @ANYRES32=0x0, @ANYBLOB="00000000e066d052e29a571a9d7d416798a0b8af987e5b1d1ebedc47a478bc70197f6f21bff43ebfa7770b8056d904dc969042107d", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="02000600", @ANYRES32=0x0, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02006e1d", @ANYRES32=0x0, @ANYBLOB="02000500", @ANYRES32=0x0, @ANYBLOB="040002000000000008000000", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="10000000000000002000020000000000"], 0x84, 0x1) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1775.512654][T14297] attempt to access beyond end of device [ 1775.528186][T14339] attempt to access beyond end of device [ 1775.538233][T14297] loop5: rw=0, want=2391, limit=116 [ 1775.560525][T14339] loop1: rw=0, want=2392, limit=116 [ 1775.575749][T14297] attempt to access beyond end of device [ 1775.591842][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.593714][T14339] attempt to access beyond end of device [ 1775.600322][T14357] FAT-fs (loop4): Filesystem has been set read-only [ 1775.615729][T14297] loop5: rw=0, want=2392, limit=116 [ 1775.627890][T14357] attempt to access beyond end of device [ 1775.634021][T14357] loop4: rw=0, want=2390, limit=116 [ 1775.642536][T14357] attempt to access beyond end of device [ 1775.648813][T14357] loop4: rw=0, want=2391, limit=116 [ 1775.652467][T14297] attempt to access beyond end of device [ 1775.654171][T14357] attempt to access beyond end of device [ 1775.668089][T14357] loop4: rw=0, want=2392, limit=116 [ 1775.673806][T14357] attempt to access beyond end of device [ 1775.680023][T14357] loop4: rw=0, want=2393, limit=116 [ 1775.693320][T14339] loop1: rw=0, want=2393, limit=116 [ 1775.694518][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.709257][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.717159][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.723294][T14297] loop5: rw=0, want=2393, limit=116 [ 1775.728089][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.739018][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.749749][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x91}, 0x0) r0 = getpid() write$binfmt_script(0xffffffffffffffff, 0x0, 0x29) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000340), 0x5}, 0xeb081d50f30dcd9, 0x0, 0x20203, 0x0, 0x0, 0x0, 0xfff7}, 0x0, 0x0, 0xffffffffffffffff, 0x3) shutdown(0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x2, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) pread64(r4, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000400)) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x10) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) 12:19:48 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x20082, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000007880)=[{{&(0x7f00000000c0)=@ethernet={0x0, @local}, 0x80, &(0x7f0000003400), 0x0, &(0x7f0000002980)=""/223, 0xdf}, 0x5}, {{&(0x7f0000000880)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f0000002c00)}, 0x200}, {{&(0x7f0000002c80)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000003100)=[{&(0x7f0000002d00)=""/189, 0xbd}, {&(0x7f0000000140)=""/46, 0x2e}, {&(0x7f0000002e00)=""/114, 0x72}, {&(0x7f0000003040)=""/26, 0x1a}], 0x4}, 0x38000000}, {{&(0x7f00000006c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f00000046c0)=[{&(0x7f0000003200)=""/226, 0xe2}, {&(0x7f0000003300)}, {0x0}, {&(0x7f0000004340)=""/155, 0x9b}, {&(0x7f0000004440)=""/156, 0x9c}, {&(0x7f0000004500)=""/46, 0x2e}, {&(0x7f0000004540)=""/135, 0x87}], 0x7}, 0xa09}, {{0x0, 0x0, &(0x7f0000005e40)}}, {{&(0x7f0000005ec0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, 0x0}, 0xffff}], 0x6, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x20000000000}, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000500)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00') clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r6, r5, 0x0, 0x800000080004103) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000000)) 12:19:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r6 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r6, 0x1000000) sendfile(r5, r6, &(0x7f00000000c0)=0xf18001, 0xeefffdef) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r7, 0x6b, 0x1, 0x0, 0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r5, &(0x7f0000000080)={0xffffffffffffffff, r7, 0x2}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}) 12:19:48 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r4, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0xffffffffffffff50) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1775.782056][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.821494][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:48 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x4], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1775.869366][T14357] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1775.892944][T14363] attempt to access beyond end of device [ 1775.899017][T14363] loop4: rw=0, want=2390, limit=116 [ 1775.917538][T14363] attempt to access beyond end of device [ 1775.985103][T14363] loop4: rw=0, want=2391, limit=116 [ 1775.990425][T14363] attempt to access beyond end of device [ 1776.012998][T14363] loop4: rw=0, want=2392, limit=116 [ 1776.019516][ T26] audit: type=1804 audit(1587212388.986:91): pid=14388 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3199/bus" dev="sda1" ino=16378 res=1 12:19:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}) [ 1776.099298][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.106831][T14363] attempt to access beyond end of device [ 1776.119713][T14363] loop4: rw=0, want=2393, limit=116 12:19:49 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x20082, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000007880)=[{{&(0x7f00000000c0)=@ethernet={0x0, @local}, 0x80, &(0x7f0000003400), 0x0, &(0x7f0000002980)=""/223, 0xdf}, 0x5}, {{&(0x7f0000000880)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f0000002c00)}, 0x200}, {{&(0x7f0000002c80)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000003100)=[{&(0x7f0000002d00)=""/189, 0xbd}, {&(0x7f0000000140)=""/46, 0x2e}, {&(0x7f0000002e00)=""/114, 0x72}, {&(0x7f0000003040)=""/26, 0x1a}], 0x4}, 0x38000000}, {{&(0x7f00000006c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f00000046c0)=[{&(0x7f0000003200)=""/226, 0xe2}, {&(0x7f0000003300)}, {0x0}, {&(0x7f0000004340)=""/155, 0x9b}, {&(0x7f0000004440)=""/156, 0x9c}, {&(0x7f0000004500)=""/46, 0x2e}, {&(0x7f0000004540)=""/135, 0x87}], 0x7}, 0xa09}, {{0x0, 0x0, &(0x7f0000005e40)}}, {{&(0x7f0000005ec0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, 0x0}, 0xffff}], 0x6, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x20000000000}, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000500)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file0\x00') clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r6, r5, 0x0, 0x800000080004103) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000000)) [ 1776.147640][T14387] FAT-fs (loop1): Filesystem has been set read-only [ 1776.189948][T14387] attempt to access beyond end of device [ 1776.200010][T14387] loop1: rw=0, want=2390, limit=116 [ 1776.241370][T14387] attempt to access beyond end of device [ 1776.270302][T14387] loop1: rw=0, want=2391, limit=116 12:19:49 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, 0x0, 0x0) bind$bt_rfcomm(r0, &(0x7f00000000c0)={0x1f, @none, 0xfd}, 0xa) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1776.276857][ T26] audit: type=1804 audit(1587212389.056:92): pid=14396 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3199/bus" dev="sda1" ino=16378 res=1 12:19:49 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) r6 = socket$pppoe(0x18, 0x1, 0x0) r7 = accept$nfc_llcp(r5, 0x0, &(0x7f00000000c0)) ioctl$FICLONE(r6, 0x40049409, r7) [ 1776.336887][T14387] attempt to access beyond end of device [ 1776.353642][T14387] loop1: rw=0, want=2392, limit=116 12:19:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff72a]}) 12:19:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000005c0)={{0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) [ 1776.382797][T14387] attempt to access beyond end of device [ 1776.432666][T14387] loop1: rw=0, want=2393, limit=116 [ 1776.456160][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.499709][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.551468][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.563509][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1776.574526][T14430] FAT-fs (loop4): Filesystem has been set read-only [ 1776.577075][T14423] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1776.583902][T14430] attempt to access beyond end of device [ 1776.609717][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.620521][T14430] loop4: rw=0, want=2390, limit=116 [ 1776.630073][T14440] attempt to access beyond end of device [ 1776.653749][T14430] attempt to access beyond end of device [ 1776.666152][T14423] FAT-fs (loop5): Filesystem has been set read-only [ 1776.677620][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.689225][T14440] loop5: rw=0, want=2390, limit=116 [ 1776.697371][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.715257][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.718244][T14430] loop4: rw=0, want=2391, limit=116 [ 1776.733712][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.743885][T14440] attempt to access beyond end of device [ 1776.745551][T14387] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1776.760634][T14430] attempt to access beyond end of device 12:19:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r1 = socket(0x1e, 0x1, 0x0) sendmsg(r1, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) 12:19:49 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) lseek(r0, 0x7ffffc, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = open(&(0x7f0000000300)='./bus\x00', 0x103042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x400000) write$P9_RWALK(r2, &(0x7f0000000280)={0x23, 0x6f, 0x1, {0x2, [{0x2, 0x0, 0x8}, {0x1, 0x3, 0x6}]}}, 0x23) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x4000)=nil, 0x4000}, &(0x7f00000002c0)=0x10) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) semop(0x0, &(0x7f00000001c0)=[{0x0, 0xffff}], 0x1) semop(0x0, &(0x7f0000000080)=[{0x0, 0x9}], 0x1) [ 1776.767215][T14430] loop4: rw=0, want=2392, limit=116 [ 1776.772505][T14398] attempt to access beyond end of device [ 1776.774545][T14440] loop5: rw=0, want=2391, limit=116 [ 1776.780391][T14398] loop1: rw=0, want=2390, limit=116 [ 1776.794175][T14440] attempt to access beyond end of device [ 1776.808682][T14440] loop5: rw=0, want=2392, limit=116 12:19:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r5, 0x84, 0x20, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1776.822244][T14440] attempt to access beyond end of device [ 1776.836069][T14430] attempt to access beyond end of device [ 1776.836617][T14440] loop5: rw=0, want=2393, limit=116 [ 1776.850910][T14398] attempt to access beyond end of device [ 1776.862522][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1776.867213][T14430] loop4: rw=0, want=2393, limit=116 [ 1776.879093][T14398] loop1: rw=0, want=2391, limit=116 [ 1776.884488][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1776.898402][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1776.902662][T14398] attempt to access beyond end of device [ 1776.914860][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1776.917511][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1776.935757][T14398] loop1: rw=0, want=2392, limit=116 [ 1776.952505][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1776.957132][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:49 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) setresgid(0x0, 0x0, 0x0) [ 1776.962714][T14398] attempt to access beyond end of device [ 1776.986233][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1777.002531][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1777.003635][T14398] loop1: rw=0, want=2393, limit=116 [ 1777.016310][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1777.029969][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1777.031258][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1777.060969][T14398] buffer_io_error: 73 callbacks suppressed 12:19:50 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000005c0)={{0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) [ 1777.061013][T14398] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1777.067642][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1777.079386][T14430] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1777.105948][T14441] attempt to access beyond end of device [ 1777.111616][T14441] loop4: rw=0, want=2390, limit=116 [ 1777.112888][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1777.134937][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1777.158186][T14441] Buffer I/O error on dev loop4, logical block 2389, async page read [ 1777.160626][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:19:50 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x5], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1777.186448][T14440] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1777.188237][T14441] attempt to access beyond end of device [ 1777.204009][T14444] attempt to access beyond end of device [ 1777.220692][T14444] loop5: rw=0, want=2390, limit=116 12:19:50 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) lseek(r0, 0x0, 0x4) 12:19:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) keyctl$get_keyring_id(0x0, 0x0, 0x3) r4 = dup(r3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r5, 0x40206417, &(0x7f0000000080)={0x9, 0x0, 0x9, 0x99, 0x19, 0xeb0}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}) [ 1777.252829][T14444] Buffer I/O error on dev loop5, logical block 2389, async page read [ 1777.281271][T14441] loop4: rw=0, want=2391, limit=116 [ 1777.287306][T14444] attempt to access beyond end of device [ 1777.305656][T14441] Buffer I/O error on dev loop4, logical block 2390, async page read [ 1777.313753][T14441] attempt to access beyond end of device [ 1777.322951][T14444] loop5: rw=0, want=2391, limit=116 [ 1777.344741][T14444] Buffer I/O error on dev loop5, logical block 2390, async page read [ 1777.366255][T14441] loop4: rw=0, want=2392, limit=116 [ 1777.371555][T14441] Buffer I/O error on dev loop4, logical block 2391, async page read [ 1777.385280][T14444] attempt to access beyond end of device [ 1777.390955][T14444] loop5: rw=0, want=2392, limit=116 [ 1777.403822][T14473] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1777.414122][ T26] audit: type=1804 audit(1587212390.376:93): pid=14477 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir289842035/syzkaller.IPhdpU/2852/bus" dev="sda1" ino=16382 res=1 [ 1777.450606][T14481] attempt to access beyond end of device [ 1777.456466][T14481] loop1: rw=0, want=2390, limit=116 [ 1777.462480][T14444] Buffer I/O error on dev loop5, logical block 2391, async page read [ 1777.477386][T14481] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1777.477570][T14473] FAT-fs (loop1): Filesystem has been set read-only [ 1777.489438][T14481] attempt to access beyond end of device [ 1777.493724][T14441] attempt to access beyond end of device [ 1777.500375][T14481] loop1: rw=0, want=2391, limit=116 [ 1777.517147][T14481] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1777.534105][T14481] attempt to access beyond end of device [ 1777.536322][T14441] loop4: rw=0, want=2393, limit=116 [ 1777.546941][T14444] attempt to access beyond end of device [ 1777.547654][T14481] loop1: rw=0, want=2392, limit=116 [ 1777.552603][T14444] loop5: rw=0, want=2393, limit=116 [ 1777.552621][T14444] Buffer I/O error on dev loop5, logical block 2392, async page read [ 1777.578670][T14481] attempt to access beyond end of device [ 1777.595208][T14481] loop1: rw=0, want=2393, limit=116 [ 1777.600629][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1777.609827][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:50 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe902, 0x1, &(0x7f0000000180)=[{&(0x7f00000003c0)="eb3c906d6b66732e666130c8093d01008200027400f898b2a55212de2430e299", 0x20}], 0x80080, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='clear_refs\x00') fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000240)) connect$inet6(r3, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r4, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) getsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000000c0), &(0x7f00000001c0)=0x4) dup(0xffffffffffffffff) 12:19:50 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') r1 = socket$inet6(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00') sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r4, 0x31905e13403123b7, 0x0, 0x0, {0xd, 0x0, 0xf000}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) 12:19:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) [ 1777.618032][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1777.625960][ T26] audit: type=1804 audit(1587212390.586:94): pid=14477 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir289842035/syzkaller.IPhdpU/2852/bus" dev="sda1" ino=16382 res=1 [ 1777.649477][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1777.657842][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1777.707902][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1777.748334][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:50 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001240)=ANY=[@ANYRES32=r5, @ANYBLOB="5600f0ae2ede5285251f947fb8d227c9ef569fb3c792426fda754ac767ba8235836bd708f599c740002967a3a6af25b0110dd1220ccae87cd9d3abc46920ecabca1e1ba165993cba0f34eccf1030b420528c5c83000000000000000000dd21985064a91d4c57e4183438031889bea149e8c81a6b36ac637e919ad36fb6b2c8909b53be3d11fda7e2783bd7cc8e8663e91ab04684801cb786a57cdee79488f9378290e6bdfec664945ac9bab4a528b11e7727c3a3cb9975c55438fadc3633f54cb6f0b4da9954517e349f5aebeddc10da980ab687fe86305065d81a4a9ce0749a482db10487db457d7dd1df6351072a259f6be72d1bb2b9a2dfeeaaa6077bf482a18df4cd1e51d39adffbbefb8ce1107680a5bb884672b1158eb8033ae9c45a2223cf5f7aa301c165f4cdc6c588c405ba9b4e69e6760048d35e6d63ac58216c372c128bfaee5d8c234b6715975ccbe972fa30af3a2971568ba2c7555a247f52c3"], &(0x7f0000000440)=0x2) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r5, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0), &(0x7f00000001c0)=0x8) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x1, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1777.795111][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1777.803447][T14481] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:50 executing program 3: symlink(&(0x7f00000000c0)='./file2/file0/file0\x00', &(0x7f0000000040)='./file0\x00') rename(&(0x7f0000000500)='./file0\x00', &(0x7f0000000000)='./file2\x00') setxattr$trusted_overlay_opaque(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f0000000180)='y\x00', 0x2, 0x1) 12:19:50 executing program 2: r0 = eventfd(0xfffffffffffffffc) r1 = dup(r0) write$nbd(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="67446600000000000000000000000000d589f448e43a2871c4c41669bba58cc775a238934d7bf919c31a7b199c17351f9990ecf71569aa7f9527a835cd50fbfa312e358c6871c0364a91bae17c544cbb357ac87272dfed9cdeb5d7fe71d48f81f60377dc6fc1e08fef9a8460e8effbad3ed08fcc44726df13a11ad69fa9e2a390abf3b2962355c383c84c141543af45f934f52407a7b604df1850a141273c187e9e12da2fce99076daa839187e8b15fe881e97d5f6d5b208222f22713553fcd166562e1b433c6a1b2f4e32755fc3eef96fa1926e284118d2957241319648aaff4717ad66b8cedf7709311b222c811dfaffffff9a77c9ec1843a54740ce99d0a88e61da5897d072d0c073d6bdaa20b81a4dd3a4737e1074b8cebc0d070dfc0f5242ad6929d9f27124e4ed839bfd2c2cab6b91f7292b35c4bb638f29b62e5ee7e2b3b809b83cb2ef396335c4b37c2240dbe8fc7bdf37ca1a69381cac709cd4bf2964c619a5ca407056dfb48896924c9c7f2a4d1c53c5001f3a0d387aaf4584af29dce38f0596c97fa3408a808ae63f1dc9fa3c9d87171569682c2bea64762ec8a5de51ae8d43ba314684dfa56dc31b1635ce48a496b90e088285e1"], 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) read$eventfd(r0, &(0x7f00000000c0), 0xfffffe71) [ 1777.880748][T14483] attempt to access beyond end of device [ 1777.887267][T14483] loop1: rw=0, want=2390, limit=116 [ 1777.913348][T14483] attempt to access beyond end of device [ 1777.937741][T14483] loop1: rw=0, want=2391, limit=116 [ 1777.942996][T14483] attempt to access beyond end of device [ 1777.956604][T14502] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1777.973595][T14483] loop1: rw=0, want=2392, limit=116 [ 1777.989441][T14483] attempt to access beyond end of device [ 1778.005478][T14483] loop1: rw=0, want=2393, limit=116 [ 1778.013347][T14502] FAT-fs (loop4): Filesystem has been set read-only [ 1778.058214][T14518] attempt to access beyond end of device [ 1778.126333][T14518] loop4: rw=0, want=2390, limit=116 12:19:51 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x6], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:51 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x400, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x400, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r5, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net\x00') connect$inet6(r6, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1778.154392][T14518] attempt to access beyond end of device [ 1778.194070][T14518] loop4: rw=0, want=2391, limit=116 12:19:51 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000080)='threaded\x00', 0xfffffe58) fchown(r0, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000100)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) [ 1778.223085][T14518] attempt to access beyond end of device [ 1778.244634][T14518] loop4: rw=0, want=2392, limit=116 [ 1778.253336][T14518] attempt to access beyond end of device [ 1778.264908][T14518] loop4: rw=0, want=2393, limit=116 12:19:51 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r2, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$SG_SCSI_RESET(r2, 0x2284, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, 0x0, 0x0) syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) 12:19:51 executing program 2: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl(r4, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x5}}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x4}}]}, 0x34}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 1778.274501][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.323505][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.331182][T14531] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1778.347254][T14531] FAT-fs (loop5): Filesystem has been set read-only [ 1778.373658][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.421807][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.430664][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.438753][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.446880][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.455288][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1778.463673][T14518] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:51 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x2000, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r4, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$KVM_GET_NESTED_STATE(r4, 0xc080aebe, &(0x7f0000000380)={{0x0, 0x0, 0x80}}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x1000) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mount$9p_virtio(&(0x7f00000000c0)='syz\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x800, &(0x7f0000002400)={'trans=virtio,', {[{@cache_fscache='cache=fscache'}, {@access_user='access=user'}, {@loose='loose'}, {@nodevmap='nodevmap'}, {@debug={'debug', 0x3d, 0xfffffffffffffffe}}, {@mmap='mmap'}], [{@fsuuid={'fsuuid', 0x3d, {[0x63, 0x33, 0x34, 0x35, 0x39, 0x36, 0x64, 0x34], 0x2d, [0x32, 0x37, 0x63, 0x66], 0x2d, [0x65, 0x35, 0x33], 0x2d, [0x38, 0x30, 0x34, 0x37], 0x2d, [0x39, 0x36, 0x35, 0x35, 0x63, 0x33, 0x65, 0xe036ca3804deb4fb]}}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x64, 0x37, 0x65, 0x38, 0x34, 0x36, 0x7], 0x2d, [0x36, 0x39, 0x34, 0x35], 0x2d, [0x36, 0x36, 0x33, 0x35], 0x2d, [0x61, 0x59, 0x61, 0x34], 0x2d, [0x31, 0x36, 0x30, 0x37, 0x61, 0x63, 0x37, 0x33]}}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}]}}) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1778.472717][T14522] attempt to access beyond end of device [ 1778.482150][T14522] loop4: rw=0, want=2390, limit=116 [ 1778.521557][T14539] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1778.529753][T14522] attempt to access beyond end of device 12:19:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) r5 = socket(0x10, 0x802, 0x0) io_submit(0x0, 0x1, &(0x7f0000000600)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}]) io_pgetevents(0x0, 0x2, 0x2, &(0x7f0000000080)=[{}, {}], 0x0, &(0x7f0000000240)={&(0x7f0000000200), 0x8}) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x101800, 0x0) r7 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) io_cancel(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xb, 0x1f, r6, &(0x7f00000000c0)="6319fe8a076047fb63bad2c279aacb370b1e908a57a82207fe0c0a5e412bc14715cab822340cadbf7be6319ebb3a7b2c471e782e74d4f541fea0b594c97c51e1f8f76c54d5f899fc5fee64ca73d14e4532764ae8d01b78317744479d67f42d4b9ca6327b41e9bfccaa79a07271218359e3bc5e97af1666a9955388466b4e", 0x7e, 0x6, 0x0, 0x1, r7}, &(0x7f0000000180)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}) [ 1778.566639][T14522] loop4: rw=0, want=2391, limit=116 [ 1778.573077][T14552] attempt to access beyond end of device [ 1778.588505][T14552] loop1: rw=0, want=2390, limit=116 [ 1778.593804][T14539] FAT-fs (loop1): Filesystem has been set read-only 12:19:51 executing program 2: syz_mount_image$iso9660(&(0x7f0000000140)='iso9660\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@mode={'mode', 0x3d, 0x40000000000006}}]}) [ 1778.637478][T14522] attempt to access beyond end of device [ 1778.647272][T14552] attempt to access beyond end of device [ 1778.676154][T14552] loop1: rw=0, want=2391, limit=116 [ 1778.684361][T14522] loop4: rw=0, want=2392, limit=116 [ 1778.707413][T14552] attempt to access beyond end of device [ 1778.723778][T14522] attempt to access beyond end of device [ 1778.730487][T14522] loop4: rw=0, want=2393, limit=116 12:19:51 executing program 4: ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000380)=""/229) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) [ 1778.781856][T14564] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1778.797810][T14564] FAT-fs (loop5): Filesystem has been set read-only [ 1778.816402][T14552] loop1: rw=0, want=2392, limit=116 [ 1778.843168][T14564] attempt to access beyond end of device [ 1778.853698][T14552] attempt to access beyond end of device [ 1778.888400][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1778.896865][T14552] loop1: rw=0, want=2393, limit=116 [ 1778.902126][T14564] loop5: rw=0, want=2390, limit=116 12:19:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = syz_open_dev$vcsu(&(0x7f0000000080)='/dev/vcsu#\x00', 0x8000, 0x0) ioctl$UFFDIO_UNREGISTER(r5, 0x8010aa01, &(0x7f00000000c0)={&(0x7f0000010000/0x1000)=nil, 0x1000}) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1778.937688][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1778.962158][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1778.983613][T14564] attempt to access beyond end of device [ 1779.013993][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.034704][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.035572][T14564] loop5: rw=0, want=2391, limit=116 12:19:52 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) dup2(r1, r0) r2 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$SO_COOKIE(r2, 0x1, 0x10, &(0x7f0000000000), &(0x7f0000000080)=0x8) [ 1779.062210][T14586] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.077997][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.093678][T14586] FAT-fs (loop4): Filesystem has been set read-only [ 1779.097955][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.104029][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.116779][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.117454][T14590] attempt to access beyond end of device [ 1779.124592][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.124606][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.124618][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.124708][T14552] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.126239][T14564] attempt to access beyond end of device [ 1779.130437][T14561] attempt to access beyond end of device [ 1779.138168][T14564] loop5: rw=0, want=2392, limit=116 [ 1779.138193][T14564] attempt to access beyond end of device [ 1779.190386][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.203336][T14590] loop4: rw=0, want=2390, limit=116 [ 1779.204987][T14561] loop1: rw=0, want=2390, limit=116 [ 1779.214160][T14561] attempt to access beyond end of device [ 1779.222472][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.238366][T14561] loop1: rw=0, want=2391, limit=116 [ 1779.243608][T14561] attempt to access beyond end of device [ 1779.249520][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.259259][T14590] attempt to access beyond end of device [ 1779.274921][T14590] loop4: rw=0, want=2391, limit=116 [ 1779.280171][T14590] attempt to access beyond end of device [ 1779.286369][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.294260][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.303134][T14561] loop1: rw=0, want=2392, limit=116 [ 1779.314945][T14564] loop5: rw=0, want=2393, limit=116 12:19:52 executing program 2: ioctl$TCSETSF(0xffffffffffffffff, 0x5412, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006cca8000000000000200000002000000004000007a40000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) [ 1779.320628][T14561] attempt to access beyond end of device [ 1779.331637][T14590] loop4: rw=0, want=2392, limit=116 [ 1779.340762][T14561] loop1: rw=0, want=2393, limit=116 [ 1779.346450][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.354274][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.364954][T14590] attempt to access beyond end of device [ 1779.372096][T14590] loop4: rw=0, want=2393, limit=116 [ 1779.394931][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.402846][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.412293][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:52 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x7], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1779.424385][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.435984][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.444112][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:19:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(r2) write$P9_RWRITE(r3, &(0x7f0000000080)={0xb, 0x77, 0x1, 0x354c8988}, 0xb) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1779.474556][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.483839][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.509155][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.530480][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.555510][T14600] EXT4-fs (loop2): Can't read superblock on 2nd try [ 1779.564964][T14579] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1779.574607][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.608948][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.630803][T14606] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.648637][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.689474][T14606] FAT-fs (loop1): Filesystem has been set read-only [ 1779.692968][T14612] attempt to access beyond end of device [ 1779.724268][T14612] loop1: rw=0, want=2390, limit=116 12:19:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'ip_vti0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000104009effffff00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a8018000a8014000700ff0200000000000000b9000000000001"], 0x3c}}, 0x0) 12:19:52 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x80000000000e900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000380)="eb3c027400f8", 0x6, 0x100000000}], 0x900000, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f00000001c0)='trusted.overlay.origin\x00', &(0x7f0000000240)='y\x00', 0x2, 0x2) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) accept$unix(0xffffffffffffffff, &(0x7f00000002c0)=@abs, &(0x7f00000000c0)=0x6e) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, 0x0, 0x0) dup(r6) 12:19:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x91}, 0x0) r0 = getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x492492492492565, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x29) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000340), 0x5}, 0xeb081d50f30dcd9, 0x0, 0x20203, 0x0, 0x0, 0x0, 0xfff7}, 0x0, 0x0, 0xffffffffffffffff, 0x3) shutdown(0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(0xffffffffffffffff, r4) socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) pread64(r5, 0x0, 0x7700, 0x7a00000000000000) ioctl$sock_inet_tcp_SIOCATMARK(r5, 0x8905, &(0x7f0000000400)) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000c00)=ANY=[@ANYBLOB="7f454c4608008000040000000000000003000300ff0100005200000000000000400000000029010000000000000900000001003800020005000300000204000000ffff0000089b000000000000010001000000000002000000000000000500000000000000f000000000000000060000000000000004000000f8ffffff21000000000000000700000000000000b80e00000000000045000000000000000200000000000000f7ffffffffffffff14490a3ecde1e088392fb465305027568947b61534a614c71f0098e4ff4c0636af8f9bcbdd9786b20aafb91cec915536b6ad342c977b1e6659b2d96fa9568f893b000000000000000000000000ab3058c40bc73a160000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000080000000000000000000000000000000000000b000000e2ffffffffffffff00000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f000000000070332b18380decab00000000000000000000000000000000000000fbff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000054742000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1a39e27cacf43b4702fc74e657e6fda8b4dacaa0a8ea7405d3e1c427726096511e6daf6d3ee3feda9d29f277490423b773ec5dceeb90fe4d04fd6737bf145379470fcb8ec09586a7f8c2c5e8d9302049a611fe5af9c493a28f7976f9a3c50e5bc81546cf6add4d98c9f39cd71ca53204cab4ecea5abdf2c3ff5ef1e8cedd9c957c0001f6c20ba179181332297d9656c8a416bd0ba134c4f0966d575157f73251a6c20fb6ba6314a4afd543d48fe0493bceffb0e1940bb5182ef044a68f4f70ae8ca335637096350c5464f71fc0c5eeb679938da643e5ecb8d8890462fa5c18c83b68a393cd3e0501d054b3268498e97f28296eae7cc87e7f9dc280264f81ca1c8aeb657be434b238e02b6113278d29f371fd44064d0bfcd4729f38cc4af80cb26fd91edb4abb6ce7e1c55b848b7b37920ec3e7266db2aae98bf3c07cc22127c783aff41260f9f7df02f2d9b4bba20477572feae73aaedf90f2cc1950dbb3021856525b4f78cda82632778030d9d90b69e5724057d773830c1532a2de8658543390750c837e33c37184e9976c84b387556d"], 0x393) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x10) sendfile(r6, r7, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 1779.734461][T14590] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1779.781487][T14612] attempt to access beyond end of device [ 1779.796984][T14591] attempt to access beyond end of device [ 1779.802119][T14612] loop1: rw=0, want=2391, limit=116 [ 1779.804813][T14591] loop4: rw=0, want=2390, limit=116 [ 1779.824625][T14591] attempt to access beyond end of device [ 1779.834942][T14612] attempt to access beyond end of device [ 1779.848982][T14591] loop4: rw=0, want=2391, limit=116 [ 1779.854689][T14612] loop1: rw=0, want=2392, limit=116 [ 1779.872956][T14591] attempt to access beyond end of device [ 1779.875263][T14612] attempt to access beyond end of device [ 1779.889973][T14591] loop4: rw=0, want=2392, limit=116 [ 1779.914939][T14612] loop1: rw=0, want=2393, limit=116 [ 1779.920290][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1779.934975][T14591] attempt to access beyond end of device [ 1779.956242][T14591] loop4: rw=0, want=2393, limit=116 [ 1779.968298][ T26] audit: type=1804 audit(1587212392.936:95): pid=14636 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3209/bus" dev="sda1" ino=16378 res=1 12:19:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') [ 1780.031773][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:53 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, &(0x7f0000000140)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r2}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x105400, 0x0) ioctl$SG_EMULATED_HOST(r4, 0x2203, &(0x7f00000000c0)) ioctl$BLKIOMIN(r3, 0x1278, &(0x7f0000000100)) [ 1780.096266][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1780.109636][ T26] audit: type=1804 audit(1587212393.016:96): pid=14638 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3209/bus" dev="sda1" ino=16378 res=1 [ 1780.232384][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:53 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x100000001) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x400, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_bt_cmtp_CMTPCONNADD(r5, 0x400443c8, &(0x7f00000001c0)={r6, 0x5}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1780.326988][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1780.432485][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:53 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f00000001c0)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180), 0x902, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r5 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r6 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r6, 0x1000000) sendfile(r5, r6, &(0x7f00000000c0)=0xf18001, 0xeefffdef) mmap(&(0x7f000000f000/0xe000)=nil, 0xe000, 0xb, 0x10, r3, 0x0) dup(0xffffffffffffffff) 12:19:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x91}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x492492492492565, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x29) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000340), 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x3) shutdown(0xffffffffffffffff, 0x1) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) pread64(0xffffffffffffffff, 0x0, 0x7700, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000400)) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000c00)=ANY=[@ANYBLOB], 0x0) r2 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x10) sendfile(r2, r3, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0x108) [ 1780.532742][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000080)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}) [ 1780.686551][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1780.694427][T14612] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1780.711135][T14650] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1780.758274][T14654] attempt to access beyond end of device [ 1780.759659][T14650] FAT-fs (loop4): Filesystem has been set read-only [ 1780.784497][T14654] loop4: rw=0, want=2390, limit=116 [ 1780.800533][ T26] audit: type=1804 audit(1587212393.766:97): pid=14659 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir289842035/syzkaller.IPhdpU/2857/bus" dev="sda1" ino=16372 res=1 [ 1780.827946][T14657] FAT-fs (loop5): bogus number of reserved sectors [ 1780.854345][T14657] FAT-fs (loop5): Can't find a valid FAT filesystem 12:19:53 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0xa], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1780.928027][T14654] attempt to access beyond end of device [ 1780.973258][T14654] loop4: rw=0, want=2391, limit=116 [ 1781.015699][ T26] audit: type=1804 audit(1587212393.986:98): pid=14671 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir289842035/syzkaller.IPhdpU/2857/bus" dev="sda1" ino=16372 res=1 [ 1781.024866][T14654] attempt to access beyond end of device [ 1781.043962][T14654] loop4: rw=0, want=2392, limit=116 [ 1781.051059][T14654] attempt to access beyond end of device [ 1781.056794][T14654] loop4: rw=0, want=2393, limit=116 [ 1781.062153][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.070064][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.077928][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.104825][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@loopback}}, &(0x7f0000000180)=0xe8) setuid(r5) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) r6 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r7) chown(&(0x7f0000000280)='./file0\x00', r5, r7) syz_open_dev$usbmon(&(0x7f0000000240)='/dev/usbmon#\x00', 0x100, 0x8000) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) [ 1781.112665][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.134843][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.142732][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.194872][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.202734][T14654] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1781.268880][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1781.291301][T14663] attempt to access beyond end of device [ 1781.293849][T14677] FAT-fs (loop1): Filesystem has been set read-only [ 1781.298910][T14663] loop4: rw=0, want=2390, limit=116 [ 1781.350247][T14677] attempt to access beyond end of device [ 1781.414533][T14663] attempt to access beyond end of device [ 1781.421483][T14677] loop1: rw=0, want=2390, limit=116 [ 1781.454342][T14663] loop4: rw=0, want=2391, limit=116 [ 1781.460535][T14677] attempt to access beyond end of device [ 1781.523905][T14663] attempt to access beyond end of device [ 1781.531066][T14677] loop1: rw=0, want=2391, limit=116 [ 1781.585480][T14672] FAT-fs (loop5): bogus number of reserved sectors [ 1781.624547][T14663] loop4: rw=0, want=2392, limit=116 [ 1781.631043][T14677] attempt to access beyond end of device [ 1781.644730][T14672] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1781.703227][T14663] attempt to access beyond end of device [ 1781.715797][T14677] loop1: rw=0, want=2392, limit=116 [ 1781.784632][T14663] loop4: rw=0, want=2393, limit=116 [ 1781.797563][T14677] attempt to access beyond end of device 12:19:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r6, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_DFS_REGION={0x5}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x24}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x0) [ 1781.860605][T14677] loop1: rw=0, want=2393, limit=116 12:19:54 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)) [ 1781.955332][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:55 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') recvfrom$llc(r0, &(0x7f00000002c0)=""/108, 0x6c, 0x21, &(0x7f00000000c0)={0x1a, 0x310, 0x13, 0x5, 0x20, 0x4, @remote}, 0x10) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1782.071161][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1782.187129][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1782.320872][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:55 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f0000000380)={{0x0, 0x0, 0x80}}) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1782.466844][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1782.572816][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1782.666215][T14707] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1782.692865][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1782.744358][T14715] attempt to access beyond end of device [ 1782.794851][T14707] FAT-fs (loop5): Filesystem has been set read-only [ 1782.806097][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1782.824299][T14715] loop5: rw=0, want=2390, limit=116 [ 1782.880597][T14715] buffer_io_error: 51 callbacks suppressed [ 1782.880608][T14715] Buffer I/O error on dev loop5, logical block 2389, async page read [ 1782.910800][T14677] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1782.960707][T14715] attempt to access beyond end of device [ 1783.013465][T14715] loop5: rw=0, want=2391, limit=116 [ 1783.083730][T14715] Buffer I/O error on dev loop5, logical block 2390, async page read [ 1783.192917][T14715] attempt to access beyond end of device [ 1783.258089][T14715] loop5: rw=0, want=2392, limit=116 [ 1783.296685][T14715] Buffer I/O error on dev loop5, logical block 2391, async page read [ 1783.362320][T14715] attempt to access beyond end of device [ 1783.399499][T14715] loop5: rw=0, want=2393, limit=116 [ 1783.430092][T14715] Buffer I/O error on dev loop5, logical block 2392, async page read [ 1783.483249][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.512482][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.546703][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.609987][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.643423][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.672385][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.703337][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.717133][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1783.725050][T14715] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:19:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r3, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0xc4, 0x0, &(0x7f0000001440)=[@clear_death={0x400c630f, 0x1}, @increfs={0x40046304, 0x3}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000140)={@flat=@binder={0x73622a85, 0x0, 0x2}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000080)=""/184, 0xb8, 0x2, 0x1e}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/123, 0x7b, 0x2, 0x1ff}, @flat=@handle={0x73682a85, 0x1000, 0x2}, @fda={0x66646185, 0x6, 0x0, 0x37}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}}, @enter_looper, @register_looper, @request_death={0x400c630e, 0x1}, @register_looper], 0x1000, 0x0, &(0x7f0000001540)="df348500175b69b22c002880fa5274c33ae3cbca21ccd1adae355acf5764d9b4168dadd1c1a6d3f4d2dbcac280adc5658d0f066b725723982c1cfb92a87ff91bd595142b93cebc0d0f1a726db616d247a61bfd9f7176b688c4bb456abeeca93f56fd8a8e627077ea86c8280a5dbbe3a0204039f586bf7e014d509f573c4cf2873386617881e4f0a84db0431c3bb972a306057f5c065f29dceac371f37a7c039e3eedb6332963f2630cfc885421e36167e37be1b21bcacd6368eb9e654bdc65322946c2ab6065fb0b6e993d1261dd1e3c7b54518582b6d887266f50b5a67b9099f15ed69741c2bf1c9abe35dcb29ade447ebc350223ac733b436d8673b51051803b3dcbd30928d8cad6dd5f09a2762149c413486de885536d7c746f9a5bf631d8578d0a1ed626f30e35f3c07804cccd145f56cf9f1e79ba4a15d7a7265adf94146515154877dbc46353c7d2ee606e69cd58046513a181ed33f3422ff87b5cd79c58e5b6916a7d871de237d7a7c02685653bdf89ebcd316440370d35559f624cca5720c998c6b760981761afa4722856d7b972f602567cd0bc015a2df3370bc7123d4581d2507bedc7cd088308e6a1aa4253647950f8ea76b1e22a4c6a0e825c1ee11d3b5cbfa852cfb32b17a8f27fd3380cbb601215d448693cf147f56aefa0593d2a886abaf682c5e556d4808c15c1b66dbcb5605de25bedce75c2a00c94a2cdf8c50a93f24e7c5bb39c2addee021797be8532dc18eb8aafc2c62413ed0eff228967a386965ec1c2ba58ba4b1f93075886e65f5e3101bf4fd8552d18c4028ec2c26b0e3e5f6cfce132e84d5b4473b70dbc2c6f344e511d767bd41bb368e7bb4902dd057c6e0a341a341cc32a4bf020127f24b0d75d3c2a35523d062f0c99da9cf2e8b14b92a026371b01cfb60365c8d9da5d8b3bf0e94f8cb512f357246b432b6dcd9e89d1128adfd774c8e30a0a536d2d3be4f2490704b183137241f490e0013fdef2dbc06fd5fd790a35a926f1227d5e1b13c11c3ea99f1f528253f4e40707be6e33e2f7067c95197f0e82afdd93a65fbc878ec9e4d26d8857494ffc8fb400a323f0dec3504567e956c9e4846dfb8649d977265ebfb1e447510176b9543541dd8031924214f7f948ffd986f10b4b7a77dbec263c6ee6e8320b0d61c6af2df8b75d7da021f11e590e0e31dfb2a2470d7ef76d31ebd3a8404fb85c026b96f4f24b88ff785d271bf453dbddbe298931805c4a4bee01c178b08fa3b71e207cc8779f894386fe504a5f2912b50bfcdaae39f2c288d0c54ceb3b0ec327299597792deff0a60317b54da353870154c68e389c30d2e1400abf457d22076c4440e1a6ab52e3cc4f6fd024e6e95abb32677af51ce1c9c9bf0d24b00c0aaf60d40b73bc7a9d28b4d9797cd7c100cff7f57b4abcc17ab4708a5ec7c37eef4772458d76efd1ece08fd809b7aba0750c5f30f1a7d207641c73e9c83a01289235c1d766e08cdda4843537ceb08f650f5ef9f4f68d8c41fc3d9346668a7d33ea8ff54476916488a5ff45a71cbe34cb3e068b9a7688659ab46cbddb837cdeecced0af3e74556f3fd2898b6080682f5bdc79964a05832db2777d641764e8d6debb78eecacc29acbbe7ffd0e14cc38432094aeed6b227d54f5efee87588bda023b5572a7a0d8b9c70a50101e83dc22e1d245b1e6c9d4da536595e24f454352bc8776f3a693b81d73a7a354f4f4a3ed9799ae531b73460f326d003bb2a8c9a067723f08ac7cc4216e80592145c60335ccb0dda65633ad34d96d82863a4c3c8088cd4f3271b60bf76298f183d429ce8a69af2b82b7c50e1e31c0cd0d3d8df0e692fb3e74e54c0d1a811e656f834599e387a32c7dee7c9895eeaf9b7465175784faeb792b2eed9fd944ab02f1f8a4de31f97b2f812a4210938c4452d8d0f8bef2bbd22885688292a8808bea54b812bc8e4c74298b533ab70dcb9184aafe920324c76addeef4f9f3ac50a33a80fa72c5be11fde95fee0d617a32396d4260d5033abb63e17abb585e01f8cacdb9f0a66a616af32e637dd1c54981a681232ecbce5027dd6805e8a02913ff0be59d6811b70297fa3552d64f36d023385c5245111c3ef691d51045133fdd892b01389ba7bd7fa308ad9fb86a17b7b09aa8e62daa84c6f6a8f3504fbfbb3013c877e2b7b5a106b5c14d547edaa995ba6fc70584801e266c9a25ffc6b5ef78c3600d92043a904f5528a6f1ab6ceb6ee89dbb016065909aa422a939cea5b8503fb12ad91c0ce4d3a507eaf872e3995bf0eff20b97e5210610fde253ea01b11db24a5d40597c6378fa0c981b8472ffc32ec25328e14bb2df176fc03701b14374d803e4e817e9aaf975cd5a7d2e6dc2b7cc148c7ef7632a98ecbafd3da74723aa04923dc7b43cb85feeabdcab1223deb7ad4f969b622874592e580e125ab338c936aa3f473b355eb41dff76ccb630d3043b76d23713a69f24ee5f79220fa8e9f29ea3355a7701495f6f8b30c27b679094c3691998812771cfaaf87b55309113dec200aac76a09cd66993c5ada1a148a0ea5b9bab7380b086d8e3cc4f3f836e81d4d5dc4bbfa386db5c01afd31630cb511d5d39bc04acddb07b19421436e7f8e59ff31cf00c7739b5d5b81d8ff6d6bea91cdb2476525488d6da0f43a5cbe8eeafbe4e273d635667f9ab53c809a28f81ff2ee8f578ade5a62f66438817d57919d80e18431e66e7b2f4a8243edbeb39a47222463885a0f7f7e95e4fee8795abe371762cf168523c59524041c4c278fb7eaaffe576b0eb0732f74220721452db4cc5f4397a44eae2eb6b0dd47d3514d01b0f45acb553de93e5a161eebde7bc6a9ed33b77607dcb9d964b112c7af672f61231c3c0be5962f7a3c04c340f5fc1ad969995f81130a3efb88ecb2d96be93705da95854333d9833859e5440142337a3328890a8b4712d8ef1da067c38fab432f171b4599b009cd16776447a52b4254a2ea4e4cd71c3767f83d8e006f23e9ad86273ee49817fcab4c3a91f64ed218bf28abfe5a35a50f1ac64f433eee48b9275814a56babe80856439cec24db2c47400860e352ec116bb56e99b81f0b3a3cda4300761e9c85a24bff15c36d2b7dbc646bfa86e35f4ca456e453139dcfe76b6cf41a37f754dabe7a44dbb611e660262930d59cfa4b97b48b23ec2980ca22b5c82d77fb2196b0858a60fdce10ad8ee502808699084fa36d178427cfe379590cd99961b94833e50f4fd462416c000546ae431b27ae69c3a9d2e7ca2aa0afec081ff99116d8e62c8532a344b734b0ebb6ac6fcf114fb49a6f0ee1ec67d4bade08745d37640fecc26ac978040bffd0e58f442d11a5be7ae4271b1665d6ef8867a6a9f547ada7666fad6ee9c7e8768bb4647ab164f94f9f6f81f668b2d3ce5118ec2d392741b814fcdd1a2333dd7ff3e240f01f6552033067e230c3f95cf7221c9f54052a46c6febc5c3990765b4c404e98bc589cffa7ed9d5d15d74c6145461aeb284f0dc8492ac461fce441f407d81c95ea47f00f1a6b2b0014e9df80e2a280992e4923b41c51c6761eee1a406212478a4755ae598f637d2f00a9ab70020e5c327f59b2bb0c9099a2ec862a1ccedbe2a3cb10a0c4786ec908c4e4f8766da827950e88f3097f0978841d026bfc31d1e519bcec48d4be7d34cab3e954220f180238c85d5429dc94f273ad68f80b43b33694a26180eeda17b97c342e2926d3af4804f067495da1941113a1571b3917e5848280138e973eca70ae98e7c68ac1d274eb6a5556ea4c8378f2ba504e06d51084932f55c231dd0f37c5cc27c39b910f9f2560072abaebb33a24f8b82840f2226471423e53672dd3361454771e86ca7029fc2ee3978197cfda38a9407942a0275eda03c44d67fdfe39df383c2770e2509143edfeed5bbb02738153b1c6045c1ee9d0919f3c86903dbd8be4a896395b9c5f11cd47dbcce60505b92e167d189b8fbab0ae79e0960a4934e0873fa9c7dca6375fa7d5489819531d334d909b1a5ccdde50c5e425ed5516cdf3a7f92bfcb65487bd3734d77a7b7f02bf3ba1b774cf8dfd14c94ef66c69800219f7d528eb74acc0002e141ad922cf170940a67f9536d8f5e6580b8ef7b7754de40b7b71cbd903fd948c113a678d5b5fa341edaf0b3bad99114b3976a6aed6f277d4a6b822c1a31908f066c9c21e9f69f14dd023c37c869ed35281bce925dfda553b6e8f17c969c91e6689ebfadd9d7094fe2c5f95127ed4a4bd83dcd720f741d0915c143793b9138c032b15f57ceadb44026c19a774c49181535350e08c12f4b4554d0ecd2678be4de5cbd5f3855c99e72c5b03e279aa350b7a6a3783aa83622b907a77c25eb66ad30fac3229c0ceab21d4d933b19ff93c219797d463034463321d2d218dbced66fca9f998324f2b8cdce1c2499e0efdeedf12e58e56edf89e1358e721b9831bb07c7e7bf9f2fd0322fe9021e1e7b767508b20ced89337ebc7ebee391cdd3d5e6e047f4b050e013ff95ae67767b3adce2dba80c4f5e8e4b216038ca60fae134dd6517eaf53433ba14a9fd0cca20be5f837cb6a715593d9d80b9e2f66f6f762b48b8f4a9bdf6e8d46f37bac5697a70d5dfc5921e5211ab54e3c198cc4a72177876a3efa047e196a99e9fc20ef62f958285c42d1d56ce2f4a4b0976bc5f7bab703fa01988e0e3ca3c647ed6c8d9e00ef9ae9f08c3932f3d6bb60ee6e4ae1ce52a3a663ef11fbdf4384bc0b7c09bd17e9bd806ea74d043027faadd36e0c4a1612313d2a2084f39f6586d5c6e3e3217d9ca6be088bd680386ffca76185880b953a5e1fac26eea2746bf3b1cc29d5ffcd494ddc6ef65f12043c21f3ba3e49e9ce9deeb6f8606966e1f6551f158c795379ab1bbf33e895285a14cf23a14412642e18357b54ef584f7167e76151b5442acf2c1062af90651bccd34dbb426509b826b8a60855df855a8862f0d15c44aefc3dc0689ae38ad98396e3cb2b0ee72e2270bafaf2787a6c4cae6604e18e072bcfe2cf00a8b56860bb2ce05d11be92e912249c61214cb99ba77b826ea5fe778f99643145e74c835567341c7e1b835beb95676ab8a9408a6824009147506f1acddff44d274853f7cbf91cc695555d67804140d10d399399cd42811af34ea04f87a3cedaa3b2907d71757fa26a3b2b03f2a057f64ae493c461da0584f9e3d3cc996a754f7f699a166e725cf7ce1f5236a1985e73a420dc0b2888e2c2d753c88361fb79c7da105e8044cc7a3659873c32adf700570218593d70d77775a1ac15738db0632bf7048e4a6dbf2d6a05faca38d70dadeadc9cd11b9a6808cff63c5b6456f16f8e09212924a81882743adcbf95517c398c3e6d1a2e9fd794c6dd1611765ee1c03ed8a5734d605521608c187e2416c9e330a5522764cbb3e6ce3aecf28b44e4f82cd42c9bce0f3f81538e0cc5557e86fc28ccc531e862b3e47b0ff9c7d9f39292b56711db35bb72e94ecd60dd23b1ef477ba766326865d553b6a091863cca7999693d401b78f6b04725cb9aba7637325ac2c4b55b1e8bbe1945fa5797a8a1f39fe2d04b60ccf765a0c0e5e8421eae57bd28e5d348ac023dc5e1a3d98b6be3c9721c0412c8291f68a0ed70bab1c4dd781dab04f430d373d431f10c107b2f642b93b7050aa43fbda947642d03319d7f22eac13ba33b7cece21b111bc2249038a446ebc74b83303d9e943ac3b07a954e258f5e44f181828b9a0ee793405938e8cb27454b7245bf56f9fc53fa8e5a23da8cf9f5ba3d84db8ce1bd18c1ddcdb25ee5e5f39344e29c708887347"}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) 12:19:56 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) execve(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)=[&(0x7f0000000400)='memovy.events\x00'], &(0x7f00000003c0)) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r4, 0x80045301, &(0x7f00000000c0)) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x4e23, 0x1, @local, 0x7ff}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:19:56 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x48], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:19:56 executing program 2: [ 1784.066195][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.074151][T14737] FAT-fs (loop5): Filesystem has been set read-only [ 1784.082348][T14737] attempt to access beyond end of device [ 1784.088238][T14737] loop5: rw=0, want=2390, limit=116 [ 1784.093662][T14737] Buffer I/O error on dev loop5, logical block 2389, async page read [ 1784.102421][T14737] attempt to access beyond end of device [ 1784.108464][T14737] loop5: rw=0, want=2391, limit=116 [ 1784.113833][T14737] Buffer I/O error on dev loop5, logical block 2390, async page read [ 1784.122674][T14737] attempt to access beyond end of device [ 1784.129157][T14737] loop5: rw=0, want=2392, limit=116 [ 1784.134959][T14737] Buffer I/O error on dev loop5, logical block 2391, async page read [ 1784.143221][T14737] attempt to access beyond end of device [ 1784.158025][T14737] loop5: rw=0, want=2393, limit=116 [ 1784.172235][T14736] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.199685][T14737] Buffer I/O error on dev loop5, logical block 2392, async page read [ 1784.211794][T14736] FAT-fs (loop1): Filesystem has been set read-only [ 1784.231309][T14748] attempt to access beyond end of device [ 1784.259817][T14748] loop1: rw=0, want=2390, limit=116 [ 1784.297838][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.299067][T14748] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1784.336892][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:19:57 executing program 3: 12:19:57 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f0000000280)={r5}) ioctl$DRM_IOCTL_GET_CTX(r3, 0xc0086423, &(0x7f00000000c0)={r5, 0x1}) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:57 executing program 2: 12:19:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000001440)={"549713e339192fa7f4c7568b39c266bc1b0e9eba1ebb311a0238913dbccfffaba41b3997dd58df29ed450da45d9032696a9d6fc5bfed57c2c99679b2d1865bc0f07d6a44e748667130b61925f1fc81ed9f9c3fd99f9e1357ff1977de7729b2a394a842212a4dba4bc61fa50b11d5b8789b28afc18c9d51008ed1d6230e5858a204172c93de6763c79805cb2bfad1022e90e6fdf6d5a6b676a6f16f34f136514299c3659f9efaef1c60a4753e2d24405327dff2f6a2f942bbd1b0cccf68f191d5cf5101c16bbbbae75bf1dbccc6cb516a82b3ebd3269bd2aa6dba13caf9721f9e5957be38959a9d5a0a1c6b860c1942c71f3b53c7410e994cb98e569022343aeb8f2411b5d85c77117bcb1d07fa56b6620f168a1eb3db2a303878ca600e5314c302adf4f04b4dc9b6d5400cd1df151a28e17a3acc45f01f36610ee26e0e5ec2a6d504b700d7b87fba5057eb9404d910afb2a504fa90fcc7d78d21822ed462a0cb627fe671cbf4675c22e3e32ef9ca61b84dd9187d585c8561db0c3afae439c1e47ecc6b131e1417ed22f9b6ad7847acaac1deb6fdde3c85633c626b5a9685344e3cc6f0e4cbf695f1244f4b0b3821057ca1103e004e271a60c150014d81135570acedfa2da937c0e15a64319df2ec7026a7f06d68437b18f5bdb367df15dbaa80086da2ce2d66fb3d16e7d83bb171da469e9e7efc72348f3752b03b292fa58fd4694bcfb25f3cdf912459c896aef18e1f25d5cbfb351a529a9b096b1a62eb84e555daa1a78bd86fcb251aa2967888f19284443a522ca94e2fdd81a50863f3df0622a69da57f327a50648f03bd3563fd6f0561ef6ee92c963942ee9615421baf6547c6893d14bfa3bc9ee3acbbf03a1ebbd9003a042cfd0f6995b4219ffdf97605d38670f5d6388672a6e8b0978b17a32b82ed912a0176d6e1849cac8734d4079c272c229e4544aeb61956885d561872d4ea7ba09083df4d950b9c2ec335ebc59a24e432684e0972e080675c12223a8bf0985cae86cbfa384eb3308740f64b8e753dd4834cd0a643b0fa89df62b1180a3b6706637874e3dca22f851bc97102b37309033e1cf76251f0dcc8ee694e6ff8b6b45b4171aca2f8b041f12830883fc75d71269736b7ef02ad8b77d631e5b356079841adc8435d82dd8639e49c0897264bea437ccfecca03584c4807b222a5bbfe41766ddeb4187f33debb1f26f16f4f8d931616c7ca603e120460f5916bf97dbe7cd1e43c193ef0dc346944bb0f05fe2168cdf18651f6b4e4a9a28501b5182158800d52b5e6f56ee8808857bff64ebd78303aed68e2813027386f30b0614483ba422b26b29b0d1c3bd89c845dbff6e3d454d1ec6c85ea3c7079eecb278e96a312733c628bc5d36a4eecba61404ce31f0abc0470cd9be3e85a4869deff87a2f55053f4d16288560a801366e375e7e56747"}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f]}) [ 1784.361380][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.381665][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.398538][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.438436][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.441938][T14748] attempt to access beyond end of device 12:19:57 executing program 2: [ 1784.483097][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.500635][T14748] loop1: rw=0, want=2391, limit=116 [ 1784.560813][T14748] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1784.569876][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.585527][T14753] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1784.594874][T14748] attempt to access beyond end of device [ 1784.600593][T14748] loop1: rw=0, want=2392, limit=116 12:19:57 executing program 2: [ 1784.606564][T14748] attempt to access beyond end of device [ 1784.612267][T14748] loop1: rw=0, want=2393, limit=116 [ 1784.617632][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.625573][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.634933][T14761] attempt to access beyond end of device [ 1784.640645][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.654146][T14761] loop4: rw=0, want=2390, limit=116 [ 1784.661825][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.672066][T14737] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1784.680589][T14753] FAT-fs (loop4): Filesystem has been set read-only [ 1784.692054][T14761] attempt to access beyond end of device [ 1784.703372][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.716881][T14761] loop4: rw=0, want=2391, limit=116 [ 1784.723086][T14745] attempt to access beyond end of device [ 1784.733759][T14745] loop5: rw=0, want=2390, limit=116 [ 1784.750733][T14745] attempt to access beyond end of device 12:19:57 executing program 2: [ 1784.758692][T14761] attempt to access beyond end of device [ 1784.766750][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.778677][T14745] loop5: rw=0, want=2391, limit=116 [ 1784.783970][T14761] loop4: rw=0, want=2392, limit=116 [ 1784.789561][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.800181][T14745] attempt to access beyond end of device [ 1784.806314][T14761] attempt to access beyond end of device [ 1784.812247][T14745] loop5: rw=0, want=2392, limit=116 [ 1784.820668][T14761] loop4: rw=0, want=2393, limit=116 [ 1784.829136][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.850668][T14745] attempt to access beyond end of device [ 1784.861641][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1784.879803][T14748] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1784.890394][T14745] loop5: rw=0, want=2393, limit=116 [ 1784.902790][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1784.939765][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:57 executing program 2: 12:19:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttynull\x00', 0x301000, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cpuinfo\x00', 0x0, 0x0) ioctl$NBD_DO_IT(r5, 0xab03) epoll_create1(0x80000) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000100)='0', 0x1) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff]}) [ 1784.983979][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:58 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, 0x0, 0x0) accept4$tipc(r1, &(0x7f00000000c0)=@id, &(0x7f00000001c0)=0x10, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:19:58 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x4c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1785.025869][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1785.058455][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1785.095205][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:58 executing program 2: [ 1785.137454][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1785.187384][T14761] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1785.242305][T14765] attempt to access beyond end of device [ 1785.250978][T14765] loop4: rw=0, want=2390, limit=116 [ 1785.304309][T14765] attempt to access beyond end of device [ 1785.311339][T14778] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.364211][T14765] loop4: rw=0, want=2391, limit=116 [ 1785.387312][T14778] FAT-fs (loop1): Filesystem has been set read-only [ 1785.404436][T14781] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.408767][T14793] attempt to access beyond end of device [ 1785.419144][T14765] attempt to access beyond end of device [ 1785.431551][T14765] loop4: rw=0, want=2392, limit=116 [ 1785.440318][T14793] loop1: rw=0, want=2390, limit=116 [ 1785.448884][T14765] attempt to access beyond end of device [ 1785.459606][T14793] attempt to access beyond end of device [ 1785.460209][T14781] FAT-fs (loop5): Filesystem has been set read-only [ 1785.466969][T14796] attempt to access beyond end of device [ 1785.482312][T14765] loop4: rw=0, want=2393, limit=116 [ 1785.489887][T14793] loop1: rw=0, want=2391, limit=116 [ 1785.524075][T14793] attempt to access beyond end of device [ 1785.529279][T14796] loop5: rw=0, want=2390, limit=116 [ 1785.544192][T14793] loop1: rw=0, want=2392, limit=116 [ 1785.549650][T14796] attempt to access beyond end of device [ 1785.564590][T14793] attempt to access beyond end of device [ 1785.570112][T14796] loop5: rw=0, want=2391, limit=116 [ 1785.583193][T14793] loop1: rw=0, want=2393, limit=116 [ 1785.589478][T14796] attempt to access beyond end of device [ 1785.604684][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.616875][T14796] loop5: rw=0, want=2392, limit=116 [ 1785.622341][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.635629][T14796] attempt to access beyond end of device [ 1785.639581][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.655353][T14796] loop5: rw=0, want=2393, limit=116 [ 1785.666605][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.674433][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.675520][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.699859][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.716601][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.727848][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.733383][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.747573][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.754335][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.765492][T14793] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1785.782786][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.791244][T14778] attempt to access beyond end of device [ 1785.799305][T14778] loop1: rw=0, want=2390, limit=116 [ 1785.805227][T14778] attempt to access beyond end of device [ 1785.813234][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.827006][T14778] loop1: rw=0, want=2391, limit=116 [ 1785.832547][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.843003][T14778] attempt to access beyond end of device [ 1785.848776][T14778] loop1: rw=0, want=2392, limit=116 [ 1785.857641][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.865592][T14796] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1785.866268][T14778] attempt to access beyond end of device 12:19:58 executing program 3: 12:19:58 executing program 2: 12:19:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}) 12:19:58 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x20, &(0x7f00000002c0)="5c1f741b64f0597d9d35f59d43a38383a7c649efbe69c4748cbc4add53457b3164131cdcf93aed108a576b1b268ef388f92bc217fefb7c454759f1f4b7b89a8dc30771756a24d31cc04390dd40ca18d3e2f454ed741b20b05d4a961f8c42db270f9f43d0880efe0e6858", 0x6a) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1785.880031][T14797] attempt to access beyond end of device [ 1785.888959][T14797] loop5: rw=0, want=2390, limit=116 [ 1785.894260][T14797] attempt to access beyond end of device [ 1785.927325][T14797] loop5: rw=0, want=2391, limit=116 [ 1785.941059][T14778] loop1: rw=0, want=2393, limit=116 [ 1785.943547][T14797] attempt to access beyond end of device [ 1785.958625][T14797] loop5: rw=0, want=2392, limit=116 12:19:58 executing program 2: 12:19:58 executing program 3: 12:19:59 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x60], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1785.977517][T14797] attempt to access beyond end of device [ 1786.000788][T14797] loop5: rw=0, want=2393, limit=116 12:19:59 executing program 2: 12:19:59 executing program 3: [ 1786.112659][T14808] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.161248][T14808] FAT-fs (loop4): Filesystem has been set read-only [ 1786.180987][T14819] attempt to access beyond end of device 12:19:59 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) mkdirat(r5, &(0x7f00000000c0)='./file0\x00', 0x12) [ 1786.212886][T14819] loop4: rw=0, want=2390, limit=116 12:19:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000000c0)={0x4, r4}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) [ 1786.244980][T14819] attempt to access beyond end of device [ 1786.250960][T14819] loop4: rw=0, want=2391, limit=116 [ 1786.256247][T14819] attempt to access beyond end of device [ 1786.261922][T14819] loop4: rw=0, want=2392, limit=116 [ 1786.267230][T14819] attempt to access beyond end of device [ 1786.272916][T14819] loop4: rw=0, want=2393, limit=116 [ 1786.278285][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.286752][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.294661][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.302612][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.311492][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.319527][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.320943][T14824] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.327600][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:19:59 executing program 2: 12:19:59 executing program 3: [ 1786.343246][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.351387][T14819] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1786.359673][T14827] attempt to access beyond end of device [ 1786.382076][T14827] loop4: rw=0, want=2390, limit=116 [ 1786.423275][T14827] attempt to access beyond end of device [ 1786.428863][T14835] attempt to access beyond end of device [ 1786.446450][T14824] FAT-fs (loop1): Filesystem has been set read-only [ 1786.451846][T14835] loop1: rw=0, want=2390, limit=116 [ 1786.470861][T14835] attempt to access beyond end of device [ 1786.472956][T14827] loop4: rw=0, want=2391, limit=116 [ 1786.489791][T14835] loop1: rw=0, want=2391, limit=116 [ 1786.494203][T14827] attempt to access beyond end of device [ 1786.505910][T14835] attempt to access beyond end of device [ 1786.519972][T14827] loop4: rw=0, want=2392, limit=116 [ 1786.528254][T14835] loop1: rw=0, want=2392, limit=116 [ 1786.544302][T14827] attempt to access beyond end of device [ 1786.570647][T14835] attempt to access beyond end of device [ 1786.578608][T14827] loop4: rw=0, want=2393, limit=116 [ 1786.587827][T14842] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1786.602407][T14835] loop1: rw=0, want=2393, limit=116 [ 1786.615276][T14842] FAT-fs (loop5): Filesystem has been set read-only 12:19:59 executing program 2: 12:19:59 executing program 3: [ 1786.641592][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.658904][T14846] attempt to access beyond end of device [ 1786.684273][T14846] loop5: rw=0, want=2390, limit=116 [ 1786.695545][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:19:59 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0)='NLBL_UNLBL\x00') write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) setsockopt$MISDN_TIME_STAMP(r2, 0x0, 0x1, &(0x7f00000000c0), 0x4) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:19:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000100)=0x6, 0x4) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) add_key(&(0x7f0000000180)='rxrpc_s\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000340)="d5aed69954bb2517e16d3f5d9cdd79f99e2e8d731cac30e18564c73dc64edc7c01f7ef7565f4c5900c1d2a783b13a0fe17a4235387b23c12f1f138539245731332ee205612bfefea1f4d0058c47f25bbf09472394b55e0876c54643345ac8610ed3723a5d1fbcc9ee3c06bae386f6cf378b08a362d4940f7c4eb18e2d4735a607f71e0ed563bc8f10ac05b72f11ebecac088ab3f02464bce", 0x98, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f0000000080)={{0x2, 0x4e24, @multicast2}, {0x1, @link_local}, 0x6, {0x2, 0x4e24, @multicast2}, 'nr0\x00'}) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000280)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ae, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) [ 1786.728936][T14846] attempt to access beyond end of device [ 1786.757966][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.770294][T14846] loop5: rw=0, want=2391, limit=116 12:19:59 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x165014fa) [ 1786.800926][T14846] attempt to access beyond end of device [ 1786.808350][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.823963][T14846] loop5: rw=0, want=2392, limit=116 [ 1786.832447][T14846] attempt to access beyond end of device [ 1786.841275][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.859236][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.870336][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.885799][T14846] loop5: rw=0, want=2393, limit=116 [ 1786.900189][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1786.917080][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.918387][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1786.941253][T14835] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1786.947082][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1786.982136][T14835] attempt to access beyond end of device [ 1786.999024][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.006941][T14858] FAT-fs (loop4): Filesystem has been set read-only [ 1787.015751][T14858] attempt to access beyond end of device [ 1787.021464][T14858] loop4: rw=0, want=2390, limit=116 [ 1787.023098][T14835] loop1: rw=0, want=2390, limit=116 [ 1787.028205][T14858] attempt to access beyond end of device [ 1787.035913][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1787.038882][T14858] loop4: rw=0, want=2391, limit=116 [ 1787.051534][T14858] attempt to access beyond end of device [ 1787.057610][T14858] loop4: rw=0, want=2392, limit=116 [ 1787.063696][T14858] attempt to access beyond end of device [ 1787.069767][T14858] loop4: rw=0, want=2393, limit=116 [ 1787.075345][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.083572][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.083608][T14835] attempt to access beyond end of device [ 1787.099219][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.123444][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1787.130476][T14835] loop1: rw=0, want=2391, limit=116 [ 1787.133883][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.144989][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1787.153235][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1787.161467][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.169812][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1787.179117][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.184088][T14835] attempt to access beyond end of device [ 1787.193788][T14846] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1787.202821][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.208115][T14835] loop1: rw=0, want=2392, limit=116 [ 1787.225994][T14842] attempt to access beyond end of device [ 1787.231918][T14842] loop5: rw=0, want=2390, limit=116 [ 1787.238363][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.247390][T14842] attempt to access beyond end of device [ 1787.251288][T14835] attempt to access beyond end of device [ 1787.253123][T14858] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1787.266775][T14842] loop5: rw=0, want=2391, limit=116 [ 1787.272111][T14842] attempt to access beyond end of device [ 1787.278732][T14866] attempt to access beyond end of device [ 1787.279079][T14842] loop5: rw=0, want=2392, limit=116 [ 1787.284397][T14866] loop4: rw=0, want=2390, limit=116 [ 1787.288137][T14866] attempt to access beyond end of device [ 1787.290195][T14835] loop1: rw=0, want=2393, limit=116 [ 1787.308030][T14842] attempt to access beyond end of device [ 1787.313963][T14842] loop5: rw=0, want=2393, limit=116 12:20:00 executing program 3: set_mempolicy(0x8002, &(0x7f0000000000)=0x5, 0x6) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 12:20:00 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x68], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) ioctl$VIDIOC_STREAMOFF(r4, 0x40045613, &(0x7f0000000180)=0x8) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r4, 0xc058534b, &(0x7f0000000080)={0x705c, 0x2, 0x4fb, 0x0, 0x3, 0xea4a}) [ 1787.344006][T14866] loop4: rw=0, want=2391, limit=116 [ 1787.383976][T14866] attempt to access beyond end of device [ 1787.405488][T14866] loop4: rw=0, want=2392, limit=116 12:20:00 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x165014fa) 12:20:00 executing program 5: getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f00000002c0)={'filter\x00'}, &(0x7f0000000240)=0x44) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) socket$bt_bnep(0x1f, 0x3, 0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) setsockopt$packet_int(r2, 0x107, 0xb, &(0x7f00000000c0)=0x3f, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) mknod(&(0x7f00000001c0)='./file0\x00', 0x400, 0x2be5) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, 0xffffffffffffffff, 0x3000) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1787.433972][T14866] attempt to access beyond end of device [ 1787.459124][T14866] loop4: rw=0, want=2393, limit=116 12:20:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0x22, &(0x7f0000000440)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x0, 0x0, "cdea5bf76403f0cecb2410161bdba2c29c87f37e58e6d74ce3dd82abb52ceedfa63b96319f0edabad22378ec9985edabf8063395bc78bcacdec3cef1f43936904055a768cf575f68ea9818871131679c"}, 0xd8) 12:20:00 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x51, 0x90001) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f00000002c0)={&(0x7f00000001c0)=[0x3, 0x80000000, 0x7f, 0x200, 0x0], 0x5, 0x0, 0x77c, 0x80, 0x351, 0x4, 0x200, {0x11552c39, 0xfffa, 0x8, 0x1, 0x4, 0x1, 0x4, 0x1, 0x1, 0x7, 0x329, 0x1ff, 0x6, 0x4, "5fb7d727da1a6f59e31d0a38da17d1eea4137c6a065b2d1fde03dc64ffefa15f"}}) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:00 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r4 = socket$netlink(0x10, 0x3, 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x400400, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f00000002c0)={@val, @void, @x25={0x0, 0x0, 0x0, "1a22577d51a13c0fce95945e72911874e4789a88e320ee4a9cf3572311bab025d5f906e8b685803f8014efb3889a5888440cc8aa4334cce506ef6eddf0fea7278d2dda4c1c210f047489e79083e6d4b7872137a2009b4a0bc521d3af06f2c8aa0f2b3a4821161282975649cb44a4eb1233132228791e7347aa3225bdb9f8bb1a926791262bba6cdd0676bcaf353e6ecc25fce7cdb95a79615f72c9135cad6820272482970bfa5597e9fdf83cd8849e5ca84f36fab5685d35f20abe844a78c59af8c6713c12a28aeb0eeaf2d7eba5b5504341a7a778da7fcb9437580d3b3a456c23cae9c24233135abedefdf6b6c4beb3bf682066804a49ba5733291b833213ab7be2eef4eec46b132448b476a2026d4437dfc747f05e01b227ed71f12c1277ae20c28975260bfb7004fdfe27fba76d31965349af38fda66186d2b5a9a00ccdb2dd8b0a188d2520eeac7ede5e278bda48bb45c1a6777f659fa6cdbf4b48f5ff76a4212c1091749bdcce3ed2ca41813a95923ad488c9e0c86fb6e6e5713581a8b123ebbdca1c730d98f8ce8928ac0e71dbebb769601f82a221a261531a6983e4d5c338f69475719a0ff221c0fc585e2bbcb730d312c1458b6da5e697d9748d93a28534413e793c2cb83054d4f889902bc47dcc89fce45c30627543cea47f29b1a3d8e809b68934929fee112a6a00d1f109797b24b9398c5e3fd2195ae27924cb78640d9fe2feaf61d0fdb3d8e1375f0e47c235f3cd0b8733831988da883cbf1f8bb40772f4a00e7d2c377619994b29505d1041b1478452e54528d83c73f108e445235bb353ae037575e8d1fc2a8ae7e650327400c7463070e7c015101d2a7c9cf56b13c21247b48e34353b2b31dc606ae3ef3fa90f3180be37cf2662e485f1a60f8e99238b0e49204984a69a6d0c8e09ecbdeb9601ffe858148867ab79265336fe08c50486812e8717aa89f2d7013d3b6cf6fadaf62fbf7c5f30c6d1c7ee21083ae7f178f528d4c723c4efb1dc7d609fc6b6a75cba5ded83d6eb56128df144abbe2b0ff3b5b6503937d932f204e2edf5d79fc0b5c3110296f212b825861768f1182efc122fb48e23473dcb553266188073c79a08544a5ce554dbbc382259fcf9070e3472066f9573416e0c5fc62ef10f62cd5baeebce1fda1163908355d391957428f903f37b97aca32425cef337afbca4ae43c2339ef8bdcca911ed7f5d9e9262332068ee8cb2439530748cb31f98c1d3d4335bb2714967b521a72c5844540f8ba578b5d01b2cf1c335ce4d5d8cf2223d62d8495b88b4aba61b394f3b7ada40e678c80424271fd7059366c5d205019cf244c96b7b05e7ce2ee469d43acd00b4df8d220a6c6bca9c4b9e0391124829b69b75bc7a41d5f0437e09aa60e75d2511c3b27472782e6b857ba4747ebf9c62209676946f13375971db992c4d5b88c7c3b80f96542b34ac128914d2b57de54224a848010ed4743ffcc92ed5a4cabff9ba06a809d98291761416a8afb5c1b285c177d397305662a0f8e8853db0deefe094e84ad611372061bfc9238dfa8326c49b0ff04cb33d80d9d77fbc7e084817032721b24d26c0e3ffc8bb8081f324df6be5549827ee7475c0355d1d0bfdc8733f2375db4627fbc1ee759e2b3b40778195b11fcc56c039220072199b71423e6671384598162cf75ffe2a94781864da22602b725b78904b549707971ba384f04fa1f6080506dcb32f931b0369109bb19a37e3a31e37323cec29026c7100e81603ef3945359847898bf639c724a4186d756612cfae49767161877f0ee350eea512d261285b7a1af042bf701c648b044e99c333b9b3ea8d84ebb00c424fe599a49eed7c0c9ac1f637a83c63c1b8e0b1222a5fc070ad05c4366f144c006cbb3da6065e43ec86c74ce6a79bd8d21b774193cce5b734a80099233ab753d181491411ec18ddc90c037c67cba421144a12b16e609876efbbbaa2701cc853a377b9a34c21d872f3880a2d5e09e802a4697cd12cb982a2f0d08932f61b9b00d92faf901409170ada19d04a3bd1cfa3963f6a657aed2315e7895a49caef1ccad3a56598c178b4c35e93c4661dfe982c380ca757a4881075ca3b60b94dfc96493cab9568e005aac2891cd3074d68dded373abe5e7409262c9c1e7ef4d03d379c550174df9247b54d8a97b36d9d90398c1374a823f3a7afc4a5f2c7f620d710ed558639c5d14e4da2c0dcbe57f84f87fcab46e0f7e2cd5589f2c81503cc28ecbb6d6b19c70e483c2272e5207ef3a2f590f174ea7ad90827f4b981f5da8440187771fe68d2c95a8f9ec7cbfd2ccdcf4d4067a436c7f95311c125ca1bd7f1a7c86d4fe9efdc70681b9e1ff8943c33e731defc532c7b56d1e250468ab86190fe02d187e11a5bc10c4e6aedc7e2c15257da6424672932b7d8a426fa26cc0dcb15a84e601547b37c7d1544c735b01b2cc9b8d74b55998a772d5d085b858138dcdd34f649430970cae4ac855011635c7a3c71357578eb0dea75b7c98fe0dc0d2a4edaf789a97dfdc5e6416cc5b24a7553ce67cb156e654e01f37228a90328ffc23498d0a8b6f99972959eb7caacce7a25b4f214576621eb600832f0c1f80efa442252f36dab2ff7fbd1079abe8a109e8fc262b4df1183863c755b0bd1bb5b91e07a2203734163908dac694f50349ce51c43b135dbfd03b66b8d8e4851b25882177edb90904d3ddb66e7d01d5ce7c152802d0a89262f9a1207cf288c4c24bccbab4833314bb891d282b415ced60dd79f092bd7d4edfe23ad27a6c38313ee6105fc09abace66d7b3a1ed0b66d33fda333d97036bd9972c6b61315f4040082d72037f51d5c4f04f9e5ab50a0509166b3e042c4dfd860c614352a4d869d56da435977163c4b642408ff16017f91e35f2a18defaf17136f30ff7ebe8fb28f620fb14656f993b717a0627c6b5b6d1bb6e6945fd5a61d0dc500e9d21830a69f32b651c77bcfd2fbfeccf02f10bcbbb0c94005c62210f8a2d2c0aa30021fea3b93c7fe1dcc65fb8b554f016cdf1c3e5a38428f822190735781c6556383d710f41172abcbd2c3106bb15c3d405b92f4f250f0950d19e7a86d671441fa9bb70c2e671ea8d7a6de977f43ff6a95a44f19a716ca2b06ea1d925a636326bdba9a9cf50cce75be022a349d355d1ed08b6458b4e111a2fd5494a13501d34758e3091dc374ed494daa1dd85a6894f371e2eb313fd95bf0b0768d41aaf7b7f4fb78ea0e6db4ac843df449566b97a21d64178b87464389c96b1527b60b28e57c0d8bb287ab8af6cf52d864852877ea78c74002dc35da63b28de1d47e5900a047d5423be12573da645223150aa13e6c0d981ce095a7a5787e058e9f273a7aafab978a8d45b9be9a22aaa3d199834ab29cf89418ec35503b2d2b0439274261ba2f209401a6de9cc84eb2dbae9afec71b5d8ebd6f43bbb0f925070af41886ddd0023dd37a9f047330a4d722391e83205683ff1b0562f4df7107950dd21c98978c5331fb54fc256ccfd822a90a44c6609c6c01745f8f903ecb2049e91577f46d60c3d7a96ff973da69332adb1d9da608ef89a5c5e4dedc3f9a055c2e42b04b5419b570747ba0038ba606b543b9a1fd2404e0204cd5c77f4b2ead16fb6198364dc28497d05fbcb62c53d98a05cff61ce2dc876908e285b775be246656443e2c54e34baa169052d4535c7721efb7997e989f0b0cef57450790a1de90a0209b171281bea26086b5f34beb0fff695345798b0aa11bbf73ab8bac60180259cae508c43a214b8856a85e3511718424a7f03ef2c4368a8c011d5db521181458e8bc5fffa0fd75bf63fe867202c090c6edf00753cdff12fa9f2b68547906c6f81adbf143da96861ef530f6cccd8ec40b095d71d7a8e9324e39bf3477fc51f9b32c61c68cc5ffffd895439112da86f31cf9812940aaa12f6a9e625a747f665d02838b04ca5aea256cd21345fad861bc2ab5c1f43acebf69bf9e22b6dda6acf0c2d60405505ac29abad9cac43dc0dcaf312ffecd836c931ffc2914add7df412e2ea6f507f02a356a6226a60a94cefbde743eaea6c158553e9557c02c30541cfdbf216291369d9a73e6fdb509b414dfc2ea068c32c92ff5d63de7ccf97d055625271f5e6e5ef7182cce372f36727bc2f076dee35ce33cf1715e648c82b1e79f5358a2f100df4a9988c67d36813829834b396389eacc0d490a56450ba3fef0084f2ffe287aa6ff6579a03048e9f27723aaa891ae16a3e0d33aaf0b2a8121f9f8830d225bbf2bf6c98d33f5184bfcb6af2da85e2b28e1ea44bd5f2c51049a47d191f725805f0952e8849a09a2d58b195698862106ab6b4e49f52acfd6e2b6f27d7f9e374e59808df0babebbc38f86a5d955fb079c7491cc6c36fa3a79f99f5e0ac5c4b9146c2e57344c8ff5acff070afa2c3bcc5d0de779dffb5f3102d594aa1b2a212479f2c076c8d9aa355b5bd2370950a7611e86a616bdd749be6cf028513bdb34723cda054db7c635faadf95d569f5be51d3c414ad650110f43ee94e4a6d22934b50b48303ee70801a148efdf29197f1af211999fea5788d01b84c72306ca337bd47aac7c7abfa9911c38579f0eef71926567a375581b14fd5bcbf54a1a897d758d9a7250d52c6b8147595fa2a37e1d3afd615e736281458e4142cd7d14db080654be2ad9df6ff4115da2c3176ad8a87fe72cd42cf865d313c562074e91e05eb362224a85f1d468fa6bc6a3b045c68878eba9160269c04ef47df04b8bd8af9c726cde293a91bc34cc3ddb8cc4165117cf45e25506df769edae240116e7d580cafc6c11758d1af3cdd6286fdbe066635dfe328b4b17fd08877ccfc38f28f37cc26bb667ee168b178a10482aab105006cfb333fc046a86db3ff4a9885d8ae84cdf2ea252c7b7040b247b55e8353e0755657e35bcc90956d7c6fd1dd7943ec26d8a07d9348373a5e3e76851538dc02d9a43a081743cc6250ed916e15b56ce5240690f0d3b69a9d74d95c1c823e710d1af05c68ea7dbf42567ac01dca0b473206d6c02c0e30991ceb47c2b4d27af70060047b904f7a2812e9c6492d01a1b32faa08969861d3d3927216135caf647e724c88e05188d62b592c736414fce89da8d8d3aad49ad51ccbf6f4340cb9fd022af657ea9d85b0138f5f1b612d4275c495a8483d5fa4ebb7ff5410988db7db2ab505ee3da6622c55a2d6ca0cb4553df03b85f47d2e4cb942b22a9f443b5c82dedbd532d3c330083b4dafaba31afe1208bbdac5260faf6e277ae4edb99c39af80d2dac08a4fe81ca64b7baff34a9ae33d7f1a968ad1d61c43697f17b1cb2dafb04d4cde39bf04496ef501a7fce3854d9a17de1e1666d21c81843896e84f67730bfc411923cd322e9cfabe842d4ab176d553265fa567a12aac965a682c090da93450b111c8d1c59e1ae095bb63477bf581b133dbe8e63ccbe4d7cc7ad28174a0a0a2914c7dfe4be72beeb76f61df41f98ef7efb2067ad3d9bb57b4adbabd749f9c1bc603d10c230e379e11754576da3711dd32fcac98c86f9f7383706913e059d0ad3e283f6a23d1e41dc277d60a85066d0b13b9405ff0f82e3a0bc135c3580573c6b3fed026444f2302f12f0d3486e85b8e68579fb1fc7a99f7727be98ea7c23859d3aa1b0864b64d9e19cfd009ada81ce8df7a875b6740ee458859027a4858f993b4ea89b396979c23e1e6e4adf4202ee8196389a03de5a2106db2bc7f8e36529a74d941563728c4ff4827e180c5301180ba43f348f9bd9eedacf6397bce15575aa98e32f12431b01a12ca49f"}}, 0x1004) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 1787.657313][T14893] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1787.754926][T14893] FAT-fs (loop1): Filesystem has been set read-only [ 1787.761667][T14893] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000180)=@buf={0x4b, &(0x7f0000000100)="c36ae84a0fc8a317ce58f6720f47183fca911173b7ade16c725e181c49fceadaeb4fc756c1f7427d29d0c28691bc766e4f1ffd1ae1838893dc6b9c8ba97e24d215b2fe483349ec34462a0d"}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000080)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, 0x0, 0x0) read$rfkill(r6, &(0x7f0000000240), 0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1787.810624][T14905] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1787.828499][T14905] FAT-fs (loop5): Filesystem has been set read-only [ 1787.910922][T14905] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1787.946066][T14918] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:01 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x6c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x165014fa) [ 1788.002948][T14918] FAT-fs (loop4): Filesystem has been set read-only [ 1788.041248][T14918] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:01 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16, 0x900}], 0x311000, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="68000000000b01010000000000000000000000070800034000000001120001006d656d6f72792e6576656e7473000000180201007b2c76626f786e657431776c616e30657468310008000340000000000e0001006175746f67726f75700000000800034000000001"], 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x4080) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f00000002c0)=""/120) ioctl$SNDRV_TIMER_IOCTL_GINFO(r4, 0xc0f85403, &(0x7f0000000380)={{0xffffffffffffffff, 0x2, 0x1, 0x0, 0x6}, 0x2, 0xc7c, 'id0\x00', 'timer0\x00', 0x0, 0x3ff, 0x7f, 0x7, 0x7ff}) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:20:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000080)=0x2e36a62d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) 12:20:01 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r1, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0xd8401, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='pids.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x80010, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_SET_MASTER(r3, 0x641e) socket$pppoe(0x18, 0x1, 0x0) [ 1788.256566][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1788.275441][T14946] FAT-fs (loop1): Filesystem has been set read-only [ 1788.285349][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:01 executing program 3: timer_create(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0), 0x20, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x6b) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @mcast2}, {0x2, 0x0, 0xffffffc0, @dev}, r1}}, 0x48) [ 1788.318916][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1788.332930][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1788.371498][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1788.418302][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:01 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x0, &(0x7f0000000180), 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1788.460369][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1788.505777][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1788.517257][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:01 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) open(&(0x7f0000000240)='./file0\x00', 0x101940, 0x131) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) ioctl$CAPI_REGISTER(r1, 0x400c4301, &(0x7f00000000c0)={0xfe91, 0x4}) r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r4, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:20:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x165014fa) [ 1788.556348][T14946] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r1, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r2, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r3 = dup3(r1, r2, 0x80000) ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x4) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) 12:20:01 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x74], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:01 executing program 3: timer_create(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @mcast2}, {0x2, 0x0, 0xffffffc0, @dev}, r1}}, 0x48) [ 1788.671188][T14993] FAT-fs (loop4): bogus number of reserved sectors [ 1788.704606][T14993] FAT-fs (loop4): Can't find a valid FAT filesystem [ 1788.863274][T15003] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1788.895484][T15003] FAT-fs (loop5): Filesystem has been set read-only [ 1788.910816][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1788.961951][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:02 executing program 3: timer_create(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @mcast2}, {0x2, 0x0, 0xffffffc0, @dev}, r1}}, 0x48) 12:20:02 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0x20, 0x1, &(0x7f0000000240)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0xa, 0xdc}], 0x220a0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = gettid() perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x8, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f00000003c0), 0x1}, 0x1004, 0x0, 0x0, 0x6, 0x7, 0x4, 0x8}, r3, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(r3, &(0x7f00000000c0)='statm\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) socket$inet6(0xa, 0x2, 0xffffffc5) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @mcast1, 0x3}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1789.049734][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1789.068178][T15027] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1789.083409][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1789.117120][T15027] FAT-fs (loop1): Filesystem has been set read-only [ 1789.128471][T15027] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 1789.142573][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) r5 = accept4$x25(r4, &(0x7f0000000080), &(0x7f00000000c0)=0x12, 0x80800) ioctl$SIOCX25SFACILITIES(r5, 0x89e3, &(0x7f0000000100)={0x4d, 0x1, 0xb, 0x9, 0xff, 0x81}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) 12:20:02 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x7a], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:02 executing program 3: bind$netrom(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) [ 1789.244767][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1789.253445][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1789.324457][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1789.338847][T15017] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socket$netlink(0x10, 0x3, 0x0) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1789.510542][T15067] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.561324][T15087] attempt to access beyond end of device [ 1789.564528][T15067] FAT-fs (loop1): Filesystem has been set read-only [ 1789.602065][T15087] loop1: rw=0, want=2390, limit=116 12:20:02 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) r3 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r3, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f00000000c0)={0x0, {0xffff, 0x401}}) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:20:02 executing program 3: bind$netrom(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) 12:20:02 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x1, 0xed97) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socket$netlink(0x10, 0x3, 0x0) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.swap.current\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_X86_SET_MCE(r6, 0x4040ae9e, &(0x7f0000000080)={0x700000000000000, 0x0, 0x0, 0x4, 0x9}) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}) [ 1789.625051][T15087] buffer_io_error: 62 callbacks suppressed [ 1789.625075][T15087] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1789.680463][T15087] attempt to access beyond end of device [ 1789.696659][T15087] loop1: rw=0, want=2391, limit=116 [ 1789.732225][T15087] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1789.741300][T15087] attempt to access beyond end of device [ 1789.747056][T15087] loop1: rw=0, want=2392, limit=116 [ 1789.752375][T15087] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1789.760585][T15087] attempt to access beyond end of device [ 1789.766372][T15087] loop1: rw=0, want=2393, limit=116 [ 1789.771776][T15087] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1789.780009][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.789596][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.797832][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.805947][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.806220][T15096] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1789.813864][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:02 executing program 3: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x3a00010, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) io_submit(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) [ 1789.829510][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.837549][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.846127][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.853990][T15087] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1789.863143][T15067] attempt to access beyond end of device [ 1789.868903][T15067] loop1: rw=0, want=2390, limit=116 [ 1789.875033][T15067] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1789.885156][T15067] attempt to access beyond end of device [ 1789.890894][T15067] loop1: rw=0, want=2391, limit=116 [ 1789.896215][T15067] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1789.904417][T15067] attempt to access beyond end of device [ 1789.910156][T15067] loop1: rw=0, want=2392, limit=116 [ 1789.915792][T15067] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1789.924101][T15067] attempt to access beyond end of device [ 1789.930630][T15067] loop1: rw=0, want=2393, limit=116 [ 1789.936093][T15067] Buffer I/O error on dev loop1, logical block 2392, async page read 12:20:02 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socket$netlink(0x10, 0x3, 0x0) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff4c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}) [ 1789.978326][T15096] FAT-fs (loop4): Filesystem has been set read-only [ 1790.029891][T15114] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1790.052152][T15114] FAT-fs (loop5): Filesystem has been set read-only 12:20:03 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x3, 0xc}, &(0x7f00000001c0)=0x8) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:03 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x2181c1, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:20:03 executing program 3: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x3a00010, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) io_submit(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) 12:20:03 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x404401, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001240)=ANY=[@ANYRES32=r6, @ANYBLOB="5600f0ae2ede5285251f947fb8d227c9ef569fb3c792426fda754ac767ba8235836bd708f599c740002967a3a6af25b0110dd1220ccae87cd9d3abc46920ecabca1e1ba165993cba0f34eccf1030b420528c5c83000000000000000000dd21985064a91d4c57e4183438031889bea149e8c81a6b36ac637e919ad36fb6b2c8909b53be3d11fda7e2783bd7cc8e8663e91ab04684801cb786a57cdee79488f9378290e6bdfec664945ac9bab4a528b11e7727c3a3cb9975c55438fadc3633f54cb6f0b4da9954517e349f5aebeddc10da980ab687fe86305065d81a4a9ce0749a482db10487db457d7dd1df6351072a259f6be72d1bb2b9a2dfeeaaa6077bf482a18df4cd1e51d39adffbbefb8ce1107680a5bb884672b1158eb8033ae9c45a2223cf5f7aa301c165f4cdc6c588c405ba9b4e69e6760048d35e6d63ac58216c372c128bfaee5d8c234b6715975ccbe972fa30af3a2971568ba2c7555a247f52c3"], &(0x7f0000000440)=0x2) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={r6, 0x6, 0x0, 0xb5}, 0x10) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f00000000c0)=r6, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400]}) [ 1790.367547][T15148] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.376381][T15148] FAT-fs (loop1): Filesystem has been set read-only [ 1790.409575][T15138] attempt to access beyond end of device [ 1790.416877][T15138] loop1: rw=0, want=2390, limit=116 [ 1790.455159][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.463061][T15150] FAT-fs (loop4): Filesystem has been set read-only [ 1790.468185][T15138] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1790.474424][T15150] attempt to access beyond end of device [ 1790.484898][T15150] loop4: rw=0, want=2390, limit=116 [ 1790.490517][T15150] Buffer I/O error on dev loop4, logical block 2389, async page read [ 1790.499316][T15150] attempt to access beyond end of device [ 1790.505469][T15150] loop4: rw=0, want=2391, limit=116 [ 1790.510863][T15150] attempt to access beyond end of device [ 1790.517457][T15150] loop4: rw=0, want=2392, limit=116 [ 1790.523255][T15150] attempt to access beyond end of device [ 1790.528941][T15150] loop4: rw=0, want=2393, limit=116 [ 1790.534177][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.542041][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.549907][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.558355][T15138] attempt to access beyond end of device [ 1790.565441][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.576244][T15138] loop1: rw=0, want=2391, limit=116 [ 1790.581527][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.590242][T15138] attempt to access beyond end of device [ 1790.597843][T15138] loop1: rw=0, want=2392, limit=116 [ 1790.603892][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.614173][T15138] attempt to access beyond end of device [ 1790.631091][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.643913][T15138] loop1: rw=0, want=2393, limit=116 12:20:03 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1790.660297][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.668799][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.686742][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.696349][T15150] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1790.731664][T15170] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1790.751542][T15170] FAT-fs (loop5): Filesystem has been set read-only [ 1790.758447][T15163] attempt to access beyond end of device [ 1790.761420][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.764089][T15163] loop4: rw=0, want=2390, limit=116 [ 1790.764110][T15163] attempt to access beyond end of device [ 1790.764121][T15163] loop4: rw=0, want=2391, limit=116 [ 1790.764134][T15163] attempt to access beyond end of device [ 1790.764153][T15163] loop4: rw=0, want=2392, limit=116 [ 1790.801225][T15177] attempt to access beyond end of device [ 1790.808052][T15177] loop5: rw=0, want=2390, limit=116 [ 1790.818643][T15177] attempt to access beyond end of device 12:20:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81e]}) [ 1790.824736][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.832576][T15177] loop5: rw=0, want=2391, limit=116 [ 1790.840225][T15177] attempt to access beyond end of device [ 1790.845971][T15177] loop5: rw=0, want=2392, limit=116 [ 1790.852016][T15177] attempt to access beyond end of device [ 1790.854893][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.859989][T15177] loop5: rw=0, want=2393, limit=116 [ 1790.870942][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1790.887066][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1790.895856][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.904018][T15163] attempt to access beyond end of device [ 1790.912373][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1790.921538][T15163] loop4: rw=0, want=2393, limit=116 [ 1790.929173][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/6, 0x6}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x33) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x7b, &(0x7f0000000140)="f71559c80aa4cefd3b79e76a039acbd61c34f13ff7703cc78e407bfe020d0009eb2bc10f90a8b9a61d6d2fc9b7096ef2cb6ab7ae8301add958580b9976619a3718697b57c36753d0df4aaa013b48d37e1392267196e71eefa753750e2aad057cda6bb2eb9bc4be6756b1a5eb772b54195f430eb3401be28afcd694"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 12:20:03 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1790.938370][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1790.956316][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1790.981122][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1790.999533][T15138] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.035195][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1791.077516][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1791.109599][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:04 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:04 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') write(0xffffffffffffffff, &(0x7f00000000c0)="62357be6efffec55914ae88f8b221296fb539bad8aec35", 0x17) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1791.136471][T15177] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1791.156550][T15170] attempt to access beyond end of device [ 1791.162223][T15170] loop5: rw=0, want=2390, limit=116 12:20:04 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1791.182390][T15170] attempt to access beyond end of device [ 1791.200233][T15170] loop5: rw=0, want=2391, limit=116 [ 1791.213271][T15170] attempt to access beyond end of device [ 1791.225969][T15170] loop5: rw=0, want=2392, limit=116 [ 1791.251219][T15170] attempt to access beyond end of device 12:20:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="5600f0ae2ede5285251f947fb8d227c9ef569fb3c792426fda754ac767ba8235836bd708f599c740002967a3a6af25b0110dd1220ccae87cd9d3abc46920ecabca1e1ba165993cba0f34eccf1030b420528c5c83000000000000000000dd21985064a91d4c57e4183438031889bea149e8c81a6b36ac637e919ad36fb6b2c8909b53be3d11fda7e2783bd7cc8e8663e91ab04684801cb786a57cdee79488f9378290e6bdfec664945ac9bab4a528b11e7727c3a3cb9975c55438fadc3633f54cb6f0b4da9954517a349f5aebeddc10da980ab687fe86305065d81a4a9ce0749a482db10487db457d7dd1df6351072a259f6be72d1bb2b9a2dfeeaaa6077bf482a18df4cd1e51d39adffbbefb8ce1107680a5bb884672b1158eb8033ae9c45a2223cf5f7aa301c165f4cdc6c588c405ba9b4e69e6760048d35e6d63ac58216c372c128bfaee5d8c234b6715975ccbe972fa30af3a2971568ba2c7555a247f52c38d6d618c3be4741be5c382f6d7e1fd625932f76eac8a198b6172a82e7d782908a4c5213ae1e3b3530f33dc7d45706cd8b73569ff47adac6be533f9ee6400a11ba16cb4ad1588f839616b9d0bb5fe9adcbcf2600c099a76b97874"], &(0x7f0000000440)=0x2) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x6, 0x0, 0x8}, 0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e24, 0xec7e, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x1e, 0x0, 0xb54, 0x9, 0x2, 0x5, 0x7f}, 0x9c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101401, 0x0) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r4, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) prctl$PR_SET_TIMERSLACK(0x1d, 0xcf1c) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) [ 1791.309255][T15170] loop5: rw=0, want=2393, limit=116 [ 1791.319921][T15213] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1791.363071][T15213] FAT-fs (loop4): Filesystem has been set read-only [ 1791.400095][T15224] attempt to access beyond end of device [ 1791.436371][T15224] loop4: rw=0, want=2390, limit=116 [ 1791.496698][T15224] attempt to access beyond end of device 12:20:04 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:04 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x1010, r1, 0x3e219000) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r4, 0x1000000) sendfile(0xffffffffffffffff, r4, &(0x7f00000000c0)=0xf18001, 0xeefffdef) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x3, 0x40010, 0xffffffffffffffff, 0xae7c9000) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r3, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1791.549252][T15223] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.580930][T15224] loop4: rw=0, want=2391, limit=116 [ 1791.601279][T15235] attempt to access beyond end of device [ 1791.601878][T15224] attempt to access beyond end of device [ 1791.613329][T15223] FAT-fs (loop1): Filesystem has been set read-only [ 1791.636572][T15224] loop4: rw=0, want=2392, limit=116 [ 1791.641193][T15235] loop1: rw=0, want=2390, limit=116 [ 1791.652645][T15224] attempt to access beyond end of device [ 1791.669698][T15235] attempt to access beyond end of device [ 1791.672489][T15224] loop4: rw=0, want=2393, limit=116 [ 1791.688012][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1791.691052][T15235] loop1: rw=0, want=2391, limit=116 [ 1791.710934][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1791.722041][T15235] attempt to access beyond end of device [ 1791.753352][T15235] loop1: rw=0, want=2392, limit=116 [ 1791.772865][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1791.773044][T15235] attempt to access beyond end of device [ 1791.786841][T15235] loop1: rw=0, want=2393, limit=116 [ 1791.792137][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:04 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1791.802423][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.811310][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.812212][T15243] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1791.819535][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.837889][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000004fc8)={0x0, 0xfffffffffffffed4, &(0x7f000000b000)={&(0x7f0000000500)=ANY=[@ANYBLOB="240000001800210000000000000000001c140000fe00000100000000080012000a000000d24dc420848b2befeba4556a005cf0486388a33ada6538eeda728ea5"], 0x24}}, 0x0) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000340)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_LISTDEF(r5, &(0x7f00000004c0)={&(0x7f00000002c0), 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="040028bd7000fedbdf250600000008000700ac1414bb150001002f70726f632f706107aac46a5cdb8b6600000000080002000700000014000500ff01000000000000000001"], 0x50}, 0x1, 0x0, 0x0, 0x20040050}, 0x20008801) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r6, 0x212, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x1c}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1791.847178][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.850977][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1791.855073][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.855095][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.883555][T15235] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1791.891986][T15223] attempt to access beyond end of device [ 1791.899802][T15223] loop1: rw=0, want=2390, limit=116 [ 1791.920952][T15223] attempt to access beyond end of device [ 1791.934496][T15243] FAT-fs (loop5): Filesystem has been set read-only [ 1791.949469][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1791.955964][T15223] loop1: rw=0, want=2391, limit=116 [ 1791.967892][T15223] attempt to access beyond end of device [ 1791.980268][T15223] loop1: rw=0, want=2392, limit=116 [ 1791.986131][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1792.011898][T15223] attempt to access beyond end of device [ 1792.027658][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1792.042707][T15223] loop1: rw=0, want=2393, limit=116 [ 1792.054139][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:05 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(0xffffffffffffffff, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x3c}}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) ioctl$NBD_DISCONNECT(0xffffffffffffffff, 0xab08) write$UHID_INPUT(r1, &(0x7f0000000380)={0x8, {"6d33df65d90e871e05714f37ab6c3255d08c7bb3b84014ff673c6d44fd7af5eeded86998f34d43c21688f1344db3dab8b06095e1f549ed8388e36239e7124fa683cc7eedc0093ea7c38881ef692cbd616d0aab12c6b7a3e3eff346395f1d3ad5f1d9758b4555d5f8074f24d1a3e4076b60a5c801cf91275bcf87a22142d420912ee171acd5208e39f5009adbafce9c63f42cdcebbd6abdd69fac9951329f9cdd5fdbdabeda3fbc32597db6365ea41929d542ca5d8198dfe11e3f166e7bb0c68ff084a662cf4c7131f20c3b510a11d25915aba53092faf6921008636d7cb1d03834cbdeeb0ab1b3aedf900c193ee8d5071a3586a94203007ddc59c53a7f770f37a8911d86fb05ed501106129fbc721ba16fc4c3180121def6180e5371a4d24f4839c2109c8caf321ff13f88b36813e89d10b5de11e868370f02e630418833399d81b897b6751fc0a6fe0518bf4a93da42dd0f1e3b2d332a1be8e76a04b20f9ccacd92fc4157dbb9fcdb5eb779b9f05c24f6ff357e9e5e877363c5b9520ac8dc02b18ba6a73de3a9094c113bfdf0875e5b8e5296ccb1c664f248da69cff2bb9bac3fa1e999061e3987e32016938b4bbefac9e7c5d16eb28c8bc8a1898c7decf08058666a3771e6b67c8a04483053c2cd210a30b5d671ad06f42366f428126ea0a255fc88abb4420711cd98a6189db9be27f04c1e7e831197ef674cefbaf3bec4d2cb4aceba635433bef2a65b13845a7bb3ff1f5ecc27379ef8b6086c2bf0f5ad165e9b6bdc9e583dd11a8228a58fad72781b3b8e359efeaaaff403c849098264d2e323b3ed7cbe4083e0efe0a3909793156da5c651be26b0546d590a6f387c7a4875bd74f749b4522f8d381e1671e5646d564845b4816cda213949a2b5f3aede3afc609829cce2219dfc55fa0705e4808d62466c9cf12b6632edae4b2310402ee1280d4057d6f06e287bcacad3fbb01c09b7eab4af51aa01287b295a75b0c621afd33f730a2744ab93daec732d718457512521673ac8984186032d268b047453fb027cdc8bf600e6fbf5bd41a3f7aed294ce32e846167218a6be67ead9b739961e02cb0bf8bd3f43f06c1e824e5e0ce8991596a74f53423651fe0914d6c44be96b38a5812e1899689104f259763dc24ec2c204cbfdd695eb4dd97eefa55660e5a644f92798e752ad8a3f001d0731de897e0769cdf5f17d3c1cdca52a601ba0ce3ba78a2cc257ab77c25b80f9c6e1531eea0c38d5761827aa6a3ee1a9c2e8c12d9e2f66e5d263b48bcc60c1fc0ac9dc4cefefda71809104f123842c96823a3e820246f9fce2bbb2d26537066e95b6eb820bf146486d8b000b560fe5ce7de2987aea9cb32c0c8a0aa7dd8632a313650dea18af09be1269aeb70e59933f7df54d8709dcccc9a51d72a28e983f2a161263d0e14d98488d525bf32fd65f8c345f925b1136b7cbef644ff9fbc7d4fa762575346006c79c79ab4acb0b92f6aaff3a4f8d41ff7fce193509bec15647396898916cf49ced7cf3db1f8e8cf7f91b6ce5dd64a3bf4ab0803fdda7b8e580968c5e1587d5f36278aaa97e4114d62fba10c6f6b155c9d624304a253c2fc238b8aebb9654ce5b055753f9f6a42ecac7ace9bb8f6a7d85771474cf55f9c5ec6686396f5b3949d9bd9c84d00e637fd0290b068c2daf2f12a3c8ee3fd187d11365cf2719ce54efa70d4bbb096b063fbf4175a6123033f8c8653e9122dd2f998f2dfc3f624705d133e168ad78652ce02729e897c24448e77847328af48b4cb463539a446275dbe94f4968bad084a48f3de3623b574145f8ee8eef1f7dc0846ef9a03288e47c9c12fcea661d99667874252249ab3c462507a07ad2c3be56dea6f805231b8492a0b36267b997b17790c2ee7cd23edcec8c6e70787973f4c21a834a399d121ab77233d6a791c6f358846520d0594dc6f53489a1fe5b36eaed6fae33597d191daf8fc6eb7126777381773a39d70f7dfaa4028d73dd3370ec6287a920243ee9ac0a512c815175eb09baa2d243dc0bdd9955027e43005684d67e99a380ed313de516acb799df99b96b7bee64773dc6ebc8e80afb7ad3cfa267812d61bfb80857fa301b3f309edc56b9cd486e7a38efe50190e5343818b3cc6204328da22433b2730e3337c2eac7c48ee5aed0e0f9d5d583e47822e34c2c246ca2e9dc95ab791926da4c363f37fb7a1f89169353c71e15205f6638c528f7f1274044ffa7c935afb8275ed4105e8c3c7275653739378319690b9b7d7f2b0cd709530528011993e5a1acceda07b906cbcfe7f1f0e2d76dfca576c9a8eba197f516ed544c391a467ec3fa553b513d780680b5f801a4dd59b868abf08e46b98a5c813142cd81733fa70e66999e7bf0d00f8f7bef7ea23c9023c611ad107732d1b5c9b0738852d9696af3212bf5e1bbab0002189370d23afef733966c768dbd10e4dea8abb19d2fec81811cb66501d127c9980baff8296ca1c4e665ada0b74512abacb29234d501725f403bdabff2d59d84dbc68302b6ae2ac0df223e46db8bd9079516b7c236b021efa3d8d31f2f2e07369073e2a81e0b528c495ad2159c7ec81d584f23a5c15007815c2630991a2ed66f5653216b289060f8f4000fd71b43e880c7be2ac88ad47ce58f45f4ebc6e8e6dd5baee3430c6454ea26e6a5bd68f7d8848b5355ea91155f52784188c59352bf305b8e627a6e83c583c5e802f5b52401365c5e5bf007c8f9dd4b085e52f6ff513cd411f4304953b11c949bd50916f463c4d1a9fe39b83f4eabda384484b809f8c50e4e169359ac27305f27abccf43cf295ed71c7c6c950541ca6c35c58e7b435836555e2e488acade72684aa2a423441142c20b4d01c67554dce37922ff12c301c664f85d511e1df0cb542b91ec048597303746a03f0e8ec10d68cd9d72675444483847b2f00fc9be9d7add34df3ffd16fb7bdd5a26026624dbc649902b378d582eaa0bd9edeb0350812425b68b2cefa397388e0c4905b42d3062838d2c1e3077766768f0ac25fa9ffca0767d738f30d5380458a79ee867d7bc4721de5f46371f70ea2e6a9b2b02a80b1df7a4eed8a43e6719f8d0a43a3327eaa24bc1353416074acc19595288be162e9e686de7e03d75a8fda3af549dc3853c86275dcc31dbf32acc29ae110253cf421a3e1302650fe0eb2629a4fae9f2bea2bb563fd0a6d42724be6736ca32208bcc79652a2127111b6b5a8236457c854bb4dbf22251b1343d08f1b9e570cac8a1c5e7c480a62c3e2faccdad8d7ae7a4bd22de0389ad96b495b8c96e43c3eeedf20a742026795365923ed2e35185fed7d1d068e13d41f1bc9697a66b6fe0e02eb49b36a055147c62481347cd5939f51107543ec014d3d4f52d5fff78b9772bb1b22f6456e135d9aea9d8e1e38c5bbe34e4dd79e27970640299dc662eda9844012c6d59687b963bd81ca473147a7f9b93186a7e278947cc3fa9a3a920bb59aa49b267ebafbd8563cc12833d68a2069a47071a8ded24cc765e03208731d475a9ec65f3a6e1fddd39ba14a8601ac2bf67078b435aa697482e5805a9d14dd08d27322f0d22daa18210ba39fd0a6d77b349d0053c525e948a263ade6c8a9d86cb809e4e85622c939197ed8157a8d5457975b576555a30001135a89f048e36d3183d5ababfad8ad2cd7cb0137cd535cae8c920a85e3039be91ccab9bf79cf13bec50cd4a4a1b0b85609612ff5892f36d2656350b980459af77d78e28bd1b952e6747e5dc5b8fd0ac19696c3564a69fb7b805fcbf2afd01c9489a1df6d210a4d38c157cd26fbabec1a97d7afe05b9b054ecfe78ecf2b6f993b31383f6c6b05cf26582ec143c8024a2b6277fc6e221b579b11dd78a24fb68cbcbb5db4289ec2e14d8013a33b7810b60a40d4b8607793ec0bcdd7198bd1575314414593afec6cab5edb20f12993b0f856fec5ccf2fa2b1e21ac05f2cd148f41fe5982805061663cff0616ffea3a4b03684b7abd3dc0039f2248f15dad4bccff8c56d9b184d7146f657dd34f780836d3265112693b52e2321bd0aec0d6605dd5b7991a3e4c1d40bf00d1954fd11c35a6ad5b2e816f679c336b8719c82163c4d5d3694d31be102886437ff080ae36c950fcbb5f73af65a9910161c0508aa6f098e42de0f250ec2ea639695f7f7235b137b2cbe3c5cc9c5723ac253f74d3b50e800b3660412946119a1350bb30413931c0e10156ba73e940986f7769a40530ca50887bb54cfc65aeb3c9562d006ee8bdcae957a5fa4246d6889d31ce617bd99fa7bd4a69727fc3653c714cdf9eee225910b7d1c310dae13414a5180da7980c0c44751af95f078506e1b9c5482c70870f67973b1babb327ec86a6a37787a8c80d98cbcd2bacc6b1dd4af9c00f50971b6baad328f8233786844065d6f587852271ab550cd26c075030eb058ff39f92040b75f7c33db90ff2f5bbf49dd2e815f7067d491009144a184008eb746b021e442dfeef524162ac4c657f1d9ed655d55237cb64574450bb92d2db15d60c6b4b62531d6fb02e17bfa348dd32cc74e56276d09b547d85a23e9caf15e8b8f9e316836e64896c6556ca597de4ff77a074b186d4283e5ae4e18c2d3b270cedd52f5c023b8ce71f3f0b976660293328221faf3e0552548b36131c4d930e4af4fef55c27c6ba3f94f949cd1ac8b40c58dbaeca5ebb9542f0102f7bdfb05b6dd4da51709b5738a6ec17678222dca1f2963deb7b2713cc22f5ef434975093906b947b200b87f17d89f868c245a9de917d0d99b21ef6e7fec18bba710a431e31c85c71f1b351bc8a91bd8c467326f51970b81c0b321450acf7a438e1b752ff5c10a9dbc2361fb6ec8c3cd46d44db86251dcd1194deb44b955c804c539c0bbcbfcf0ee4f5d0c255d1d76c080a39ec5eeacc496e3cca8380bb689ee7a35006349aec81c4602971c7df682fef40adacf1a9c02801b47da5941ced69e2466f3dfc163eff74fab7ad7d0e39ecd934636bf3c88cd3e5fd54c9a1fbac7128ff7c50c9a9393a894546076b71e375003af737040348a68d1aa6ba7d1f09fd52390dfb4db04c7881ce8fb1e9d9798aa8418bb771fd3d678df823aebdfb35b3914cc30d6a6f81f96abd339f2fd23c8ef328a20fea66bd51bc38c9f5f3c62421105508a960f36f66fc8bd7b002651af28968844b9d7fb292c5f2b287a91e3a37bdf4a6d132916e038f248c389dc45eb25f6b607fcd5993892458530fac63cf47094f7b297b223612c6934b99517e14dec3c4bbe0121a1f2787472cfb77b6aefe3c8d0d389cb7e9f6329e7d71e2fcef443fd6d2abb57e680b0313d0815668dff96480d4be3bb8f08049f5f74d848940f394a71cc73fd603a44cda2e2463b2728ee89261911d41395388ac2296a0ad0e8dfd13340a33f6707790a0b25fbca34a3da8e9f5f8958f92d6d7f5518d0313e56f6a07c0ec3b453a53c39a3bc245cf77b7a37b254e2840da806d5e2bdc7d3fff367d07b2d5a0acf1b3f46ead88c46885adc0c7f1e2e489a69cb77ea525a9fd05c8cdf20183ea36711a539267911421662dfa37539a027abd57b9cfa8260207dfa0afe02260f06bf54cbb41a5b90acd1352f6e6cbf40028ee0eb92fd0448d266c28195ee959bae83fcfd4e58a339822f9df5fce17da11da6681194a98e98619742b44afa402421d70060174b2ce1eea911835e739c207d62833cd4923977de2a5b466b95c5ad35986121528ba32e2d1099d5730b2d9770ee4e8aa2d9c84063b1e8a89127ec08bd99aa790532fb342094bf6314d197895107834e7ba227a2f24c", 0x1000}}, 0x1006) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x80441, 0x0) ioctl$MON_IOCT_RING_SIZE(r4, 0x9204, 0x7909e) dup(0xffffffffffffffff) [ 1792.087776][T15224] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000080)={0xab4, 0x200}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6bf0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000]}) [ 1792.384675][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.396727][T15276] FAT-fs (loop5): Filesystem has been set read-only [ 1792.404946][T15276] attempt to access beyond end of device [ 1792.410655][T15276] loop5: rw=0, want=2390, limit=116 [ 1792.424258][T15276] attempt to access beyond end of device [ 1792.444191][T15276] loop5: rw=0, want=2391, limit=116 [ 1792.449508][T15276] attempt to access beyond end of device [ 1792.464932][T15286] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.476813][T15276] loop5: rw=0, want=2392, limit=116 [ 1792.482042][T15276] attempt to access beyond end of device [ 1792.488554][T15276] loop5: rw=0, want=2393, limit=116 [ 1792.493889][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.502629][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.510903][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.519104][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.527270][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.535839][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.543978][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.552512][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1792.560684][T15276] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:07 executing program 3: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x3a00010, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) io_submit(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x101000, 0xa) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 12:20:07 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:07 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(0xffffffffffffffff, 0x6431) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$sock_SIOCDELDLCI(r2, 0x8981, &(0x7f00000001c0)={'bond0\x00', 0xde01}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)=0x6, 0x12) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) ioctl$KDGKBSENT(r3, 0x4b48, &(0x7f0000000380)={0x2, "48be0c6b62344856240059d8d5c7eae55702831e7f76bd7bc89f5f4ca99e1af38baf10006bf762c90ce49e253c93a55380beea9cd1857c50637c72392af102cf4895175405bb476bed17bfd69fa0ad61c5c16c0b630d6f9dd2d0e6e938c3072c32e160ccdf0e94a47ed857f3fd3af5af98bf35922406cfbefe1057734ea91d32525d1defcb29da425e88f5049a906e3ad689b3b97103e7fd1cb473678d5b828f851840a1511e8c7fbd6c5016275cfdd88847e4794926875c02fc5d31ac5ae279996608df5a083fb16030ae9b88e29e40da51cb6d73ffa92feb1c9dd93135c59e690810652d38aece214e1868c6d38c5c5900996b1fe7f8be0365aa96bd1317759e0b7ac068d5561732cd2b40ee78f1dbd844b0d0b52b9674b97f264d0bd164f6c90aa0e66f6c23a31bd50b43d4f5c860cbbdf310ccc3e0bf4075151784621c295f605a548a363ebae83564395c9d352ed32c29e57dbd5d072b10dc633b0367741af6e0a1e5eab65d8ee08caa90149015835f7be02515cfa60345070b3777ddaf82ec4769baf81c02df0ec8df7645212d823882bb4c1d6e164995c7ef27d1801ca809f9167ef53d22dbe9ccb8006d5eb9cdff3f40966509d7f8991106175d6df05ff93c011804ab61abc74af17b89b0277fcc9816e5d3174f730817b1e913c1e740fa8fb91f3c911b573f1faf42126ca8b1f85e1cc5e45f7f469fe3ce2ef8f88e"}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1) 12:20:07 executing program 2: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x16, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_delete(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000080)) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) 12:20:07 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x16a) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x420080, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f0000000240), &(0x7f00000002c0)=0x4) r6 = gettid() perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x8, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f00000003c0), 0x1}, 0x1004, 0x0, 0x0, 0x6, 0x7, 0x4, 0x8}, r6, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f00000001c0)=r6) [ 1794.270775][T15327] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1794.290525][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.299125][T15329] FAT-fs (loop1): Filesystem has been set read-only [ 1794.311069][T15329] attempt to access beyond end of device [ 1794.317368][T15329] loop1: rw=0, want=2390, limit=116 [ 1794.322910][T15329] attempt to access beyond end of device [ 1794.332034][T15329] loop1: rw=0, want=2391, limit=116 [ 1794.338458][T15329] attempt to access beyond end of device [ 1794.342892][T15346] attempt to access beyond end of device [ 1794.344386][T15329] loop1: rw=0, want=2392, limit=116 [ 1794.351420][T15327] FAT-fs (loop5): Filesystem has been set read-only [ 1794.358942][T15329] attempt to access beyond end of device [ 1794.368859][T15329] loop1: rw=0, want=2393, limit=116 [ 1794.372558][T15346] loop5: rw=0, want=2390, limit=116 [ 1794.374379][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.390740][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.395079][T15346] attempt to access beyond end of device [ 1794.398766][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:07 executing program 2: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:07 executing program 4: setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000001c0), &(0x7f0000000240)=0xe) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x8, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000040)=0x200000000) modify_ldt$read(0x0, &(0x7f0000000380)=""/152, 0x98) [ 1794.415613][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.423620][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.432491][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.443657][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.455344][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1794.463268][T15329] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x200000, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f00000000c0)={0x6, 0x100, 0x4f, 0x81, 0x2f, 0x7, 0x7}, 0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1794.474977][T15347] attempt to access beyond end of device [ 1794.483211][T15347] loop1: rw=0, want=2390, limit=116 [ 1794.485552][T15330] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000020) [ 1794.499113][T15347] attempt to access beyond end of device [ 1794.534185][T15346] loop5: rw=0, want=2391, limit=116 [ 1794.539531][T15346] attempt to access beyond end of device [ 1794.545990][T15347] loop1: rw=0, want=2391, limit=116 [ 1794.551297][T15347] attempt to access beyond end of device 12:20:07 executing program 2: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1794.584387][T15330] FAT-fs (loop3): Filesystem has been set read-only [ 1794.603452][T15346] loop5: rw=0, want=2392, limit=116 [ 1794.612832][T15347] loop1: rw=0, want=2392, limit=116 [ 1794.648690][T15347] buffer_io_error: 42 callbacks suppressed [ 1794.648708][T15347] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1794.649723][T15346] Buffer I/O error on dev loop5, logical block 2391, async page read [ 1794.678895][T15347] attempt to access beyond end of device 12:20:07 executing program 3: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x3a00010, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) io_submit(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x101000, 0xa) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 1794.704263][T15347] loop1: rw=0, want=2393, limit=116 [ 1794.710060][T15360] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000400) [ 1794.753957][T15360] FAT-fs (loop4): Filesystem has been set read-only [ 1794.764372][T15347] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1794.797335][T15346] attempt to access beyond end of device [ 1794.826589][T15360] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:07 executing program 2: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1794.848097][T15346] loop5: rw=0, want=2393, limit=116 [ 1794.882101][T15346] Buffer I/O error on dev loop5, logical block 2392, async page read 12:20:07 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) statx(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x6000, 0x200, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1794.922826][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1794.967771][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:08 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000000c0), 0x4) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1795.016963][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:08 executing program 2: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1795.128112][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1795.149840][T15382] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000020) [ 1795.207965][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1795.227529][T15382] FAT-fs (loop3): Filesystem has been set read-only [ 1795.240802][T15395] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1795.289428][T15407] attempt to access beyond end of device [ 1795.300070][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1795.320947][T15395] FAT-fs (loop1): Filesystem has been set read-only [ 1795.337148][T15407] loop1: rw=0, want=2390, limit=116 12:20:08 executing program 3: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x3a00010, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) io_submit(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x101000, 0xa) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 1795.386317][T15407] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1795.404238][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1795.420256][T15406] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.447277][T15407] attempt to access beyond end of device [ 1795.453052][T15407] loop1: rw=0, want=2391, limit=116 [ 1795.458452][T15407] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1795.464358][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1795.484083][T15407] attempt to access beyond end of device [ 1795.490064][T15407] loop1: rw=0, want=2392, limit=116 [ 1795.491386][T15406] FAT-fs (loop4): Filesystem has been set read-only [ 1795.504922][T15420] attempt to access beyond end of device [ 1795.510757][T15346] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1795.518824][T15420] loop4: rw=0, want=2390, limit=116 [ 1795.544445][T15407] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1795.554232][T15420] Buffer I/O error on dev loop4, logical block 2389, async page read [ 1795.562418][T15420] attempt to access beyond end of device [ 1795.577731][T15407] attempt to access beyond end of device [ 1795.583397][T15407] loop1: rw=0, want=2393, limit=116 [ 1795.588941][T15420] loop4: rw=0, want=2391, limit=116 [ 1795.606790][T15420] Buffer I/O error on dev loop4, logical block 2390, async page read [ 1795.644095][T15407] Buffer I/O error on dev loop1, logical block 2392, async page read 12:20:08 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) dup(0xffffffffffffffff) 12:20:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8655, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 12:20:08 executing program 2: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1795.652237][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1795.663934][T15420] attempt to access beyond end of device [ 1795.689814][T15423] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000020) 12:20:08 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x8, 0xe5}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r0, &(0x7f0000000640)="20048a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba72764f460593d41d43e9f589502652fe815ef1da2c0975e828d69536eb96c2c27f564dcc44d2a18bf98a8698f09764ff95bda5a0520964e8e84670e557cc255a621254e23c5e3afd68721e31a0caa4ac9e40a612dd4bff3553cc00a47f618b8289ce1086193ea338ae5473fc048d1e696a52f65d00d34ed03cfb8125020463ba3054af5f7a2fd4c733242927960b07d0d81f303157417af8907b820d74a1dc84ea78e317584a11da56d5842dec5823a376d939a621adf86c8297db303ab14b7fa0cfa4316987c1ac3303f6acdaa8a946496cb09a6a0785a49f67cfe7725ff477933e4f38d99e6062f1bec6c4e857d64a8ba966cc4c024177bb10e4f5c05db8e7d4cd2437cff4067d9c6f68d8faf4342112a53e640e2c070ed68a364a209139ad", 0x10000, 0x80, 0x0, 0xfffffffffffffd64) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x6, 0x0, 0xb5}, 0x10) [ 1795.702739][T15420] loop4: rw=0, want=2392, limit=116 [ 1795.704873][T15423] FAT-fs (loop3): Filesystem has been set read-only [ 1795.747005][T15420] attempt to access beyond end of device [ 1795.773218][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1795.788431][T15420] loop4: rw=0, want=2393, limit=116 [ 1795.794268][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.802736][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.813373][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.819528][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1795.821498][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.838458][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.849021][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.857697][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.867521][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.876178][T15420] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1795.888205][T15433] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1795.898129][T15427] attempt to access beyond end of device [ 1795.903775][T15427] loop4: rw=0, want=2390, limit=116 [ 1795.937743][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1795.941170][T15445] attempt to access beyond end of device [ 1795.947086][T15427] attempt to access beyond end of device [ 1795.961293][T15433] FAT-fs (loop5): Filesystem has been set read-only 12:20:09 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1795.985830][T15445] loop5: rw=0, want=2390, limit=116 [ 1795.986873][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1796.006352][T15427] loop4: rw=0, want=2391, limit=116 [ 1796.007576][T15445] attempt to access beyond end of device [ 1796.013327][T15427] attempt to access beyond end of device [ 1796.032450][T15427] loop4: rw=0, want=2392, limit=116 12:20:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000080)=0x7, 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1796.039390][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1796.053514][T15427] attempt to access beyond end of device [ 1796.064170][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1796.068647][T15445] loop5: rw=0, want=2391, limit=116 [ 1796.080001][T15427] loop4: rw=0, want=2393, limit=116 [ 1796.106173][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1796.126893][T15445] attempt to access beyond end of device [ 1796.142401][T15407] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1796.161829][T15445] loop5: rw=0, want=2392, limit=116 12:20:09 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0x5, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) mount$9p_virtio(&(0x7f00000000c0)='syz\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x2010800, &(0x7f00000002c0)={'trans=virtio,', {[{@cachetag={'cachetag', 0x3d, 'msdos\x00'}}, {@msize={'msize', 0x3d, 0x3}}, {@cache_mmap='cache=mmap'}, {@cache_fscache='cache=fscache'}, {@cache_none='cache=none'}], [{@uid_eq={'uid', 0x3d, r1}}]}}) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r5, &(0x7f0000000200), 0x806000) write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r6, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1796.191700][T15445] attempt to access beyond end of device [ 1796.224337][T15445] loop5: rw=0, want=2393, limit=116 12:20:09 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:09 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1796.259149][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.297961][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.325764][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.364148][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.396538][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.427788][T15472] FAT-fs (loop4): bogus number of reserved sectors [ 1796.437838][T15472] FAT-fs (loop4): Can't find a valid FAT filesystem 12:20:09 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1796.457277][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.493535][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) sendmsg$NFT_MSG_GETFLOWTABLE(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x17, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_FLAGS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x100}, 0x4040000) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) [ 1796.502889][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.512274][T15445] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1796.522064][T15452] attempt to access beyond end of device [ 1796.534404][T15452] loop5: rw=0, want=2390, limit=116 [ 1796.581856][T15452] attempt to access beyond end of device [ 1796.646645][T15452] loop5: rw=0, want=2391, limit=116 [ 1796.661721][T15483] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1796.682917][T15452] attempt to access beyond end of device 12:20:09 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = gettid() perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x8, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f00000003c0), 0x1}, 0x1004, 0x0, 0x0, 0x6, 0x7, 0x4, 0x8}, r5, 0x0, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000002c0)={[], 0x35a, 0x7, 0x8, 0x8, 0x4, r5}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1796.702736][T15483] FAT-fs (loop1): Filesystem has been set read-only [ 1796.719019][T15496] attempt to access beyond end of device [ 1796.732717][T15452] loop5: rw=0, want=2392, limit=116 [ 1796.763190][T15496] loop1: rw=0, want=2390, limit=116 [ 1796.773324][T15452] attempt to access beyond end of device [ 1796.789066][T15496] attempt to access beyond end of device [ 1796.798359][T15452] loop5: rw=0, want=2393, limit=116 [ 1796.807825][T15496] loop1: rw=0, want=2391, limit=116 [ 1796.813285][T15452] attempt to access beyond end of device [ 1796.827175][T15452] loop5: rw=0, want=2390, limit=116 [ 1796.829601][T15496] attempt to access beyond end of device [ 1796.835635][T15452] attempt to access beyond end of device [ 1796.869605][T15452] loop5: rw=0, want=2391, limit=116 [ 1796.883677][T15496] loop1: rw=0, want=2392, limit=116 [ 1796.889820][T15452] attempt to access beyond end of device [ 1796.901307][T15509] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1796.909435][T15509] FAT-fs (loop4): Filesystem has been set read-only [ 1796.919070][T15507] attempt to access beyond end of device [ 1796.924147][T15496] attempt to access beyond end of device [ 1796.925875][T15507] loop4: rw=0, want=2390, limit=116 [ 1796.936589][T15507] attempt to access beyond end of device [ 1796.938042][T15452] loop5: rw=0, want=2392, limit=116 [ 1796.942651][T15507] loop4: rw=0, want=2391, limit=116 [ 1796.954467][T15507] attempt to access beyond end of device [ 1796.960275][T15507] loop4: rw=0, want=2392, limit=116 [ 1796.966583][T15507] attempt to access beyond end of device [ 1796.969575][T15496] loop1: rw=0, want=2393, limit=116 [ 1796.972364][T15507] loop4: rw=0, want=2393, limit=116 [ 1796.983274][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1796.991317][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.011652][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.018672][T15452] attempt to access beyond end of device [ 1797.019828][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.033497][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.037100][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.041389][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.057750][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.066110][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.068421][T15452] loop5: rw=0, want=2393, limit=116 [ 1797.074434][T15507] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.092021][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.108422][T15509] attempt to access beyond end of device [ 1797.115332][T15509] loop4: rw=0, want=2390, limit=116 [ 1797.124057][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.134240][T15509] attempt to access beyond end of device [ 1797.146551][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.155370][T15509] loop4: rw=0, want=2391, limit=116 [ 1797.166439][T15509] attempt to access beyond end of device 12:20:10 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000240)={0x7, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r6, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f00000002c0)={&(0x7f00000000c0)=[0x7fffffff], 0x1, 0x80800, r5, r6}) 12:20:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x20000, 0x0) ioctl$KDGKBENT(r4, 0x4b46, &(0x7f0000000240)={0x9f, 0x3, 0xff}) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(r3, 0x4030560b, &(0x7f0000000140)={0x30, 0xd, &(0x7f0000000080)="9c359da914667cc6904f76f42440bc1f4fb2899171f3b6990a49a1569540ceeea29a75d6e168a1bc44c8f60928e4f0c2912c24c4262037fe87e83e9e60fa412ecc550d4e9e784329e521de1890a3c199cc53995875c6a8361e2e60834dd17ab402ac8e4f25c2aa10a085842bdce1dd7a42fc32033788922b9e8090a9f4dc479f0a6f000cd18954ab338148f85837dec46fd770452abe", {0x8, 0x3000, 0x4f424752, 0x1, 0x4, 0x3, 0xa, 0x4}}) r5 = socket$unix(0x1, 0x1, 0x0) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) [ 1797.172269][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.182813][T15509] loop4: rw=0, want=2392, limit=116 [ 1797.189085][T15509] attempt to access beyond end of device [ 1797.196007][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.204662][T15509] loop4: rw=0, want=2393, limit=116 [ 1797.210115][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x1) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1797.229586][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.239869][T15496] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1797.248831][T15483] attempt to access beyond end of device [ 1797.263504][T15483] loop1: rw=0, want=2390, limit=116 [ 1797.311237][T15483] attempt to access beyond end of device [ 1797.341972][T15483] loop1: rw=0, want=2391, limit=116 [ 1797.374784][T15483] attempt to access beyond end of device [ 1797.380562][T15483] loop1: rw=0, want=2392, limit=116 12:20:10 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1797.421443][T15483] attempt to access beyond end of device [ 1797.433986][T15483] loop1: rw=0, want=2393, limit=116 12:20:10 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x11, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 12:20:10 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1797.528001][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.538368][T15538] FAT-fs (loop4): Filesystem has been set read-only [ 1797.547715][T15538] attempt to access beyond end of device [ 1797.553808][T15538] loop4: rw=0, want=2390, limit=116 [ 1797.559349][T15538] attempt to access beyond end of device [ 1797.565430][T15538] loop4: rw=0, want=2391, limit=116 [ 1797.570760][T15538] attempt to access beyond end of device [ 1797.577040][T15538] loop4: rw=0, want=2392, limit=116 [ 1797.582412][T15538] attempt to access beyond end of device [ 1797.589618][T15538] loop4: rw=0, want=2393, limit=116 [ 1797.595760][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.603635][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.614610][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.631263][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.639645][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.648495][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.656740][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.665028][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.673443][T15538] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1797.682243][T15549] attempt to access beyond end of device [ 1797.709797][T15549] loop4: rw=0, want=2390, limit=116 12:20:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x140c, 0x10, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000800}, 0x2000c000) [ 1797.772546][T15549] attempt to access beyond end of device [ 1797.793917][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:10 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1797.818280][T15556] FAT-fs (loop1): Filesystem has been set read-only [ 1797.844603][T15556] attempt to access beyond end of device [ 1797.850281][T15556] loop1: rw=0, want=2390, limit=116 [ 1797.864083][T15549] loop4: rw=0, want=2391, limit=116 [ 1797.869377][T15549] attempt to access beyond end of device 12:20:10 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r3, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0xfffffffffffffffd, 0x12) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1797.913896][T15549] loop4: rw=0, want=2392, limit=116 [ 1797.919435][T15549] attempt to access beyond end of device [ 1797.927938][T15549] loop4: rw=0, want=2393, limit=116 [ 1797.937649][T15556] attempt to access beyond end of device [ 1797.943323][T15556] loop1: rw=0, want=2391, limit=116 12:20:10 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1797.999236][T15556] attempt to access beyond end of device 12:20:11 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x420080, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r4, 0x400442c8, &(0x7f0000000380)={r5, 0x9, 0x5, "99f056299ee3827709d24b67a098f447f4114da29f6470fb64472a304200eb9c6393b7ecf5bf999629b2d8767dcce89a7bb1953803c6a6b9b7b0536aa8f4954b1887bb55703f1bb5782836634b6446992a2efec6f918044a586f17c3d7f4bfc8d216484646f6ceffffccd627075f2ca0f2a39d60d7963c92127e285b493a930fe3b43d72dd1f75cad2a159d1f9758527b37797d57ee96eb7e28b73c7153efef6e3527ba8d8ffa328314c41d6a7193d99"}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r6, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1798.044093][T15556] loop1: rw=0, want=2392, limit=116 [ 1798.049362][T15556] attempt to access beyond end of device [ 1798.074278][T15556] loop1: rw=0, want=2393, limit=116 [ 1798.109163][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1798.144123][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r5, 0x40505331, &(0x7f0000002fc0)={{0x7, 0x1}, {0x1, 0x9}, 0x6, 0x7, 0x81}) r6 = dup(r1) sendmmsg$inet_sctp(r6, &(0x7f00000030c0)=[{&(0x7f0000000080)=@in6={0xa, 0x4e23, 0x1, @private0={0xfc, 0x0, [], 0x1}, 0x5}, 0x1c, &(0x7f00000000c0)}, {&(0x7f0000000100)=@in={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000000240)="e16125fa744a7a4bdbd74c5d07535729f4fed76412f0e3f2faeec8296398d11ae4eef2dcdaa0b60116b9f6331bd67ac8c541a3f6c71778aa1ba5b3d938516e5169c2e3165373d2522ca8bd67422527faf15bbf2e2b0f77bc6002d0d08dcbfaa33d6c1bb5e0e775e864669b68d81095443da73949f56c95ff947da6ead87065d1cfca5f115086bb3e660194f8b31f2b71", 0x90}, {&(0x7f0000000140)="75a0a598e23f4610754dc1b3b14b8cb9d9badab36984b3a105af3660b73ca829b66ecb6e124db1af00108815f6fff5431e3ef52de9df337d54b848a24822893d49237b26b74732465a6db9095b2e0f54f59e2d92e503cf64805fb0c1638cdc05815f", 0x62}, {&(0x7f0000000300)="c9e26ef80a3fe041606bfcffa55f201d039a444ae8f3ef2e20a100f35790dfca8eae1dadd83da6e632daafbcc2e920bc7def22956e4c8465159468e57ebbd171548052dce2184760cc1be2c0728ef7e2a4cd46da48c5a128a7df179c5b7a1d1799e8acf80b8fc55798f949361cf181dcc4d88d5f58a980c6742ea8808f23311e14f515a8999e57b1d72544acd2f5f0bed404b4155ee1803c715845dbdedc5b1f3722df03a0e1f5c867f0abc0f0fb31416e5b69228f512ae2bcb3e160aabb7b93d2abad5184c4ddb02956bb131cf1b221f432bc39bf06098fc9ad4761014c21866e25fdf7d9b978282dc274dedcfc2341576df75fdf625c7c7b9604", 0xfb}, {&(0x7f0000001440)="b1597d41b00ebe679c47c46e8787825c63fac4a20c3fcaf3ca4768cea591554b8a297c8fe46e01426069331e148c4d723e1de9c2cf844346505d0e83cd7e08ce0503837128157dce42a27003af2a32b1fe37351ab1ccd2d09666656c6fb16b1b7ed10efc410ab244558389cdda8be7d6c5f8efe546b34c63b9b955705e5b2600e37bca8c01f1f72ac464b4660b8220452547d80a28307e13661cf37b1b0cc44ba00b6488deec67cc33eafe556f984fb02e87c7f4892129c8dbe623271ed6cf68b891443f2cf6ee8af4674fd769c1481fa3e0f96e1485621a081a5862", 0xdc}, {&(0x7f0000001540)="b1f1469e9b1c95aa24d8d95928be98e7bc8b8888031eb017042b36c59038158474de628767e344209314a8093570bf60fa46350d1f475f451f1ed8f0ed24f552f16fb1ac73a21cc8e0eac93cabece4878234695cf9e39cb7a48b83f271683807742a8650301d3c3e4da27f6d62786bac9bb408d3e7f188c53e31cf7f76840e", 0x7f}], 0x5, &(0x7f00000031c0)=ANY=[@ANYBLOB="18000000000000008400000007000000ac1414aa00000000300000000000000084000000010000000600018002000000030000000100010002000000040000007f000000", @ANYRES32=0x0, @ANYBLOB="18002000000000000000000005010000100000aaaa5ba23b82f840046a13dbae3100040000001800000000000000840000000500000000000000180000000000000084000000070000006401011f0000000000000000003a89d46cdc344902d9e21b73d7463542f4b8e26355168d1722bacb11d7b98acabbd2ad5636b8264033bb9b6c70f974176f5cdf6e51627f7d1810859914a63cd711316700000000000000000000000000000000431ec4dfab00495040dda847ef2b571326fab828d5f7ef62ab9b6b81770d4ea8d9ec1d30885a8d5a5cca5b62702ccd0863e25a8782da2d21405f54a102a946cb575f692f30feb21ca4c60775e9be4a0fec47f0d532330acfa312d131aa0804fdfd67a03da5879fe1a2ac85b2ac4d59bf9915c710f2891af07ad334b9c54e1d5500"/314], 0x90, 0x400c0c1}, {&(0x7f0000001700)=@in6={0xa, 0x4e20, 0x7fff, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, 0x1c, &(0x7f0000002bc0)=[{&(0x7f0000001740)="4a329f039d7443dbc2aa6707bf920ccd932671502911b6b54dbef08a72964b75d05bea961a7adc8d18e1ba70cc2322d0482fab0140e7051263e468ad6223d26fb377830ced31a909a38f5af1bd562fccb845675044342bb581f3488ffc9f9bc91e", 0x61}, {&(0x7f00000017c0)="bf485df5314a83f5b0ef6286f63d06fd076b162b716926e3ddafd6fa7ac677f2c05f9bb5b51050c1486d5e0ba69538160fa45ae48a167591d7654250576f618336ef4a4a40d293029f3e801e00dca8487f3a3c29ec9379f7b9dbe02cd9a0a787a7a9198e3d411ab4156b078c7ea8a3a0d9a1d864b8adb62839f86aa875e53ec8833babcc0f096bc296ae64d305cfa17a793e0ac116c3fe4095c18ad7bf5a5ca9d4be467bd44e293f1848aa14609fa138534da3cba3b7338930886ef3f0ba45472091c947f98ceae779fd8bb2c4a8c4acde3a1ebc8787f540d2e62c3d28abcf5c81f2d84bb1ff01fd", 0xe8}, {&(0x7f00000018c0)="abc9dc351cf4aabc3192a7ae0b08c2826692497e7cd4b8138e3de9d78db08fb343d254863148ba8e93025092e33acf0d3b77e462fc50f8dac8d7e50c43abbd99a03625b25b7a43940511aff4ec79ecf8e1fe17fd701e83cfe034ba33b2d02408c1bebae8cd2fd2a3531d28c31bc8de70509d7660b7faafe7044390a635036cedd8fd3a0bbb9933e29bfa908845b2b7de7eb00869d5bc9f412c0bc541d5192c41563d7a125e0dcaf90c37fc2cdb00113d3dcc221b2bb86bf6848941ab09895b35be0f9496ea4491ed8b547fb04ff1213c85dd76916c4bbf166a3b17a4c83a1fa8e2d35d17800f71d647b1cb2b6f87e84ef448bb01bd925779d792969da2648db20b7dc5bb4103f1639e9704b07c7481e845de68dfd39138867edbfaae6d9d158f158d0399a78d8a6e604c2d734a23fb05849ebdeaa1ac2447a674bcc05e075da0566a23e5a2e3560b3eac40926f667d2c4d17ba32a08c234d38956ca0b243a9b9b127666742a5493850d47c4a2f516bee26d730a2a7158dc7d59ea11d740b2a65678da474682211db596e6a7383e4d966679e752dcc1b34e898ac4a52d0b211c38513e81e787a1783cb428157183a5b7d99c59ffd494e581439decbffcc1a802f3d1a756a9b66f594e218023865e569880f5eb71c3d935e1f2acc6f34c5bbf9adbb2d81176a0d2324ce18f13fdec0a4c81dc811259abcbb3de6501c8dc11debbb53c4ea357afb9d198f9a90d73364ef647166d96f8f004a6c38ecc044c8c41f9549e580a03220340329350f83dff50b0880d0d34bba3857d268ed3715ec47afaec92d636ac8dbcae1cf2d6afc9345339ac801397f6695bca2bc3dad3deaf66229f5294dd6264b4855e0df4377a974c5104bfaa5e33cfbb8d77539ac09fbbf05aec17a5d61eb61a321c925318458441966dc4bf0a1c560fdd9b23e7aad1f407d7a9d8d51d0a710b03afa47a136cbbdabf3c29c10593cfb49f8b8867534273d421c3b54ad6c2d1bf2ac3162a2e7c7aa8ad0cdb37b2c654b4efad773be373cd1d34186496a73b57176f919bb55b5e67d99775dc39657d40a4f4f2f9459c7580b02fb0597da703364b6c775e27df88dd25a298876e016eee6f221a2d1459a608e99ad7306fcc3b321edd5c1b79c1035ea01a473bf76edecf2379f3f41dad7bdfe9deedcdde7545b2b0f9e843418a69cd595a3f7852e20fc2054a27366cb0c6120f83f188ebc7b8257f85a39c1ee2ab26bdfa8075e0920675ed1c731da8eb014bf03da9d4f934c70c7691923a3adf62df6c4894c7e64ff0d0fa94a9585e6908cb5e46fd0ff3093851b6b3c85f2d1e9149d6dcb9157bff15dcb5ee9cf66e8537a75765c1a280452fe863399cd34d0a585922b69f36cf75581bbe2c74bd27f16f2f20ff15e7228e34f7626a76841e6411c15383adffb77378fea590fa5640d2668f8411e8a46e20ed1eb8e1a92b1eb7201b4889bc1a49524be8c79efa640e149120e029743fde17b7ce47ad439a50aaa80c916a80c2b233a57114118a231eb62cb2e97bdd1f5d6e1fa0f1606b73180b89862c6bbb6ed0382111669f5efa1c1d9c38790e968e2bba91c9939e43c033dfe7050856aa5f1fe4c7bcdc43046f905b7efd201288d87ff3c419b62fafc405e6da620c884ab719b4e85c89ad2065bb89a3edca48db7afe82ddad8f1787800827ad5bf50ad70097f972841bd287a3330bbe076c663f4df2de53ca6203ec913dd91c73f85c256c00b414db65da9d3793ecb648b40ece351cde2b625dcabed7c57d85a0b58ec3d4e14ed434c50d9e6e3ef0682998fd6c731cc1f473f255456479bd9e313eb03bb9b9f1f0a1be346a108e513af44d0c4ef6f11c33fb038aa524827a9f39dded04bbe2946c6cade5247f7dd467c530b9cf2769ed9abce0b5bd3f8e6d2e065a6f581684dabec4a5f469b11f8d9c39a5ecc53915d37e7c7ddded86c994fac1eb0195f48f8a98f0ebadcb6829e9d8d0afef871a1b5b16d69a286e8e3093ba1f07675e70474eb2e793aa13bd7181b6b440ea46192c5f67994661e061f02546fd3809c13e5d0e54e2f7b64df440de39bceff683c2d8501ef219cf6ea685de327bf1ecec1fdff95440e6d511857c3f250cb1a2311ea0c7c09b7d0814c816f6bc228158d6b4850dbf2606f7231d30ce38d3f7b28eb6ee19908af89d5cbb8cd03a3f064212d862329eaa529f4ba3e9a154e5970052bc0ed9da53eb5b07b71ad6ba5dbaec430e7c4937e2178847dd15f199b038f3d4374a178bdec7247942e39f95cb58deb9869ad2dc305ddb1bfe11e4eca2184303b63771f967a65f2f78683fa8d4c361f71e9b51cc360b7841fbab5ac5dafb6f31640c3748d0ae3f481c02d1e67a4b30a2394dc0dc3af8245b8d346d56a39ad486bbee56ffa447ff2d2bc8fb07e32ffc4916515d60ce38956bfc8f8c6dc00bce87ece8eec7e8814b7681c427e342038a4593a7a01cfb352e2eff0204cb529e7ac56c0394131a6086a9276c46a12184fc594ac399244a38ad6dc051cad4767b6cc3d54762bb4e3d8e872b34ee2a3ddeceb326a050adac5d70309fc74ad7a6a5359005b6c60d00be3f20898d06254d41cc7c637023b5403e7882ab93d12f6e5c89115fdc97bb85acd6500d5aaba25f3efcc8c5761e4c50dc5592a8435bc93ec8b551c6488f56de85933f85abb0162b52440cbdb83813a7ac106fadc99323f5e10268e82acf4cdfc0b09cc4663a9493c7f02b23f878a3f6c5c2aec5e07aa717240a580c26d87dbce0a563d9ea5263a102f2eb1b869d2ba5a8b1a03ca96534bddff5355ef9cfc9deac161c25917a5e48d191c3076781efb3964ca3a06bacf883219a9460fece86b723a3ac6f92bc13c2c9ecfb0cbac67ba6c474441aa9230ae21bdb15859a2b227abc191f5df5a8c81c703c9b10d39c55a2f47b82c7f97e9b0a2462819b76cf42c77bcc16c66e09b6d9839155600f0b06e3d5dfc49cb8b212e6ff72db1d3b30bf32484340a9925ff3b0b7333da65d9bcdb28ccfe390db838f9a01cdb3a6ef06a934ee39111f887d9acf80db9dc3f8e739b96dd1472926f095bd2bb5000b97829c0ef2a3d78a8473f0eed23400d53152a16458089da2c60feacd979c27653b84477b2b3f15925576360ff5ed90f2eef318db87fc9385bed7048bf416a9228d7004c1f4c82a186c424a082fd703c0b0b5f5d546ee11b780575549b812f5cf4eb0628de2de68b682521733b3d3d3e221caf97edb7f20d0cce96fbea740a8e953ba6ac3a5e1a01d15b1163aee54e166d2faf96b001805aeea5368c3eb0819840fab84d6ee7afd46ffdcb0ae9479f6393b83ba87e5aacb18cb296c5544490d69041215776a8ef730e369e3a7d348bdaeb65f8ae7efb613a26476c67f1d7b08851918d9fb4113fb187ef5b15e68c4e464078cb2f6b52ec8e86a5014400510e14489f5f7e7e88e5ac43f5c4de7799818803f5cd2ca87855f7b5ba3e25d67e383ed7cece85e3ab805e85e686f19ca5061ad7387e523d0bde758ee2ea50ec547a3e97235c19e6eb7824f35d50266cff0c4616aa127a0e26475f3bb90383b0a88cf3e800d85b685d3b277f214fb1d49d336fe37e2a728509194492129694b4e1bdffabaaf77ea144f591b33309a72a1926c2f868f501375561e49724a7ee63013b3db26acd995812c4da71948ac4a65ae0f7105ff5f1b23922b68f3f86fe23938daf4f7b24ade2b820a5dd4eefc26424f55b82f8fc8d9fbbe999063fe4bff72f8ce57d9d8ca36f0ff14094b2c9346abb89bec116ebbde76c3dbe4971a0fe5b0ea606b335a442ec2dbe526e22129a7d15a80e05f90d9cdb7bd2b138652333d5a54b543c0ee8f1b1dc82ee1cb5f6499809599e1893aaf752e2e48e16bde0260d77e0740a41cccd35cf1dd6fd688ee25da530bacc0bbef2f7fa5e0a93fdb822e1bd00c6be3f6a01a54c9eefa77bc7f0a6f1b6df0913171ddbf23867887dcd282b9714862828f6dd2676623f9cf67296f38ef0ecefdd37affe6b7c517e237bc8e895ac4e9af9b4154dbaf7e8a9bcc429ebd33e474812c72108392e3cdfe6e92645d6b7d5e31687d31f98c48adbb0b2c13b61d1afcbff121165d4c62d747449da376eb38b9629a436ecb9bdbaf517a393a54645fa142c343da5f06adfe6cb3f07e4ec53cab97a645aa49741acbc147b8945fb7239bfefdd239c98df4a0504e767df0eeb385026518445cbeee1e7d69fa067617f36ba34bc67ed1217a936891de7214991aa2fa6335e0891936b7d72d3c6b35cbe20edd671371f225da37cffac8e346cb9795a2b893d7bdda7a2ff57db30bb634503bb8b6c1279fa4354aae5a09d6fde308eaed898fbc85c50bd4d0e6f6acd31b2ebbfa77a33e804ecf12187465feb6dcc88104bf61e9b768f6faece4ae8c8f5dbc2f9ac74c33b951932a2ad3f75d277c72647206d307e4361ad5d2e98bdc379459b540d890cdc39dd579d724567a3f9617d5ac37db4565a6579617d1b74f35d31acf38c2adc8b4e9e54df9c060694e184f864e2c68c5069cadc74708fe561c5e36329ae6c1694c64ed0eb42139f1cd3abc1b5e39dc0dbbd3dbc98f4c74b8cd4696e314cb4f0402e65f520cc9597d0f446fdd446d82c77de52ab5cffbe87a3ab0853c11b631bcb464fdcdd1d712ed55962715592195e64de75ccc68f992aa4dc7abe7368c865b94d8edf07228bb0d507b88211a47d1deffce95f0aa02f38a7c97d482158cfebddadea677a2d357de2aea6bc2d8b74b00206dae959b06aa4041c289993cf3eee19fa81226c67f12ba6c9bc9a0263ae190fda84c1ad699ee5668957d03a5e3e4922b7aae92b2b57c355d7ff6ec34aeaaf833f79794e100938f594e5505a91737c1fd2abe49ddc4604099faccca5a8a1789782364810a4c6f2dad328cc0a2b03cfc57ea5aac35d97d5bb199ac67ab1828baf595129819e034e00ed8377c0c8f40295a1eab231e2cfffba405f0097d583a0aafde95a0cc4603add15ef5b2a08837e1de1be39779b06a273f675c1ce257608b30cf20bf158a6b72a4793216033b5b6f643287bd1adf779388f15cae5c4ec0d31a82e76b5a6c3f311553d72b7ce0b6a2f07a520e9278751823974adef55b7d77c711968d94df3e8d9a0ce93939fc294d360aa57e8063e9e10be9582c51d0db9cbc09c817a4897ad8feccc77266e762814532e2ea74e070ec3971705a8d35907a57274f8f79a9525f507c3bf153e7dd3b470309a01956ff4a6c11cf69b51b00ef3ae415ab3e7c50ffae561a579196bdd0db1b5d9f6501a986aa1f970ed775c8212262c03d95b1b5a4e01b4efd403be5fc58cb0ee9cc606a748626add3a3e7c4a5dfb1b4b2f4c56c25cebec528dc2b20fee4952c9f713caf51b620e533df094d3e7e8bd32aa07816868575a9f703a3c0acf01dcde4e04f8c38ad6084805fdf391733400c16f99f9834ea2fd46179ab42d3c969d4f434b3e93e7585211b88ffb824982b3011fa7af2bfc8a8d35c85271821ecc4ef6864b7cc9423c112426acfd2772482c70e68230e27b8b7c08ea8d82c6065aa0a3a305f86db4476ede1ca48c6624feb239ced786afd841e0395e78be37b490d9ef262d1877d39bc4f14a89ef80da8f598a4b6b3a7310cf5bafc5d93fc90874d1aec1a5136bd8b67f640927337bb79272634295358121c17234ce2cc17e39bd10582e301f71324e707839bfb3429e3e06fefea6fffc3b2db2c56fadbb9c1d09e0b9287651606208b791fa2f3b49922591636ebd05a4c8442f187f40bf5a528d92808f41dc3d81031e", 0x1000}, {&(0x7f00000028c0)="c6eb63202b5d7d5153f9b00d4dc910faff88335de631a43e98b3c3ada3951c9b3a5f2a26f0a913a3861ca9d7b37d1a3c0e186407bb2a9d264a2321724b5b5b3e5b248f11d83f4f2d02a710d55e7258db62f46a9ac3fe1dddfc6872905662cdd79bb36e35d1564a67f80ac3f1b925ad270fbb6dc91e9c61562809e94ceecf8e15503aa8cdf9b33d1a16f218a22f58910c1ec2e084e642908a0a4a31a65120cdd2930b8aa5f54cf65952a257a42ea6d2804f47cee6c019b14aa4f81838c71b07283367f1aeb607f3c4551478f60d85b6b79367b2cfd908946d9aa6be57234e161fbcae4a5f6393a1ee854b45c4ae30aa660c48", 0xf2}, {&(0x7f00000029c0)="88b388556f46c2b41c90dcc3d2807f906cdbab9c2b3e36f2f3d80f518b78140ec82483f99b5b1bea87088d455d844ea9167efa01f49faf003057cfaa29a87df0e8bddd98a27eb72af06eaf10f601213a65311e8fb37b7c11bb9697492a256bef264447f08c7d181e636f4b6cd6286b5c339717614a0b70d76dfc8104d84a0b8415a188fbe062150371b5a8aa583e21cb3e44108125937782b62200986e07f6c37fffbae3582e2ac655048e34900b0cf4ccc5c16d86d6aeaf3cae4f9899652a489951efc606e9c6834a4a5fe67346811f8ff138fa7c3af8712593c65fe7f8cb9edc350b3c28af3de8570fa5376df60b5a2474cee1ab751907e92856e8c522", 0xfe}, {&(0x7f0000002ac0)="39b5595d01c528b758dde2c3db6dab411de8097631b9f68349515bfd8f90d7bf9cfa1ccf", 0x24}, {&(0x7f0000002b00)="2bb38b51f0ca7e130d6e238034c90de05a35c32962666408d28ccf5b63fd5741fb5f92193c4e39e05ea5c28261e6add0aa312e09638394a1caa70e5c11b6995162ae5c83ac4b51c96d789840a09acae22e5d6fd4a0340e9d00722fca25f7ae05f30837e02fff3bb597b927a5a4b716931daec3c10e5ffa4b68658e33a397dfd2def57d24277fdf3512ac0161f32e8d9c1e3167829f2acf0b12a9c12adf172c107c134a0307ce378093004afa89f8", 0xae}], 0x7, 0x0, 0x0, 0x800}, {&(0x7f0000002c40)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000003040)=[{&(0x7f0000002c80)="4bfd54cadf9579642d6817f1dc4eebaf7e191251c639d4bbbb61726a1868047e8b57b102306bfb38a725b0a99c875c8cc1e121aff8d4feac7cb94cac4598ca83f20f95c5873464e346f203c0a486a77b08ca3e8ced5cf779f27174c1c9f8a9c0121ba027ac88eb616bdb14844dc294e7fa32c9239bca6186f4008ae214007d7543399b47a88d297100e8fbc05919edf171349cbc8552eabba2cc58eedd241bfb742469d5f8de5cc2b36089acef23727552c9235ce20601cdbfb9c2309a607d87f541af1fa99b68763ea84a936e057a599c8edf0c4cf00b6a9e3daa0a8703a2290b0b3550ee9a0dfe18224e12534c211cfc2b5d9ffb15", 0xf6}, {&(0x7f0000002d80)="b1597508a36291683ed55b4cdfe900d45208fe78707e95daa42c7e9134", 0x1d}, {&(0x7f0000002dc0)="bd7424e6a813ac1c05efc10003e7245354c79db3b1baf444924178867ab65a1e1b6b32c92b7895873d1b19211e68c40c64b1184a22ced5bf1bbfd2aede440a1ab4e80e1ac9fa755cb43f5794d6844d62b79490cfee315e19701d665063e0c9432fb681308edf7cf0716382191e13b2e1f1901bbad39d789112b34af5d440b4c2f0b27ad467871171a6fdaa9ddf88ade50433bdf7afb1eb56", 0x98}, {&(0x7f0000002e80)="16f33eefdbf0afc38d4ec835f8b3b0d12d8d372fd6223d57d264078ce406f848700c4ac5f9ebf39b5ddc7e129a3d29a9ee7b4e7b3f3e71b9a78776d1f43003e355e2a344df472289c8ea0549c1a1e3733219c3649b2b1153c17108f0c50cd6b52e2ad46725fcd1e7348a1d80f7cdd2b91ab065018a38e8432ff852d4d6fc1c1cd27d1731285a23fe1d47b205eece8ae563b7ec0f757359d04f491292d76b0744e1225a4cc51319a298261819d313e69e682743717332a6c45c0678798f6f050691", 0xc1}, {&(0x7f0000002f80)="aed422adf9d46cbcb6cb724dd24b9b88eff4d952098d1ba05e12215c5618ca906b2e9dd6b484568f8727d83a7e5ab787a7c5b156017be290dcaf33ea069459", 0x3f}, {&(0x7f0000002fc0)}, {&(0x7f0000003000)}], 0x7, 0x0, 0x0, 0x4008004}], 0x4, 0x20040810) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) [ 1798.204291][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1798.261935][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1798.331639][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1798.339722][T15591] FAT-fs (loop4): Filesystem has been set read-only [ 1798.347153][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1798.349967][T15591] attempt to access beyond end of device [ 1798.361670][T15591] loop4: rw=0, want=2390, limit=116 [ 1798.367453][T15591] attempt to access beyond end of device [ 1798.373244][T15591] loop4: rw=0, want=2391, limit=116 12:20:11 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1798.380236][T15591] attempt to access beyond end of device [ 1798.399661][T15591] loop4: rw=0, want=2392, limit=116 12:20:11 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:11 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_user\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') ioctl$SIOCGSTAMPNS(r5, 0x8907, &(0x7f00000000c0)) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, 0x0, 0x0) sendmsg$OSF_MSG_REMOVE(r6, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000880)=ANY=[@ANYBLOB="bc040000010501020000000000000000010000005402010002000000020000000504095d0700110073797a310000000000000000000000000000000000000000000000000000000041c950d590f974355c50d7bfb3366e55de152d9b0cb6781914de226a11aa5949f42402769f7c39f04d81f8cfb568dd6560860c6c80475d590114a480249627610800dc0800000000090000000700ccbe01000000000800000400050000000000090000000900f8ff0300000001000000b5009a000100000004000000ce2d0080020000000500000001f802000000000001800000000858f60100000001000000050008000300000007000000faff27cd010000000100008001fc060000000000010001000100c40403000000020000000700010002000000080000007e00080003000000000000000600050002000000090000000500000802000000018000000400010401000000020000000600060001000000080000000527ff0f0259249a9e1ce317abe3a048db0345000000000000009e0000000300000001000080070007000100000008000000b100030002000000020000000000feff010000000100000000007f0001000000ff0100004000fa0f0100000005000000000004000000000081000000000006000100000007000000230d020001000000060000000800020001000000070000003a010800020000003f0000002000ff00020000001f040000008003000200000000000000ff01020002000000050000000300050000000000000000004600ff7f00000000e0060000000007000200000001000000ff0f050003000000e500000009001c0002000000ff070000000806000200000003000000810040000100d603aa8e00000000000054020100000000832893c88a5dc17780ff0f110073797a3000000000000000000000000000000000000000000000000000000000cca402f74acddf9a9ba6a076f8ccc76b3c4d8f45ec8962864506260c1b6ea0217b2687ca8c9ca4ac554cb6fecf3e0ba75787db67bf9375e6ae80299e6f9b01f0ff0300000200000002000000080007000000000001000000ff01050041b3fe1e501f934e020000040000000009000000f9ff3700020000000001000009000700020000000000000002007c0a0000000003000000ff00990003000000000800000700000002000000010400000101040000000000a50f00000600c8440300000014000000ba00ff0f0200000081000000010400000000000002000000070005004a793e7aa5df0000ff7fff07010000000401000020000100000000001f0000000700074b8b000000080000000700770e010000009cfdffff350000000200000009000000001002000300000009000000ff7f060001000000060000000700070002000000030000008000ff7f0300000001000000ffff01000100e900070000000200000006000000010000009eff05000000000007000000070001000100000000000000000001000300000000800000090057ce0000000005000000cf04c8010300000001000000ff00010100000000050000000002030003000000200000000008f8ff0000000004000000ff07010003000000000000000100000001000000020000000500030002000000ff000000090000c000000000020000000400280001000000090000000040b08300000000000000000900800001000000024f0000"], 0x4bc}, 0x1, 0x0, 0x0, 0x800}, 0x0) [ 1798.438769][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1798.469482][T15591] attempt to access beyond end of device [ 1798.481844][T15591] loop4: rw=0, want=2393, limit=116 [ 1798.492760][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1798.503447][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1798.529000][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000080)={[0x8, 0x1000, 0x0, 0x81, 0x3f, 0x4, 0x1, 0x3ff, 0x3, 0x10001, 0x7, 0x0, 0x4, 0x12, 0x1, 0x10001], 0x6000, 0x50}) [ 1798.558913][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1798.590329][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1798.594654][T15556] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:11 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x10, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r3, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20) [ 1798.621484][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1798.657449][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1798.690651][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:11 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:11 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1798.750761][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1798.833977][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:11 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1798.882612][T15591] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1798.891775][T15601] attempt to access beyond end of device [ 1798.901136][T15601] loop4: rw=0, want=2390, limit=116 [ 1798.906667][T15601] attempt to access beyond end of device [ 1798.912672][T15601] loop4: rw=0, want=2391, limit=116 [ 1798.920792][T15601] attempt to access beyond end of device [ 1798.926798][T15601] loop4: rw=0, want=2392, limit=116 12:20:11 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@multicast1, @in6=@local}}, {{@in=@multicast1}, 0x0, @in6=@private2}}, &(0x7f0000000240)=0xe8) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) setsockopt$RDS_GET_MR(r5, 0x114, 0x2, &(0x7f00000001c0)={{&(0x7f0000000380)=""/4096, 0x1000}, &(0x7f00000000c0), 0x25}, 0x20) dup(0xffffffffffffffff) 12:20:11 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x4000000) [ 1798.950510][T15601] attempt to access beyond end of device [ 1798.973685][T15601] loop4: rw=0, want=2393, limit=116 [ 1799.073623][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.085980][T15650] FAT-fs (loop1): Filesystem has been set read-only [ 1799.101229][T15650] attempt to access beyond end of device [ 1799.110903][T15650] loop1: rw=0, want=2390, limit=116 12:20:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb8ce1cb48eef66bafc0c66ed0fc75a2e67f30fc7320f01df2e67f3ac0f017d009d66b808000f00d8ea025600002b009a01000000e400", 0x3a}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f0000000080)={0x400, 0x6b}) 12:20:12 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f00000000c0)={0x0, 0x4, 0x3, 0xbb}) [ 1799.128302][T15650] attempt to access beyond end of device [ 1799.157928][T15650] loop1: rw=0, want=2391, limit=116 12:20:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1799.203622][T15650] attempt to access beyond end of device [ 1799.226932][T15650] loop1: rw=0, want=2392, limit=116 [ 1799.311001][T15650] attempt to access beyond end of device [ 1799.347577][T15663] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1799.387222][T15650] loop1: rw=0, want=2393, limit=116 [ 1799.404889][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.414786][T15682] attempt to access beyond end of device [ 1799.420721][T15663] FAT-fs (loop5): Filesystem has been set read-only [ 1799.421922][T15677] FAT-fs (loop4): Filesystem has been set read-only [ 1799.443530][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.451278][T15677] attempt to access beyond end of device [ 1799.458023][T15677] loop4: rw=0, want=2390, limit=116 [ 1799.463693][T15677] attempt to access beyond end of device [ 1799.469544][T15677] loop4: rw=0, want=2391, limit=116 [ 1799.475575][T15677] attempt to access beyond end of device [ 1799.481262][T15677] loop4: rw=0, want=2392, limit=116 [ 1799.488473][T15682] loop5: rw=0, want=2390, limit=116 12:20:12 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x4000000) [ 1799.491119][T15677] attempt to access beyond end of device [ 1799.502598][T15677] loop4: rw=0, want=2393, limit=116 [ 1799.518214][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.528365][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.530557][T15682] attempt to access beyond end of device 12:20:12 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000380)=[{0x1, 0xffff}], 0x9b) 12:20:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1799.545407][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.566746][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.575600][T15682] loop5: rw=0, want=2391, limit=116 [ 1799.589921][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.601895][T15682] attempt to access beyond end of device [ 1799.606363][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.624849][T15682] loop5: rw=0, want=2392, limit=116 [ 1799.626634][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.645445][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.659445][T15682] buffer_io_error: 64 callbacks suppressed [ 1799.659459][T15682] Buffer I/O error on dev loop5, logical block 2391, async page read [ 1799.662116][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.685394][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.699239][T15682] attempt to access beyond end of device [ 1799.721510][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.721635][T15682] loop5: rw=0, want=2393, limit=116 12:20:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000000000000c410000000c001473b23dacae80ce6e6e8018640a1b6782c1b7f2bce8e122dd587af1d5ef1532f557d39f45099edc67f0294c711f641f5d532275ca987657"], 0x28}}, 0x0) [ 1799.755971][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.772531][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.775709][T15682] Buffer I/O error on dev loop5, logical block 2392, async page read [ 1799.811353][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.824882][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1799.827669][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.847433][T15677] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1799.855813][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1799.867651][T15650] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1799.872563][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1799.883597][T15689] attempt to access beyond end of device [ 1799.889998][T15689] loop4: rw=0, want=2390, limit=116 [ 1799.901984][T15689] Buffer I/O error on dev loop4, logical block 2389, async page read 12:20:12 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:12 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x4000000) 12:20:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1799.910418][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1799.962857][T15689] attempt to access beyond end of device [ 1799.973570][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.000166][T15689] loop4: rw=0, want=2391, limit=116 [ 1800.024160][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.053794][T15689] Buffer I/O error on dev loop4, logical block 2390, async page read [ 1800.067658][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.078625][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1800.093127][T15689] attempt to access beyond end of device [ 1800.103240][T15714] FAT-fs (loop1): Filesystem has been set read-only [ 1800.110392][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.119352][T15689] loop4: rw=0, want=2392, limit=116 [ 1800.123030][T15714] attempt to access beyond end of device [ 1800.130847][T15714] loop1: rw=0, want=2390, limit=116 [ 1800.136412][T15714] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1800.144819][T15714] attempt to access beyond end of device [ 1800.150647][T15714] loop1: rw=0, want=2391, limit=116 [ 1800.151664][T15689] Buffer I/O error on dev loop4, logical block 2391, async page read [ 1800.166398][T15714] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1800.176525][T15714] attempt to access beyond end of device [ 1800.182342][T15714] loop1: rw=0, want=2392, limit=116 [ 1800.186193][T15682] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.194376][T15714] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1800.203751][T15714] attempt to access beyond end of device [ 1800.209465][T15714] loop1: rw=0, want=2393, limit=116 [ 1800.212753][T15689] attempt to access beyond end of device [ 1800.214803][T15714] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1800.228572][T15689] loop4: rw=0, want=2393, limit=116 [ 1800.228600][T15689] Buffer I/O error on dev loop4, logical block 2392, async page read [ 1800.234447][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:13 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$kcm(0x29, 0x1000000000002, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002800)=[{0x0}], 0x1}, 0x0) sendmsg$TIPC_CMD_SET_NETID(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x0, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/kcm\x00') preadv(r3, &(0x7f00000017c0), 0x1ab, 0x500) 12:20:13 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:13 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x4000000) [ 1800.255491][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1800.272751][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1800.290063][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:13 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) getsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f00000000c0)={@private1}, &(0x7f00000001c0)=0x14) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000240)=0x4, &(0x7f00000002c0)=0x4) dup(0xffffffffffffffff) 12:20:13 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r3, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f00000002c0)="0f01c20f015e07828d00000000022e2e640fc77a05c744240000300000c74424022301f7aec7442406000000000f011c249ab0200a6c06010f092e660f6d7086c4e275a77f0066b853000f00d8", 0x4d}], 0x1, 0x60, &(0x7f00000001c0)=[@cstype0={0x4, 0x6}, @cr0={0x0, 0x20010000}], 0x2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.current\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1800.349995][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1800.364976][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1800.378550][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1800.387573][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:13 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1800.425032][T15714] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1800.461162][T15719] attempt to access beyond end of device [ 1800.470818][T15719] loop1: rw=0, want=2390, limit=116 12:20:13 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="dfbc58ef6edd8c56a50104ad3279f601", 0x10) r3 = accept(r0, 0x0, 0x0) sendmmsg$inet6(r3, &(0x7f0000005d00)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)='s', 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[@pktinfo={{0x24, 0x29, 0x32, {@remote}}}], 0x28}}], 0x2, 0x0) [ 1800.512993][T15719] attempt to access beyond end of device [ 1800.536339][T15719] loop1: rw=0, want=2391, limit=116 [ 1800.541598][T15719] attempt to access beyond end of device 12:20:13 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000380)=[{0x1, 0xffff}], 0x9b) semop(0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) [ 1800.561422][T15739] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.578052][T15719] loop1: rw=0, want=2392, limit=116 [ 1800.583301][T15719] attempt to access beyond end of device [ 1800.614132][T15719] loop1: rw=0, want=2393, limit=116 [ 1800.624504][T15739] FAT-fs (loop5): Filesystem has been set read-only [ 1800.632781][T15747] attempt to access beyond end of device [ 1800.669874][T15747] loop5: rw=0, want=2390, limit=116 12:20:13 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x48], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:13 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x840, 0x0) openat$cgroup_ro(r5, &(0x7f00000001c0)='cpuacct.stat\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1800.697369][T15747] attempt to access beyond end of device [ 1800.718862][T15747] loop5: rw=0, want=2391, limit=116 [ 1800.739341][T15747] attempt to access beyond end of device 12:20:13 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:13 executing program 0: socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) sendmsg$tipc(r0, &(0x7f0000000500)={&(0x7f0000000280), 0x10, &(0x7f0000000100)=[{&(0x7f0000001580)="276c5bd6f0db828036f59b152925d176a9e51a4722f8fd829657ff48969c3c5f309ceaf42e7b242b7fe4fa128061aec9827004000c31fd9e31cb1c79990c2b89045ea4dc3ad63a775c80850ea10827e8a40a6c8b5fa7cc514639bb99f13c6a3d0825a738a1a53433042c75230d368c95f8a0b5562b58ecf50fd78e5def7375cd62fb5728535bf371b2ffc7d8058398075e1d0a7a4451395c39f79c26b7287cebd130de7737e77714686b9d67d87a3cf8da02cc70fdc99c1a7c916ae542b9d5baaf1f9daa4fb845fd5d5cad2073a61ce51c345150f84b3900997296d55c7d394af17b01d445465ef377508a1a29a5d6b03b0da22c973f22814fb2a802d50fb1f051e7d95d53d598a0599ec79cd27123fa1d13b7996609d4548e81ef7b1e8de8f32593ef46c3081ab55929a3c1cb1fa28a485518391a76b7b80d5941aa42222cb6f25be29ebc938af75971ffffdd4dea114ac37f38e69cb670020a7448d99b7b5e3d09bcf2625c94d6599182ce9edb0bbfea111dae3b1c9d6cd3162ce0aaebcdcf22a8d29dca0d04ebf5944168f398c500915579070586dff7a2ec6d345d1f69a8c749740aea0dbb2d30c9f7e3afd498a886c906fe09a83322d8e94b3ebe288ec1601e6a16122fa44191b6b3f5315eb0b35cb628540438919b906502eeb7cacc7d15753e456b056e6145ab65ac7c01253f3c5663495a74a0598feed07436a72d3ee1185d0fbcf89e8c5d449e0216cab8110efe923be24366dffc65bb386e7f015bb40b6fd9abbf7180b217f88d99f168c113f3ff187c202e2ae32a0238e43af612678a44a3d8373b6dc6bf820f8bf73e6411c51152f51993c66effe25c6e72a3127da6996f13691ded659e1f9d6eab1124435750dfeb60de2b2d59d9196bda3a3c5cd5054b2960481d50ce28ac4159b54f3f26a9decfc8ab36b6110eda741e21c95e3631b3de40fd3c7828fb0e3c85070eb233d4d4b1b75e0167ec62e81f1a12a0cd2e02a7a43edb384e4d0d59744bbe86611575966efe25b4191f14a368a72c13aeb4de7caff7a9439b583d08714fd22a9b1ff08297a562a859e2d21dd4f8ecf6701bcd9a30d28909c52c56a8ef739f0841ae895ad858121b1ec82ae1bbec856730aba8e2f42841c33caa862fdf8b651d90055b6725e5bf0af348ec550ad23c5a3c15c7455fdb13a57a6e452bdebbeb32200ab7dce3fab98b206ec2571e3de8904bea2265288dbaec64359cb5cd926dc025343fff78e7bdab6f541a3d2b569f37b8339d14e706163854d01ba5380d648391740e1fc2e118557692796acf6e0fa8ab21c5657259bf05a8b510eb285f306c8cdd6e185094b0ff46ec71d5a9b8e344176f263730468db893eaba00c32bdafdb1ebdc3ec441abaf4e7b2db744411ae02f33b340a373ea1a485b88073c2da7bd6828bbe4028fef4c30088c9b28daf899741029da8f52d2927250c582f16ca173", 0x20011560}], 0x1, 0x0, 0x0, 0xa000a0}, 0x4000) 12:20:13 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000380)=[{0x1, 0xffff}], 0x9b) semop(0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) [ 1800.754388][T15747] loop5: rw=0, want=2392, limit=116 [ 1800.760002][T15747] attempt to access beyond end of device [ 1800.816604][T15747] loop5: rw=0, want=2393, limit=116 [ 1800.828118][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.839088][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.847036][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:13 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="dfbc58ef6edd8c56a50104ad3279f601", 0x10) r3 = accept(r0, 0x0, 0x0) sendmmsg$inet6(r3, &(0x7f0000005d00)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)='s', 0x700}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[@pktinfo={{0x24, 0x29, 0x32, {@remote}}}], 0x28}}], 0x2, 0x0) [ 1800.877275][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.913345][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1800.987905][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1801.012838][T15767] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:14 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000280)={0xa}) [ 1801.040903][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1801.076212][T15785] attempt to access beyond end of device [ 1801.087005][T15767] FAT-fs (loop1): Filesystem has been set read-only [ 1801.125996][T15785] loop1: rw=0, want=2390, limit=116 [ 1801.145820][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1801.165443][T15778] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.177957][T15785] attempt to access beyond end of device [ 1801.207624][T15747] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1801.218919][T15785] loop1: rw=0, want=2391, limit=116 [ 1801.222647][T15793] attempt to access beyond end of device [ 1801.227501][T15778] FAT-fs (loop4): Filesystem has been set read-only [ 1801.231013][T15793] loop4: rw=0, want=2390, limit=116 [ 1801.243224][T15785] attempt to access beyond end of device [ 1801.251898][T15759] attempt to access beyond end of device [ 1801.258484][T15759] loop5: rw=0, want=2390, limit=116 [ 1801.269529][T15785] loop1: rw=0, want=2392, limit=116 [ 1801.276095][T15793] attempt to access beyond end of device [ 1801.282995][T15759] attempt to access beyond end of device [ 1801.290801][T15785] attempt to access beyond end of device [ 1801.304050][T15793] loop4: rw=0, want=2391, limit=116 [ 1801.309401][T15759] loop5: rw=0, want=2391, limit=116 [ 1801.317448][T15793] attempt to access beyond end of device [ 1801.323495][T15785] loop1: rw=0, want=2393, limit=116 [ 1801.331883][T15759] attempt to access beyond end of device [ 1801.337456][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.338239][T15793] loop4: rw=0, want=2392, limit=116 [ 1801.350953][T15759] loop5: rw=0, want=2392, limit=116 [ 1801.356616][T15759] attempt to access beyond end of device [ 1801.357646][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.362398][T15793] attempt to access beyond end of device [ 1801.377013][T15759] loop5: rw=0, want=2393, limit=116 [ 1801.388573][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.388994][T15793] loop4: rw=0, want=2393, limit=116 [ 1801.407801][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.409582][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:14 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') io_uring_register$IORING_UNREGISTER_FILES(r5, 0x3, 0x0, 0x0) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:20:14 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, 0x0) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:14 executing program 3: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20c42, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0x40045010, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0x40045010, &(0x7f0000000040)=0xfffffffe) 12:20:14 executing program 0: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_rdma(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000001280)={'trans=rdma,', {'port'}, 0x2c, {[{@common=@privport='privport'}]}}) [ 1801.431315][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.431515][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.449997][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.452191][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.468914][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.502992][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.515408][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.517175][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.523405][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.539965][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.555086][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.573209][T15793] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1801.581742][T15785] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1801.596031][T15786] attempt to access beyond end of device [ 1801.596397][T15795] attempt to access beyond end of device [ 1801.602822][T15786] loop1: rw=0, want=2390, limit=116 [ 1801.616425][T15786] attempt to access beyond end of device [ 1801.622850][T15786] loop1: rw=0, want=2391, limit=116 [ 1801.629438][T15786] attempt to access beyond end of device [ 1801.638535][T15786] loop1: rw=0, want=2392, limit=116 [ 1801.643374][T15795] loop4: rw=0, want=2390, limit=116 [ 1801.647873][T15786] attempt to access beyond end of device [ 1801.655040][T15786] loop1: rw=0, want=2393, limit=116 [ 1801.671472][T15795] attempt to access beyond end of device [ 1801.678022][T15795] loop4: rw=0, want=2391, limit=116 [ 1801.683377][T15795] attempt to access beyond end of device [ 1801.689987][T15795] loop4: rw=0, want=2392, limit=116 [ 1801.696001][T15795] attempt to access beyond end of device 12:20:14 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, 0x0) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1801.701733][T15795] loop4: rw=0, want=2393, limit=116 12:20:14 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x4c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1801.834125][T15825] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1801.852072][T15825] FAT-fs (loop5): Filesystem has been set read-only [ 1801.879734][T15820] attempt to access beyond end of device [ 1801.897583][T15820] loop5: rw=0, want=2390, limit=116 [ 1801.916321][T15820] attempt to access beyond end of device 12:20:14 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x42e, &(0x7f00000008c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f208", 0x3f8, 0x3a, 0xff, @local={0xfe, 0x80, [0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xb, "a78ce5402000000053d5dea6b259fe8000000000000023493b87aa0568f00b1c71a8242373244ad20100dc07df0a69748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c11b37adac15084dbaf736b41e5a803721d"}, {0x0, 0x16, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283d0dcd52a6de228bf697d3d6506afec30ef7e07413c7afc1eb139e0fb1a5a643b4099519e31f3fd4457f0e6d586ad05e1"}, {0x0, 0x5a, "062bf7b5e0f2dbbdc849b90d4e80a0e3f7af088060d01a1cfcfad88ef4512c6ef5c0ead4b9cc87484b106a060a9899d50f595204418f51e91480b395741dd314136a262cadf02b071d88e61703f037caded0b315701274012fa532ddd69499074e1a2df196e0afcffda08fb3d82ab8160253a47d3efc3d7cead55c28610ae20f69aaced0a1a6ce815344cf8d0bc8a0dfcdd1e8cd7242601777ec653c2d4b704397dcb1350982afd017eaa630c840d71589499fd68239ae0c0aa2fc9b949d1a716d40a24f078e92e8c268ff726290944b5f3a3bea9559f2d2a51405fba224411ecc49544dea47917a98bf79c3c8eed70429abf70a52ecbda21c9bf0f6a70cd2c2c887391e4095ad223437c60abf829447b47bd231ca2a98d9da7519a4bd28e803fa000fafc0dc453ed56cdf4356d7abcfec4eed0b94a4f78ce44a7177c6684026bb4f26a17e52e326c8bb7be5e2ea5780d7169d8f4ff62cb2b223f1d6221f62e0ee0244d86042560edd36853c464b23be536c65b87cd5ea60932ed90607b369ed2017f645afcb5cd07f6896a08473bd5dea2bfb52ac501a39c338ede985aa4a7755db876cc1558aac15ad4d6c078834be4d944f3cce0079d2ad9ba8d17f01a614052aadbd4af0fd282f594dc4530ee49b6c9ae6d5d80a073e678594be2e2f0869baa2a58dd2d0f6a995fb706c4d1b618d57da1c2d8f55611f746105a947b4f6bb74dbdbffb1b3c1f2316f6a28a07f0145b1bf8345b6aa4e9d5a819497856792121219ea151c1f8e2f86356039bc5b87fe4cad68b6afa08687e6e751803865165eac0c34bdddae1bbe52f55d08cc4a0865f8df372635e8a26ac4ac9716a124ac4e83349f17b612e2b1893b5eaccecc7d812bb4f4fc6b313f57c2035a90f782a4a97b5f5309b6c5798d72b9187f3d411e84041e3671fe35e39fa1887846721c38d501b471990b919d2ad9ca9bc71157a843d75838c0aa4ff0dabd74284709f1f87f324ec4f56eacd70e6bb5e9677e719786c4d4284e4c"}]}}}}}}, 0x0) 12:20:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)={0x2, 0x400000000000003, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, [@sadb_x_nat_t_type={0x1}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x78}}, 0x0) [ 1801.930727][T15820] loop5: rw=0, want=2391, limit=116 [ 1801.946540][T15820] attempt to access beyond end of device [ 1801.961237][T15820] loop5: rw=0, want=2392, limit=116 [ 1801.982775][T15820] attempt to access beyond end of device [ 1802.008614][T15820] loop5: rw=0, want=2393, limit=116 [ 1802.011029][T15838] IPv6: addrconf: prefix option has invalid lifetime 12:20:15 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, 0x0) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1802.032265][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1802.066547][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:15 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$TCSETX(r0, 0x5433, &(0x7f00000001c0)={0x400, 0x2, [0x1ff, 0x3, 0x7, 0x3, 0x648b], 0xf651}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000300)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x0, 0x1000, 0x33f7, 0xffc1, 0x101, 0x8001}}, 0x50) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x1, 0x12) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x3c, 0x0, 0x536ae464467e3e0b, 0x0, 0x0, {0x25, 0x0, 0x6c}, [{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0x84, 0x0, 0x800, 0x70bd25, 0x25dfdbfe, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4050}, 0x10) r3 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r3, &(0x7f0000003a40)={0xa, 0x0, 0x0, @local}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x9) sendmsg$nl_netfilter(r0, &(0x7f0000001640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001600)={&(0x7f0000000600)=ANY=[@ANYBLOB="901100001411010228bd7000fddbdf250500000cc1ababa4cac0370ee3fa6d55ba16800423272ed29a12cb2192751b0fe019544cea7004e5beddf125b26c9d2b99c756c45bb3d428f814880af4ae917c344569c6355221236cc99dd6b74c0a2989f72bf8397c9c823d918d1a8052ccd7415bd4ba9e0341a6832c9337f2712a8047761f7256a1adb10000000000000000000000000000000079109f33fe3147be5467d66eb66fd76be1ca400cd3595aeb24560c4be05a3bc906595e68c7b2940778fb1b1a4a47ae48b6d8d19c9765ff3686e0da08ef4278af2e1f3d500d862d750a9c8a874913d811acb78438772d447cdc1aa99a7015b36639fb2c1c1e24630e81c1ef53f4da605ce6b5"], 0x1}, 0x1, 0x0, 0x0, 0x4008980}, 0x991) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000100)) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00', {}, 0x0, [], [0xfffffffd], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x101080, 0x0) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x9) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, 0x0) sendmsg$SOCK_DESTROY(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000880)={0x11d0, 0x15, 0x4, 0x70bd27, 0x25dfdbfe, {0x2b, 0x2}, [@INET_DIAG_REQ_BYTECODE={0x18, 0x1, "9aa49cf889a1219fadb3b20b0040386cec226a32"}, @INET_DIAG_REQ_BYTECODE={0x44, 0x1, "eff37089b986e564a9f8e301bec51b69bcc23e547f50ff5c33284b323a9ff5dba965e64b816e2a69901b22e19c51f2c42b29eef88028c1b64f93781397630c96"}, @INET_DIAG_REQ_BYTECODE={0x10, 0x1, "b8efd75b2f616dc8afdbca6f"}, @INET_DIAG_REQ_BYTECODE={0x49, 0x1, "6ea59362422ec19d1600d16d0c60c8608abedd7d2d7ab8b597dec1b5065478ff1ba4edd3e5554fee0742a77a8a48ef73063ac38d2a9037c62bed7ac76170e3f1acfd2cf8b1"}, @INET_DIAG_REQ_BYTECODE={0x22, 0x1, "73c8e85a27503aebf17ace5a28aac601c49b078472499e21ea34cd26171d"}, @INET_DIAG_REQ_BYTECODE={0xdd, 0x1, "5d0a296a5a2d3f2e36f4f26f3280de495e42ee0ea200929988f6b1475e91302078fd031367d43ba5f290fd0df1c704cfac20ca85c50a67c1d806dd96559ab3f161a038c8072e5df53b0df2d8328431d79d4c3b627a3d358eb36349790c5b690501587693025a9f676e5853dbb8232a17fd51b42a7429b46a48f109eaf19c254105457ac0c1e7fa8270570dbd48295339d48939978294182a437601211ef28e64d9a8a14305b97fb5445205fdb815569135be37316b0202af2c74f953585adf6a0288bab30f4c87913d14e895fd5c0431673c2c0144fa14a3a8"}, @INET_DIAG_REQ_BYTECODE={0x1000, 0x1, "441eedf46f56455cb01e9482abde44f01c2829a282eaf99bcafaa351dfbab161b9f8f302b8fb562d89a1babf942ea6ce8dc48ebfc6dd1c7bd50f1cedd4448f94837e533c110b8c1730da82186b3216e1b001cd498e78b5a1097108de9cd54263196a50bdc30e672b076f8cb8e89696d320dd840b6b7f3aa976557bfde548bb3db8bd02f534467cfbfaaa1c200bb861dab9045d8c9ede35953e5c4901b8c104a4994267e1cf4c56c6055d0c1c32d8ea1c4d02bc940e38d47f5e8f061b98eb370860f2c36194c6e301e0da1f4071de76b20877361646d768fbae77e26805ce2622b75a9649f50fe82f7c67e20bd7140d6133e301a45fa0e331dce12c1c2a3c77e74d21da4367c4d225a5da6e7555510e14d5270f9af29b4ef6b2d3ab32202a25c65d726901b37076f973da3e360b75e5cb414a2df649fc6e1f16e4c80bf97f20219de8ed3886c8a1b8825981658cf52fc361aa9570b556b48011973c6b6186b70e99f0993b55ed379f23c87cfb7c6da71e939ba7321724e07bf05b38f05bf5096f302b07ef6599be68df6a47ea2f6627049bfaab119734d81583f15b647f9de98153b60871f4731ada87cf5a57f380c6d350b90ceca7dab4189e0c3aa272cd8cdb7eee3b859c3c95caba6b81df4d1c1d0ea6ac2e26dbd1fb72b44423984dcc477cb460edc919a076cf6906cabd2128f93e20080fc0be1fc353776d70ccfd73394f67785dc265469a65a133eeea645390b0bbd65a72c6fbdcfd691cdc8f9448df73ee7ec9539fab1b033b05d8a8eb3681b7fc1caa9b6cb5722526e7d4928f665550cdc904e1059584005d2bcc5e0855845189da15ee7d80dd4560ccc258ac3f5a73e24e9f04c7fbb3659ea51ae749a577d436c2921c264f890199c71a5cb52dcf6016869e5f2e6d51691caa1acd1f02c49734beeacecc81149478fb581c2fbffaab82ef37bd1c244c09f00609c696957e9983200097e9a914244c90adf72d35e3df3da176d0fb0e06bc882ac5233908a0acb902f9a704d7e50b2036686727085ad5cba8a1626c57cdf61cd0652f50aea7018112ec8ba84f35b42cb308827e25cd928087eadf0d15e5c9b0838aa2a5e7908751230d6bfa3ac5f8f4a84e87d59c5cf0a27f37ef39aafdbdd7885d4e6e0bfbe8ea24950f2b07a6c97b1d6edd771258381292659faa55e5ee8d08f3aba69dc78934cf6e6381e8c660e28947f79b7f3cd173641d7db34fa68220cf4218aabb54309bf2e891a015f265384ad83a126f6cd5479fc4458c9c49fcdcd8fd26d29bf910aa447ce75c9d8d684ee5b6144c3f23618022f770966e3a96edf960e5115f825c55185fed13d1a45da12c716a4d4ea3178a1d5c5584204838ecc88b2964d453777ae5d38df4db8af617c01b20194378d0d8c0f25f40c33fc576682198cd4f0df6d077b93996456d51e87835e4cc3a30fab78983e0ffc229bd84860bfc0345f91d4c8d7492b9c12e84d5eb26fc7031c30f768da8aaa88f04806476879ca4f3aa029cd0a513c1351cb102fa20aa1ab587af48d7eeafb0a1d610d045db8f0670507941215324bf6ea85c5cfed5f11fe0ec2e029291d3aa1b4d6894d174ac4a2b30f8a8cdd6e4798f4c0f9efd5fd7618a2e42af6445883cbb192e6b10f3c471942668f1f13b30fbfec270e4b06a8c8c27ecc7daaf25817ce09eea931a43be6ad191ac3b951174f174b39a63af520c246cd265aaf41c26e8c7364303bb14bb10c422dada1c3a82a50e22e2ff0725405733356afe184401fb4645a6a1328e3a22dddaad8fc38ebee15557b7c0cf845057c8fa90e50834d65de24f5d57f13ecb7a4ad3b41bb8216d8a13e6754d317d3831e72437bec35d6fa1bf7eb6af9a0e5f0510de7c127035ad818e9b24b6cdddafa5fec976ab3e32126b8e2c398267297159c2b708c1356396fee65603c4d8c85ab5d303d1002c006039a43758e0e6a17ad9af673e520ffd8c0d6f144210e3584a48a61cd377dfbc0f8e764d2397fb4bcde25c7218664573708fe384944cd9ed6ad6cacc38fb5791e585e0ed4f79d85c102954b020964813a66a43418074db11de3ea7a204105913c4c398f6d469a6c7fdc8789d6d579386bc3cda2d6e8ddcf6262a7c9a69799e61c61fee0afebbfd2df7dc5044dfae7affa19e88ae938c5747da7a463f5bcf8633252c1bec45b121b495afda2450a844f548a70240f089c95c8c1a1e625dd2780ea68dd34bd33ed85be20d855e9f1c9250514b2bb69577cabb28a27de1b63d04d07671c154118cd765abffb2f49aed6577c958d9e014b1b74bf6ab8abd6f924416625828a3da8acfd4cb9faff14f5f75beba2268290c4407e311ab9cbfdecbfab9a61c12ef78b9987ffc3df3a9b8a41cf37e45ab274f1eb8a66583690bbbf055f4241266f454da2769f4db27430e5a4e7c50542e3d494d4ec97bf01583b2b2281bbdc2b7abd551e8875c0a6f9f4ad2e63d8c5410a795d1c87d2887f6ba4dd29d1bc2775608987e81a068ba51e58b5bb5cf5cc5e15fefaf2589ba1ec8171e8fd4fc7c813c7242add016b1ac0cf27bf1e0fa2599e0b64ff4032ed802823fcf44c56bde0fdd4544ac9e846d513cf83d7a0cfab3b4b0b54ada6419b21642f05db861934c9890d257c80505de067d2a7079ccc2b1cbc87814e01027bc73f942d9a2213bd5aca7363706f082c6417f3fd827b3b1a1763e9ef00c070806b3c4e6b012bce55f79a01ed8a75366e9218a19d14e01a73b35b736a646974824fb076a55f7d72f5f0d71e4aab6482900283a72cdf154ebf30a6969b82da2811ec8def9433a5aaeb5f58b861d30eec8a32b5854d5c2b0b4292dd7fabcb9aa32d0032642162a8ef6cc03a1343e911c965f84f90f2192460eaaa6fcea54716ceb7732878ae0e3ec9a553cb331d8c70b36b30fcfe8ae67a27a67bfc2bde71dbfae54594e1103d404a5bebd90b420f6bc01f650a0f09662ca82a8b93c4bd321a3c4afeaeba672dcdbd31aa2beaf7047085bf5025a229fd7b70232d546235eaf10e0802445d8faf6adf2efcdb70e2a3595a6d7969749eb1e986ae3d8ed98c000637c9de4a3dd115035593f74c111dcc967ea158c12630242630e308b2f3695a3627b0966024156d51e7718fc89c9c37dac4247d7efa157ba6fa08738ed859661023ed58ae5a9041207b7431bad44f388016e21ceb92e58b9f914d11d1e98cb2514ff7440ea371fd07c57d03b1d50b35539a76fc4acdfe6331e0d3c772bf153f6388219c990b50076866a20119a51c57cdb60c79f7595e42e5f3def837afd7e26918627c992819bd6835f3d1e6b980ecfa41bb9c3f899e3ea1290f9ce652686e973e488ec0bedc2337e8df9fec2d4ca54c20b7f01cf770127ab3898fb01ad5e96d1c379be1a79b173d433836f4889d12ec5c28c8c17c0c9dbf1d38bd08307022e646da959d6678eb08a777ac11e31455e85d0cdd9dce1571e4be90df02a0cec41e31900577c6f1b63d6b0a6c05d87ff9ba94081879172ba2397d043e1749eaad4a568b6411ac94479f6454d2e6e248c86e4c87f54cabed1b8c4a92d82b99e50fb900822e6b46a41159f598e713cf7401e8bfe21fe59bb852078b78c8872c3964b9d5ea2772e01d6bd627d1aad5bd5a79b2038aa533b5da6546179748a7a527e68fefa28a699b9d03fdd15327a0a972e6def34b2801d68444b8aac8c14192752b801751fdf060fc472e0de949b03a4b7a27fd36982fc2d7f08412934f6e916463640393e078bb05aeec200754c2cda7569cd85d249a6c8e153ed3bf3462c2fa690dd1a1bda9e1a95ce80af911c85a3fdbf2f5abe49496dc959323230b60df153e82334bab8804fbd33f1658ccc9f9b54f59cd81c5b7a1b47d3650985ede4bc360f7b2965c6608c696815879dfaf09fd33f7b7dff4e8a05e8dde3d91d3ac72f25ef0281ac2331dc0f0612031def949668b8e5a6943449b7ada423cfe5bea8d29aa29995652340b091a49890b316513640428de535921886bc465eeab50733f137a9daf5c390fd3f6fae0ba59522ce6eda80d61fc8e2d5f172ca54ae335113d5bc426d63749db73d38c0a25be8a964cd7d8b60713accbfed43e27f1d55bf8c569bef24989cfa37fca30573623ace47ae93219707d9b39d70dfba2bb184ef49ab0006f0f54e64cb429e64b32b5a5edf3afe4bac97de14748104a75f7a7ef6420b8d71a3b747c9370ca047e72c30f28bd74615f4a3358a308176696c8a618d7afd3126b9169636d52b8e1c07e978cd76b5ebfcd107b67c872a675a3ca1572102f2cd37ad25d7d5b519b672545d9a3b6c0c8eaabfd05b890589fa5af020f348fb81d74bd2e6fe10a3651a8354ca904246a76d44e31a1cf696fbd32875db7228b4fc0ae6ab4426505c5dffb28bab18242cbf781b725a4a8d4ecef8335738284fc11f696b88f8057c4d16071124e320704853f348408e62ce593d5eb0772fe45a6dfa181ae902e868ce96aba66099cab19434f2bb28cfecd758de50057fe7ecb521c616911bc0ae726c6eb0bcd05e2c8e877719ef3aa3756ccd0f8d29103f3f748631f300c0cc76e42338f3e586f316829afaad0c440d3a43f6b614e2701b231909d20e864e32aac13b8a703969e1d68e67ef67ffab8b5f3dffb67f7c57fb30a4fd1c46c916ece254961df8e80acdbddcc500b2fd926b6f21427e72e9a58414a82dbff5b2df7a89dbd8c2bdecc07cec93e350777423ef41782cea39808cdab874fe7cb7e86e48e17d83ff63e9b013d662c7883c8663aa92b155443ae38ca9e5df5351ae7b9d1e7e7c6a5ed50a377527bce629d74f111c2d4f33fabb2be109a1c842e3f68ddea6b2a27eeae2f6412a463591ae3da6001f9501ef8adc099015a0fda3cbdecdb1eb5fea17c88c5cab150aba23fc46edb1e3a38364df38056a04af406344ba8653af402da905cf3085f9e9a34103bd5372fa9836d2671b7202dbb2a3d836ead2a5e007723f9abc8745abea6ac89cf4a58e28e547321a459beaedd1203968f658f4faf02a7f9d1a32a7b2590fdffc68f360f50056d69bc5576389c400e8527155b4d935a62de3c65916d677a07f73d4e9551505b95d4f2c2977220967901476308aba2517a3bb06406a05a82e29ea7988ef25c469a7ea5aa08a0734d85595c0e9ab3a8047ca0cb78e4127e452ece2fc6e4bf8a8830565b9c52a2bbd233dbe74a935102dd0b54e7e10f5714be770af27d9a7fa9c489d521257d2b453fa329c94e8ea266ff15eee3c68b5a93accbd1be75027fb79aeb90ffbe394d364cbda8c67cee6b660f0996bf15ce88b74f794578dfb15b67d996a07b547606953569e5a1ea6565b6366cc7d0d7b0ccc8d46d7cbf112a192b8605090a03c6f32600b30de2d0f653c9a52b5e2d616f9177c5897525830fb6966be390dc72b72e726e041d3fc28bfd7da248fc9804b4a790b5ffa955eb663ef1c2c5c42c6377539f080728df9231c00d74044ce89950a4db07157f81322bce9f825ce23375e3b9aa9a54b70b38f75d2795b869fd2646e47e4f9d8079252541a5bc3c63df65d1356cf1111e194dce9d5d48146c251794117bea073b5329898778859bbefcf0beaade54a642798952289771f48013bc36aa8171a836e22f8937cd8c53698d2c9119b898d1e6b96846fa578e30c8f1a3359bc8f4af5b1db79eb130694ea5496d2668a53b7db8ae46ba1c759fc834dfdf772a79fe504db001ec6eb5c52f0a8879e91acca3012b698a3fd017cd028dcec4b517aed830877cbdef308c0ff31eee7411aa957df9d52d9ace03c96"}]}, 0x11d0}}, 0x4) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) [ 1802.121241][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1802.141976][T15841] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.198433][T15847] attempt to access beyond end of device [ 1802.208962][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1802.228574][T15841] FAT-fs (loop1): Filesystem has been set read-only 12:20:15 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00') sendfile(r0, r1, 0x0, 0x800000080004103) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 1802.264233][T15847] loop1: rw=0, want=2390, limit=116 [ 1802.291232][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1802.322305][T15847] attempt to access beyond end of device [ 1802.370048][T15847] loop1: rw=0, want=2391, limit=116 [ 1802.378796][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1802.410306][T15847] attempt to access beyond end of device [ 1802.410319][T15847] loop1: rw=0, want=2392, limit=116 [ 1802.410338][T15847] attempt to access beyond end of device [ 1802.425667][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1802.457288][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1802.482740][T15847] loop1: rw=0, want=2393, limit=116 [ 1802.483836][T15820] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:15 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, &(0x7f0000000380)={0x0, @reserved}) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, &(0x7f00000000c0)=0x80000001) socket$pppoe(0x18, 0x1, 0x0) 12:20:15 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1802.502534][T15861] input: syz1 as /devices/virtual/input/input15 [ 1802.510209][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.536434][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.545398][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:15 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x20001, 0x10270) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) 12:20:15 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x2000, &(0x7f00000002c0)={[{@xino_off='xino=off'}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}, {@xino_on='xino=on'}], [{@hash='hash'}, {@context={'context', 0x3d, 'sysadm_u'}}, {@appraise_type='appraise_type=imasig'}, {@fowner_eq={'fowner', 0x3d, r6}}]}) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1802.578562][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.607376][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.647123][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.683541][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.707414][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.715996][T15847] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1802.724345][T15867] input: syz1 as /devices/virtual/input/input16 [ 1802.725039][T15854] attempt to access beyond end of device [ 1802.738039][T15854] loop1: rw=0, want=2390, limit=116 [ 1802.746403][T15854] attempt to access beyond end of device [ 1802.752843][T15854] loop1: rw=0, want=2391, limit=116 [ 1802.759621][T15854] attempt to access beyond end of device [ 1802.766219][T15854] loop1: rw=0, want=2392, limit=116 [ 1802.771601][T15854] attempt to access beyond end of device [ 1802.791705][T15854] loop1: rw=0, want=2393, limit=116 [ 1802.827861][T15884] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1802.848993][T15888] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:15 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x60], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x9) sendmsg$nl_netfilter(r0, &(0x7f0000001640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001600)={&(0x7f0000000600)=ANY=[@ANYBLOB="901100001411010228bd7000fddbdf250500000cc1ababa4cac0370ee3fa6d55ba16800423272ed29a12cb2192751b0fe019544cea7004e5beddf125b26c9d2b99c756c45bb3d428f814880af4ae917c344569c6355221236cc99dd6b74c0a2989f72bf8397c9c823d918d1a8052ccd7415bd4ba9e0341a6832c9337f2712a8047761f7256a1adb10000000000000000000000000000000079109f33fe3147be5467d66eb66fd76be1ca400cd3595aeb24560c4be05a3bc906595e68c7b2940778fb1b1a4a47ae48b6d8d19c9765ff3686e0da08ef4278af2e1f3d500d862d750a9c8a874913d811acb78438772d447cdc1aa99a7015b36639fb2c1c1e24630e81c1ef53f4da605ce6b5"], 0x1}, 0x1, 0x0, 0x0, 0x4008980}, 0x991) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000100)) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00', {}, 0x0, [], [0xfffffffd], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x101080, 0x0) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x9) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, 0x0) sendmsg$SOCK_DESTROY(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000880)={0x11d0, 0x15, 0x4, 0x70bd27, 0x25dfdbfe, {0x2b, 0x2}, [@INET_DIAG_REQ_BYTECODE={0x18, 0x1, "9aa49cf889a1219fadb3b20b0040386cec226a32"}, @INET_DIAG_REQ_BYTECODE={0x44, 0x1, "eff37089b986e564a9f8e301bec51b69bcc23e547f50ff5c33284b323a9ff5dba965e64b816e2a69901b22e19c51f2c42b29eef88028c1b64f93781397630c96"}, @INET_DIAG_REQ_BYTECODE={0x10, 0x1, "b8efd75b2f616dc8afdbca6f"}, @INET_DIAG_REQ_BYTECODE={0x49, 0x1, "6ea59362422ec19d1600d16d0c60c8608abedd7d2d7ab8b597dec1b5065478ff1ba4edd3e5554fee0742a77a8a48ef73063ac38d2a9037c62bed7ac76170e3f1acfd2cf8b1"}, @INET_DIAG_REQ_BYTECODE={0x22, 0x1, "73c8e85a27503aebf17ace5a28aac601c49b078472499e21ea34cd26171d"}, @INET_DIAG_REQ_BYTECODE={0xdd, 0x1, "5d0a296a5a2d3f2e36f4f26f3280de495e42ee0ea200929988f6b1475e91302078fd031367d43ba5f290fd0df1c704cfac20ca85c50a67c1d806dd96559ab3f161a038c8072e5df53b0df2d8328431d79d4c3b627a3d358eb36349790c5b690501587693025a9f676e5853dbb8232a17fd51b42a7429b46a48f109eaf19c254105457ac0c1e7fa8270570dbd48295339d48939978294182a437601211ef28e64d9a8a14305b97fb5445205fdb815569135be37316b0202af2c74f953585adf6a0288bab30f4c87913d14e895fd5c0431673c2c0144fa14a3a8"}, @INET_DIAG_REQ_BYTECODE={0x1000, 0x1, "441eedf46f56455cb01e9482abde44f01c2829a282eaf99bcafaa351dfbab161b9f8f302b8fb562d89a1babf942ea6ce8dc48ebfc6dd1c7bd50f1cedd4448f94837e533c110b8c1730da82186b3216e1b001cd498e78b5a1097108de9cd54263196a50bdc30e672b076f8cb8e89696d320dd840b6b7f3aa976557bfde548bb3db8bd02f534467cfbfaaa1c200bb861dab9045d8c9ede35953e5c4901b8c104a4994267e1cf4c56c6055d0c1c32d8ea1c4d02bc940e38d47f5e8f061b98eb370860f2c36194c6e301e0da1f4071de76b20877361646d768fbae77e26805ce2622b75a9649f50fe82f7c67e20bd7140d6133e301a45fa0e331dce12c1c2a3c77e74d21da4367c4d225a5da6e7555510e14d5270f9af29b4ef6b2d3ab32202a25c65d726901b37076f973da3e360b75e5cb414a2df649fc6e1f16e4c80bf97f20219de8ed3886c8a1b8825981658cf52fc361aa9570b556b48011973c6b6186b70e99f0993b55ed379f23c87cfb7c6da71e939ba7321724e07bf05b38f05bf5096f302b07ef6599be68df6a47ea2f6627049bfaab119734d81583f15b647f9de98153b60871f4731ada87cf5a57f380c6d350b90ceca7dab4189e0c3aa272cd8cdb7eee3b859c3c95caba6b81df4d1c1d0ea6ac2e26dbd1fb72b44423984dcc477cb460edc919a076cf6906cabd2128f93e20080fc0be1fc353776d70ccfd73394f67785dc265469a65a133eeea645390b0bbd65a72c6fbdcfd691cdc8f9448df73ee7ec9539fab1b033b05d8a8eb3681b7fc1caa9b6cb5722526e7d4928f665550cdc904e1059584005d2bcc5e0855845189da15ee7d80dd4560ccc258ac3f5a73e24e9f04c7fbb3659ea51ae749a577d436c2921c264f890199c71a5cb52dcf6016869e5f2e6d51691caa1acd1f02c49734beeacecc81149478fb581c2fbffaab82ef37bd1c244c09f00609c696957e9983200097e9a914244c90adf72d35e3df3da176d0fb0e06bc882ac5233908a0acb902f9a704d7e50b2036686727085ad5cba8a1626c57cdf61cd0652f50aea7018112ec8ba84f35b42cb308827e25cd928087eadf0d15e5c9b0838aa2a5e7908751230d6bfa3ac5f8f4a84e87d59c5cf0a27f37ef39aafdbdd7885d4e6e0bfbe8ea24950f2b07a6c97b1d6edd771258381292659faa55e5ee8d08f3aba69dc78934cf6e6381e8c660e28947f79b7f3cd173641d7db34fa68220cf4218aabb54309bf2e891a015f265384ad83a126f6cd5479fc4458c9c49fcdcd8fd26d29bf910aa447ce75c9d8d684ee5b6144c3f23618022f770966e3a96edf960e5115f825c55185fed13d1a45da12c716a4d4ea3178a1d5c5584204838ecc88b2964d453777ae5d38df4db8af617c01b20194378d0d8c0f25f40c33fc576682198cd4f0df6d077b93996456d51e87835e4cc3a30fab78983e0ffc229bd84860bfc0345f91d4c8d7492b9c12e84d5eb26fc7031c30f768da8aaa88f04806476879ca4f3aa029cd0a513c1351cb102fa20aa1ab587af48d7eeafb0a1d610d045db8f0670507941215324bf6ea85c5cfed5f11fe0ec2e029291d3aa1b4d6894d174ac4a2b30f8a8cdd6e4798f4c0f9efd5fd7618a2e42af6445883cbb192e6b10f3c471942668f1f13b30fbfec270e4b06a8c8c27ecc7daaf25817ce09eea931a43be6ad191ac3b951174f174b39a63af520c246cd265aaf41c26e8c7364303bb14bb10c422dada1c3a82a50e22e2ff0725405733356afe184401fb4645a6a1328e3a22dddaad8fc38ebee15557b7c0cf845057c8fa90e50834d65de24f5d57f13ecb7a4ad3b41bb8216d8a13e6754d317d3831e72437bec35d6fa1bf7eb6af9a0e5f0510de7c127035ad818e9b24b6cdddafa5fec976ab3e32126b8e2c398267297159c2b708c1356396fee65603c4d8c85ab5d303d1002c006039a43758e0e6a17ad9af673e520ffd8c0d6f144210e3584a48a61cd377dfbc0f8e764d2397fb4bcde25c7218664573708fe384944cd9ed6ad6cacc38fb5791e585e0ed4f79d85c102954b020964813a66a43418074db11de3ea7a204105913c4c398f6d469a6c7fdc8789d6d579386bc3cda2d6e8ddcf6262a7c9a69799e61c61fee0afebbfd2df7dc5044dfae7affa19e88ae938c5747da7a463f5bcf8633252c1bec45b121b495afda2450a844f548a70240f089c95c8c1a1e625dd2780ea68dd34bd33ed85be20d855e9f1c9250514b2bb69577cabb28a27de1b63d04d07671c154118cd765abffb2f49aed6577c958d9e014b1b74bf6ab8abd6f924416625828a3da8acfd4cb9faff14f5f75beba2268290c4407e311ab9cbfdecbfab9a61c12ef78b9987ffc3df3a9b8a41cf37e45ab274f1eb8a66583690bbbf055f4241266f454da2769f4db27430e5a4e7c50542e3d494d4ec97bf01583b2b2281bbdc2b7abd551e8875c0a6f9f4ad2e63d8c5410a795d1c87d2887f6ba4dd29d1bc2775608987e81a068ba51e58b5bb5cf5cc5e15fefaf2589ba1ec8171e8fd4fc7c813c7242add016b1ac0cf27bf1e0fa2599e0b64ff4032ed802823fcf44c56bde0fdd4544ac9e846d513cf83d7a0cfab3b4b0b54ada6419b21642f05db861934c9890d257c80505de067d2a7079ccc2b1cbc87814e01027bc73f942d9a2213bd5aca7363706f082c6417f3fd827b3b1a1763e9ef00c070806b3c4e6b012bce55f79a01ed8a75366e9218a19d14e01a73b35b736a646974824fb076a55f7d72f5f0d71e4aab6482900283a72cdf154ebf30a6969b82da2811ec8def9433a5aaeb5f58b861d30eec8a32b5854d5c2b0b4292dd7fabcb9aa32d0032642162a8ef6cc03a1343e911c965f84f90f2192460eaaa6fcea54716ceb7732878ae0e3ec9a553cb331d8c70b36b30fcfe8ae67a27a67bfc2bde71dbfae54594e1103d404a5bebd90b420f6bc01f650a0f09662ca82a8b93c4bd321a3c4afeaeba672dcdbd31aa2beaf7047085bf5025a229fd7b70232d546235eaf10e0802445d8faf6adf2efcdb70e2a3595a6d7969749eb1e986ae3d8ed98c000637c9de4a3dd115035593f74c111dcc967ea158c12630242630e308b2f3695a3627b0966024156d51e7718fc89c9c37dac4247d7efa157ba6fa08738ed859661023ed58ae5a9041207b7431bad44f388016e21ceb92e58b9f914d11d1e98cb2514ff7440ea371fd07c57d03b1d50b35539a76fc4acdfe6331e0d3c772bf153f6388219c990b50076866a20119a51c57cdb60c79f7595e42e5f3def837afd7e26918627c992819bd6835f3d1e6b980ecfa41bb9c3f899e3ea1290f9ce652686e973e488ec0bedc2337e8df9fec2d4ca54c20b7f01cf770127ab3898fb01ad5e96d1c379be1a79b173d433836f4889d12ec5c28c8c17c0c9dbf1d38bd08307022e646da959d6678eb08a777ac11e31455e85d0cdd9dce1571e4be90df02a0cec41e31900577c6f1b63d6b0a6c05d87ff9ba94081879172ba2397d043e1749eaad4a568b6411ac94479f6454d2e6e248c86e4c87f54cabed1b8c4a92d82b99e50fb900822e6b46a41159f598e713cf7401e8bfe21fe59bb852078b78c8872c3964b9d5ea2772e01d6bd627d1aad5bd5a79b2038aa533b5da6546179748a7a527e68fefa28a699b9d03fdd15327a0a972e6def34b2801d68444b8aac8c14192752b801751fdf060fc472e0de949b03a4b7a27fd36982fc2d7f08412934f6e916463640393e078bb05aeec200754c2cda7569cd85d249a6c8e153ed3bf3462c2fa690dd1a1bda9e1a95ce80af911c85a3fdbf2f5abe49496dc959323230b60df153e82334bab8804fbd33f1658ccc9f9b54f59cd81c5b7a1b47d3650985ede4bc360f7b2965c6608c696815879dfaf09fd33f7b7dff4e8a05e8dde3d91d3ac72f25ef0281ac2331dc0f0612031def949668b8e5a6943449b7ada423cfe5bea8d29aa29995652340b091a49890b316513640428de535921886bc465eeab50733f137a9daf5c390fd3f6fae0ba59522ce6eda80d61fc8e2d5f172ca54ae335113d5bc426d63749db73d38c0a25be8a964cd7d8b60713accbfed43e27f1d55bf8c569bef24989cfa37fca30573623ace47ae93219707d9b39d70dfba2bb184ef49ab0006f0f54e64cb429e64b32b5a5edf3afe4bac97de14748104a75f7a7ef6420b8d71a3b747c9370ca047e72c30f28bd74615f4a3358a308176696c8a618d7afd3126b9169636d52b8e1c07e978cd76b5ebfcd107b67c872a675a3ca1572102f2cd37ad25d7d5b519b672545d9a3b6c0c8eaabfd05b890589fa5af020f348fb81d74bd2e6fe10a3651a8354ca904246a76d44e31a1cf696fbd32875db7228b4fc0ae6ab4426505c5dffb28bab18242cbf781b725a4a8d4ecef8335738284fc11f696b88f8057c4d16071124e320704853f348408e62ce593d5eb0772fe45a6dfa181ae902e868ce96aba66099cab19434f2bb28cfecd758de50057fe7ecb521c616911bc0ae726c6eb0bcd05e2c8e877719ef3aa3756ccd0f8d29103f3f748631f300c0cc76e42338f3e586f316829afaad0c440d3a43f6b614e2701b231909d20e864e32aac13b8a703969e1d68e67ef67ffab8b5f3dffb67f7c57fb30a4fd1c46c916ece254961df8e80acdbddcc500b2fd926b6f21427e72e9a58414a82dbff5b2df7a89dbd8c2bdecc07cec93e350777423ef41782cea39808cdab874fe7cb7e86e48e17d83ff63e9b013d662c7883c8663aa92b155443ae38ca9e5df5351ae7b9d1e7e7c6a5ed50a377527bce629d74f111c2d4f33fabb2be109a1c842e3f68ddea6b2a27eeae2f6412a463591ae3da6001f9501ef8adc099015a0fda3cbdecdb1eb5fea17c88c5cab150aba23fc46edb1e3a38364df38056a04af406344ba8653af402da905cf3085f9e9a34103bd5372fa9836d2671b7202dbb2a3d836ead2a5e007723f9abc8745abea6ac89cf4a58e28e547321a459beaedd1203968f658f4faf02a7f9d1a32a7b2590fdffc68f360f50056d69bc5576389c400e8527155b4d935a62de3c65916d677a07f73d4e9551505b95d4f2c2977220967901476308aba2517a3bb06406a05a82e29ea7988ef25c469a7ea5aa08a0734d85595c0e9ab3a8047ca0cb78e4127e452ece2fc6e4bf8a8830565b9c52a2bbd233dbe74a935102dd0b54e7e10f5714be770af27d9a7fa9c489d521257d2b453fa329c94e8ea266ff15eee3c68b5a93accbd1be75027fb79aeb90ffbe394d364cbda8c67cee6b660f0996bf15ce88b74f794578dfb15b67d996a07b547606953569e5a1ea6565b6366cc7d0d7b0ccc8d46d7cbf112a192b8605090a03c6f32600b30de2d0f653c9a52b5e2d616f9177c5897525830fb6966be390dc72b72e726e041d3fc28bfd7da248fc9804b4a790b5ffa955eb663ef1c2c5c42c6377539f080728df9231c00d74044ce89950a4db07157f81322bce9f825ce23375e3b9aa9a54b70b38f75d2795b869fd2646e47e4f9d8079252541a5bc3c63df65d1356cf1111e194dce9d5d48146c251794117bea073b5329898778859bbefcf0beaade54a642798952289771f48013bc36aa8171a836e22f8937cd8c53698d2c9119b898d1e6b96846fa578e30c8f1a3359bc8f4af5b1db79eb130694ea5496d2668a53b7db8ae46ba1c759fc834dfdf772a79fe504db001ec6eb5c52f0a8879e91acca3012b698a3fd017cd028dcec4b517aed830877cbdef308c0ff31eee7411aa957df9d52d9ace03c96"}]}, 0x11d0}}, 0x4) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) [ 1802.874539][T15896] attempt to access beyond end of device [ 1802.880678][T15896] loop4: rw=0, want=2390, limit=116 [ 1802.886333][T15884] FAT-fs (loop4): Filesystem has been set read-only [ 1802.901167][T15899] attempt to access beyond end of device [ 1802.905464][T15888] FAT-fs (loop5): Filesystem has been set read-only [ 1802.918520][T15896] attempt to access beyond end of device 12:20:15 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x20001, 0x10270) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) [ 1802.932002][T15899] loop5: rw=0, want=2390, limit=116 [ 1802.944711][T15896] loop4: rw=0, want=2391, limit=116 [ 1802.951100][T15899] attempt to access beyond end of device [ 1802.961137][T15896] attempt to access beyond end of device 12:20:16 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1802.987363][T15896] loop4: rw=0, want=2392, limit=116 [ 1802.999251][T15899] loop5: rw=0, want=2391, limit=116 [ 1803.010261][T15896] attempt to access beyond end of device [ 1803.024844][T15899] attempt to access beyond end of device [ 1803.049729][T15896] loop4: rw=0, want=2393, limit=116 [ 1803.058502][T15899] loop5: rw=0, want=2392, limit=116 [ 1803.075117][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.082912][T15899] attempt to access beyond end of device [ 1803.109914][T15899] loop5: rw=0, want=2393, limit=116 [ 1803.134888][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.135657][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1803.151629][T15910] FAT-fs (loop1): Filesystem has been set read-only [ 1803.154830][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.167598][T15910] attempt to access beyond end of device [ 1803.179781][T15910] loop1: rw=0, want=2390, limit=116 [ 1803.190847][T15910] attempt to access beyond end of device [ 1803.203132][T15910] loop1: rw=0, want=2391, limit=116 [ 1803.215711][T15910] attempt to access beyond end of device [ 1803.227982][T15910] loop1: rw=0, want=2392, limit=116 [ 1803.231314][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.238958][T15910] attempt to access beyond end of device [ 1803.256016][T15910] loop1: rw=0, want=2393, limit=116 [ 1803.268055][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.276122][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:16 executing program 0: [ 1803.285185][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.302207][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.325649][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.331046][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1803.342508][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.358741][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.373636][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.373927][T15907] input: syz1 as /devices/virtual/input/input17 [ 1803.393601][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.410617][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1803.420982][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.440489][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.453906][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1803.461853][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.461938][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1803.480007][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:16 executing program 0: [ 1803.481220][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1803.503391][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.533335][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) 12:20:16 executing program 3: 12:20:16 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) [ 1803.545317][T15896] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1803.554463][T15910] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1803.561584][T15899] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1803.562675][T15921] attempt to access beyond end of device [ 1803.604709][T15921] loop1: rw=0, want=2390, limit=116 [ 1803.612219][T15921] attempt to access beyond end of device [ 1803.638352][T15921] loop1: rw=0, want=2391, limit=116 12:20:16 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r3, 0xc0385720, &(0x7f00000000c0)={0x1}) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:16 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000240)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xdaeb, 0x0, &(0x7f0000000040), 0x20080c0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x12) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f00000000c0)) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r2, &(0x7f0000003a40)={0xa, 0x0, 0x2, @local}, 0x54) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) write$FUSE_INIT(r3, &(0x7f0000000380)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1f, 0x6, 0x200802, 0x3ff, 0x1, 0x2, 0x8001}}, 0x50) ioctl$SIOCX25GFACILITIES(r3, 0x89e2, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1803.663634][T15921] attempt to access beyond end of device [ 1803.680279][T15921] loop1: rw=0, want=2392, limit=116 [ 1803.692224][T15921] attempt to access beyond end of device 12:20:16 executing program 0: 12:20:16 executing program 3: [ 1803.725024][T15921] loop1: rw=0, want=2393, limit=116 12:20:16 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1803.952727][T15946] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:17 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, 0x0, 0x0) [ 1804.008755][T15946] FAT-fs (loop4): Filesystem has been set read-only [ 1804.008864][T15958] attempt to access beyond end of device [ 1804.034158][T15958] loop4: rw=0, want=2390, limit=116 [ 1804.048912][T15958] attempt to access beyond end of device 12:20:17 executing program 0: 12:20:17 executing program 3: [ 1804.057464][T15958] loop4: rw=0, want=2391, limit=116 [ 1804.075489][T15958] attempt to access beyond end of device [ 1804.081365][T15958] loop4: rw=0, want=2392, limit=116 [ 1804.124626][T15958] attempt to access beyond end of device [ 1804.143260][T15958] loop4: rw=0, want=2393, limit=116 [ 1804.150067][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.176794][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.183001][T15961] FAT-fs (loop1): Filesystem has been set read-only [ 1804.186418][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.200473][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.208931][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.217436][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:17 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r3, 0x1000000) sendfile(0xffffffffffffffff, r3, &(0x7f00000000c0)=0xf18001, 0xeefffdef) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x810, r3, 0xe7a6b000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1804.218094][T15961] attempt to access beyond end of device [ 1804.226931][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.239426][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.249893][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.265806][T15958] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1804.276536][T15961] loop1: rw=0, want=2390, limit=116 [ 1804.281781][T15965] attempt to access beyond end of device [ 1804.290322][T15965] loop4: rw=0, want=2390, limit=116 [ 1804.298337][T15965] attempt to access beyond end of device [ 1804.305705][T15961] attempt to access beyond end of device [ 1804.311411][T15965] loop4: rw=0, want=2391, limit=116 [ 1804.319254][T15961] loop1: rw=0, want=2391, limit=116 12:20:17 executing program 3: 12:20:17 executing program 0: [ 1804.327503][T15965] attempt to access beyond end of device [ 1804.333261][T15961] attempt to access beyond end of device [ 1804.342616][T15965] loop4: rw=0, want=2392, limit=116 [ 1804.349166][T15961] loop1: rw=0, want=2392, limit=116 [ 1804.360376][T15965] attempt to access beyond end of device [ 1804.367802][T15961] attempt to access beyond end of device [ 1804.380117][T15965] loop4: rw=0, want=2393, limit=116 [ 1804.388481][T15961] loop1: rw=0, want=2393, limit=116 [ 1804.396386][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.439118][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:17 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, 0x0, 0x0) [ 1804.506662][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1804.524863][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.578626][T15979] FAT-fs (loop5): Filesystem has been set read-only [ 1804.597652][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.614253][T15979] attempt to access beyond end of device 12:20:17 executing program 3: 12:20:17 executing program 0: 12:20:17 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x141102, 0xa) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r3, 0x1000000) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x1) sendfile(0xffffffffffffffff, r3, &(0x7f00000000c0)=0xf17fff, 0x1) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)) write$cgroup_int(r2, &(0x7f0000000200), 0x806000) write$cgroup_type(r0, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1804.628181][T15979] loop5: rw=0, want=2390, limit=116 [ 1804.669899][T15979] buffer_io_error: 68 callbacks suppressed [ 1804.669911][T15979] Buffer I/O error on dev loop5, logical block 2389, async page read [ 1804.689688][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.746398][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.780564][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:17 executing program 0: [ 1804.789758][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.798308][T15961] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1804.802501][T15979] attempt to access beyond end of device [ 1804.812932][T15976] attempt to access beyond end of device [ 1804.821768][T15976] loop1: rw=0, want=2390, limit=116 [ 1804.855882][T15976] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1804.868530][T15979] loop5: rw=0, want=2391, limit=116 [ 1804.903569][T15976] attempt to access beyond end of device [ 1804.909407][T15976] loop1: rw=0, want=2391, limit=116 [ 1804.914780][T15979] Buffer I/O error on dev loop5, logical block 2390, async page read [ 1804.915968][T15976] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1804.932638][T15976] attempt to access beyond end of device [ 1804.939170][T15976] loop1: rw=0, want=2392, limit=116 [ 1804.945113][T15976] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1804.955688][T15979] attempt to access beyond end of device [ 1804.961476][T15979] loop5: rw=0, want=2392, limit=116 [ 1804.962242][T15976] attempt to access beyond end of device [ 1804.980182][T15976] loop1: rw=0, want=2393, limit=116 [ 1804.984220][T15979] Buffer I/O error on dev loop5, logical block 2391, async page read [ 1804.986463][T15976] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1805.009091][T15979] attempt to access beyond end of device 12:20:18 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x6c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:18 executing program 0: 12:20:18 executing program 3: 12:20:18 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$FUSE_NOTIFY_STORE(r1, &(0x7f00000000c0)={0x2a, 0x4, 0x0, {0x6, 0xa26, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) socket$pppoe(0x18, 0x1, 0x0) [ 1805.055389][T15979] loop5: rw=0, want=2393, limit=116 [ 1805.060664][T15979] Buffer I/O error on dev loop5, logical block 2392, async page read [ 1805.097061][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.129035][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.153485][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.164208][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.172124][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.180917][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.191487][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.200126][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.208734][T15979] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.255400][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.264466][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.279832][T16015] FAT-fs (loop4): Filesystem has been set read-only [ 1805.283546][T16021] FAT-fs (loop1): Filesystem has been set read-only 12:20:18 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, 0x0, 0x0) 12:20:18 executing program 3: 12:20:18 executing program 0: [ 1805.305797][T16021] attempt to access beyond end of device [ 1805.307305][T16022] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.311497][T16021] loop1: rw=0, want=2390, limit=116 [ 1805.372405][T16015] attempt to access beyond end of device [ 1805.389437][T16015] loop4: rw=0, want=2390, limit=116 [ 1805.395945][T16021] Buffer I/O error on dev loop1, logical block 2389, async page read 12:20:18 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001240)=ANY=[@ANYRES32, @ANYBLOB="5600f0ae2ede5285251f947fb8d227c9ef569fb3c792426fda754ac767ba8235836bd708f599c740002967a3a6af25b0110dd1220ccae87cd9d3abc46920ecabca1e1ba165993cba0f34eccf1030b420528c5c83000000000000000000dd21985064a91d4c57e4183438031889bea149e8c81a6b36ac637e919ad36fb6b2c8909b53be3d11fda7e2783bd7cc8e8663e91ab04684801cb786a57cdee79488f9378290e6bdfec664945ac9bab4a528b11e7727c3a3cb9975c55438fadc3633f54cb6f0b4da9954517e349f5aebeddc10da980ab687fe86305065d81a4a9ce0749a482db10487db457d7dd1df6351072a259f6be72d1bb2b9a2dfeeaaa6077bf482a18df4cd1e51d39adffbbefb8ce1107680a5bb884672b1158eb8033ae9c45a2223cf5f7aa301c165f4cdc6c588c405ba9b4e69e6760048d35e6d63ac58216c372c128bfaee5d8c234b6715975ccbe972fa30af3a2971568ba2c7555a247f52c3"], &(0x7f0000000440)=0x2) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x6, 0x0, 0xb5}, 0x10) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000240)={r4, 0x7f}, &(0x7f00000002c0)=0x8) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) [ 1805.428214][T16015] Buffer I/O error on dev loop4, logical block 2389, async page read [ 1805.441939][T16021] attempt to access beyond end of device 12:20:18 executing program 0: 12:20:18 executing program 3: [ 1805.469700][T16015] attempt to access beyond end of device [ 1805.478889][T16021] loop1: rw=0, want=2391, limit=116 [ 1805.488613][T16021] attempt to access beyond end of device [ 1805.497749][T16015] loop4: rw=0, want=2391, limit=116 [ 1805.518932][T16015] attempt to access beyond end of device [ 1805.526939][T16021] loop1: rw=0, want=2392, limit=116 [ 1805.565712][T16015] loop4: rw=0, want=2392, limit=116 [ 1805.571321][T16021] attempt to access beyond end of device [ 1805.580441][T16015] attempt to access beyond end of device [ 1805.607087][T16021] loop1: rw=0, want=2393, limit=116 [ 1805.653517][T16015] loop4: rw=0, want=2393, limit=116 [ 1805.673148][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.704217][T16038] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.718589][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.752120][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.754517][T16044] attempt to access beyond end of device [ 1805.769061][T16038] FAT-fs (loop5): Filesystem has been set read-only [ 1805.775850][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.791561][T16044] loop5: rw=0, want=2390, limit=116 12:20:18 executing program 0: 12:20:18 executing program 3: [ 1805.798100][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.799742][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.823753][T16044] attempt to access beyond end of device [ 1805.836086][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.848389][T16044] loop5: rw=0, want=2391, limit=116 [ 1805.856771][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.867994][T16044] attempt to access beyond end of device [ 1805.879044][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.884791][T16044] loop5: rw=0, want=2392, limit=116 [ 1805.896540][T16044] attempt to access beyond end of device [ 1805.908926][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.915539][T16044] loop5: rw=0, want=2393, limit=116 [ 1805.923226][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.925626][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1805.949178][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.960173][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.978966][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1805.981348][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1805.987994][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.002925][T16015] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1806.014571][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.023207][T16022] attempt to access beyond end of device [ 1806.029132][T16022] loop4: rw=0, want=2390, limit=116 [ 1806.042314][T16022] attempt to access beyond end of device [ 1806.051757][T16022] loop4: rw=0, want=2391, limit=116 [ 1806.053432][T16021] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.057914][T16022] attempt to access beyond end of device [ 1806.064860][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.074253][T16022] loop4: rw=0, want=2392, limit=116 [ 1806.087842][T16022] attempt to access beyond end of device [ 1806.094110][T16022] loop4: rw=0, want=2393, limit=116 [ 1806.099677][T16022] attempt to access beyond end of device [ 1806.103647][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.108918][T16022] loop4: rw=0, want=2390, limit=116 [ 1806.113174][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.113198][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.119415][T16022] attempt to access beyond end of device [ 1806.144318][T16022] loop4: rw=0, want=2391, limit=116 [ 1806.149710][T16022] attempt to access beyond end of device 12:20:19 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x74], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:19 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:19 executing program 0: [ 1806.163526][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.185687][T16022] loop4: rw=0, want=2392, limit=116 [ 1806.192593][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.197799][T16022] attempt to access beyond end of device [ 1806.217997][T16022] loop4: rw=0, want=2393, limit=116 [ 1806.222390][T16044] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.242418][T16058] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 12:20:19 executing program 3: 12:20:19 executing program 0: [ 1806.265376][T16038] attempt to access beyond end of device [ 1806.271079][T16038] loop5: rw=0, want=2390, limit=116 [ 1806.296760][T16038] attempt to access beyond end of device 12:20:19 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r4}, 0x14) sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032dbd70007ddbdf254500000008000300", @ANYRES32=0x0, @ANYBLOB="1c000100", @ANYRES32=0x0, @ANYBLOB="0c009900060000000000000008000100ffffffff080001000300000008000300", @ANYRES32, @ANYBLOB="e89b4c361b7b1fcc7913df584af3bf305901681f1e46bee6b26b39173ee7ffed6d494da7bd0888628c1d8591affff1d60c599886379cadf30d393fd4e62cf18c51788108d8c19ddaf5070c85f36dd5d605aee7544be88b2fcb0e69fc6e5c353a3574fed52ab4ce2dd0e806bd2b0fda36d4744ba7dbfae200600ae0fe52494b7a1eaa1abc627c77ea638fcc67706439279fb63f2f9f14ec375611a1ab"], 0x9}, 0x1, 0x0, 0x0, 0x8010}, 0x20000811) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1806.328827][T16038] loop5: rw=0, want=2391, limit=116 12:20:19 executing program 3: [ 1806.355773][T16038] attempt to access beyond end of device [ 1806.379613][T16038] loop5: rw=0, want=2392, limit=116 [ 1806.446278][T16038] attempt to access beyond end of device [ 1806.471896][T16038] loop5: rw=0, want=2393, limit=116 [ 1806.483130][T16064] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.530106][T16064] FAT-fs (loop1): Filesystem has been set read-only [ 1806.538545][T16077] attempt to access beyond end of device [ 1806.567605][T16077] loop1: rw=0, want=2390, limit=116 12:20:19 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000000c0)) connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) 12:20:19 executing program 0: 12:20:19 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:19 executing program 3: [ 1806.618698][T16077] attempt to access beyond end of device [ 1806.645002][T16077] loop1: rw=0, want=2391, limit=116 [ 1806.690677][T16077] attempt to access beyond end of device [ 1806.732891][T16077] loop1: rw=0, want=2392, limit=116 [ 1806.756332][T16077] attempt to access beyond end of device [ 1806.765597][T16085] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 1806.786593][T16077] loop1: rw=0, want=2393, limit=116 12:20:19 executing program 4: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r0) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, r0) openat$kvm(0xffffffffffffff9c, 0x0, 0x109003, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16, 0x200}], 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1806.812837][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.848076][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.872111][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.898990][T16095] FAT-fs (loop4): bogus number of reserved sectors [ 1806.912242][T16095] FAT-fs (loop4): Can't find a valid FAT filesystem [ 1806.918082][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.932097][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1806.956154][T16090] FAT-fs (loop5): Filesystem has been set read-only [ 1806.963501][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.971546][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1806.994348][T16090] attempt to access beyond end of device [ 1807.000010][T16090] loop5: rw=0, want=2390, limit=116 [ 1807.006019][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.013968][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.022941][T16090] attempt to access beyond end of device [ 1807.043391][T16077] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.063366][T16090] loop5: rw=0, want=2391, limit=116 [ 1807.068583][T16090] attempt to access beyond end of device [ 1807.077370][T16064] attempt to access beyond end of device [ 1807.083372][T16090] loop5: rw=0, want=2392, limit=116 [ 1807.088591][T16090] attempt to access beyond end of device [ 1807.090264][ T2518] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1807.099636][T16090] loop5: rw=0, want=2393, limit=116 [ 1807.110652][T16064] loop1: rw=0, want=2390, limit=116 [ 1807.127806][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.135714][T16064] attempt to access beyond end of device [ 1807.141354][T16064] loop1: rw=0, want=2391, limit=116 [ 1807.154638][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.159183][T16064] attempt to access beyond end of device [ 1807.183372][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.185049][T16064] loop1: rw=0, want=2392, limit=116 [ 1807.191193][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.191248][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.191269][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.198390][T16064] attempt to access beyond end of device [ 1807.223346][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.226988][T16064] loop1: rw=0, want=2393, limit=116 12:20:20 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:20 executing program 0: 12:20:20 executing program 3: 12:20:20 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0x2e) 12:20:20 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0xc, &(0x7f00000000c0)=""/48, &(0x7f00000001c0)=0x30) [ 1807.255726][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.282475][T16090] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000024f) [ 1807.320200][T16102] attempt to access beyond end of device [ 1807.328762][T16102] loop5: rw=0, want=2390, limit=116 [ 1807.361755][T16115] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 1807.381932][T16102] attempt to access beyond end of device [ 1807.402045][T16102] loop5: rw=0, want=2391, limit=116 12:20:20 executing program 3: 12:20:20 executing program 0: [ 1807.419227][T16119] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1807.434814][T16102] attempt to access beyond end of device [ 1807.440593][T16102] loop5: rw=0, want=2392, limit=116 [ 1807.448043][T16102] attempt to access beyond end of device [ 1807.454486][T16102] loop5: rw=0, want=2393, limit=116 [ 1807.465996][T16119] FAT-fs (loop4): Filesystem has been set read-only [ 1807.520618][T16125] attempt to access beyond end of device [ 1807.526973][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.534859][T16123] FAT-fs (loop1): Filesystem has been set read-only [ 1807.542752][T16123] attempt to access beyond end of device [ 1807.548427][T16123] loop1: rw=0, want=2390, limit=116 [ 1807.553669][T16123] attempt to access beyond end of device [ 1807.559301][T16123] loop1: rw=0, want=2391, limit=116 [ 1807.564598][T16123] attempt to access beyond end of device [ 1807.566788][T16125] loop4: rw=0, want=2390, limit=116 [ 1807.570231][T16123] loop1: rw=0, want=2392, limit=116 [ 1807.570249][T16123] attempt to access beyond end of device [ 1807.570260][T16123] loop1: rw=0, want=2393, limit=116 [ 1807.570334][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.600314][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.608318][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.616346][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.625123][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.633031][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.640894][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.649051][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1807.657774][T16123] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:20 executing program 5: [ 1807.666573][T16129] attempt to access beyond end of device [ 1807.672396][T16125] attempt to access beyond end of device 12:20:20 executing program 3: [ 1807.718266][T16129] loop1: rw=0, want=2390, limit=116 [ 1807.719389][T16125] loop4: rw=0, want=2391, limit=116 [ 1807.729600][T16125] attempt to access beyond end of device [ 1807.736409][T16125] loop4: rw=0, want=2392, limit=116 [ 1807.742232][T16125] attempt to access beyond end of device [ 1807.750600][T16125] loop4: rw=0, want=2393, limit=116 [ 1807.756289][T16129] attempt to access beyond end of device 12:20:20 executing program 0: [ 1807.762241][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1807.773035][T16129] loop1: rw=0, want=2391, limit=116 [ 1807.778940][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1807.787297][T16129] attempt to access beyond end of device [ 1807.793227][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1807.801774][T16129] loop1: rw=0, want=2392, limit=116 [ 1807.809226][T16129] attempt to access beyond end of device [ 1807.816189][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1807.826332][T16129] loop1: rw=0, want=2393, limit=116 [ 1807.831686][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1807.875515][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:20 executing program 3: 12:20:20 executing program 2: 12:20:20 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:20 executing program 0: [ 1807.924139][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1807.931993][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:20 executing program 5: 12:20:21 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r5, 0x800c5011, &(0x7f00000001c0)) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) r6 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x20000, 0x0) ioctl$VIDIOC_S_MODULATOR(r6, 0x40445637, &(0x7f00000002c0)={0x80000000, "82d7d09004da26b6002e68f793ab4fc09582d8f2ca20aaf15363d986f7c2be12", 0x80, 0x80000000, 0x2, 0x0, 0x3}) socket$pppoe(0x18, 0x1, 0x0) [ 1807.983740][T16125] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:21 executing program 0: 12:20:21 executing program 3: 12:20:21 executing program 5: 12:20:21 executing program 2: 12:20:21 executing program 3: [ 1808.261235][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.274909][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.298443][T16156] FAT-fs (loop4): Filesystem has been set read-only [ 1808.306222][T16153] FAT-fs (loop1): Filesystem has been set read-only [ 1808.316308][T16156] attempt to access beyond end of device [ 1808.322529][T16153] attempt to access beyond end of device [ 1808.353298][T16156] loop4: rw=0, want=2390, limit=116 [ 1808.358538][T16156] attempt to access beyond end of device [ 1808.371135][T16153] loop1: rw=0, want=2390, limit=116 [ 1808.373661][T16156] loop4: rw=0, want=2391, limit=116 [ 1808.382220][T16156] attempt to access beyond end of device 12:20:21 executing program 0: [ 1808.400928][T16153] attempt to access beyond end of device [ 1808.403302][T16156] loop4: rw=0, want=2392, limit=116 [ 1808.417333][T16156] attempt to access beyond end of device [ 1808.429332][T16156] loop4: rw=0, want=2393, limit=116 [ 1808.440308][T16153] loop1: rw=0, want=2391, limit=116 12:20:21 executing program 5: 12:20:21 executing program 2: [ 1808.446714][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.474305][T16153] attempt to access beyond end of device [ 1808.483136][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.502063][T16153] loop1: rw=0, want=2392, limit=116 [ 1808.514945][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.517405][T16153] attempt to access beyond end of device [ 1808.541791][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.569183][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.570434][T16153] loop1: rw=0, want=2393, limit=116 [ 1808.593814][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.600236][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.611969][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.621330][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.642096][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.642431][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.660317][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.671187][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.678231][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.679535][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.695510][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.698780][T16156] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1808.704364][T16153] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1808.720157][T16165] attempt to access beyond end of device [ 1808.726033][T16165] loop1: rw=0, want=2390, limit=116 [ 1808.731747][T16165] attempt to access beyond end of device [ 1808.732495][T16169] attempt to access beyond end of device [ 1808.737790][T16165] loop1: rw=0, want=2391, limit=116 [ 1808.737811][T16165] attempt to access beyond end of device [ 1808.754524][T16165] loop1: rw=0, want=2392, limit=116 [ 1808.756057][T16169] loop4: rw=0, want=2390, limit=116 [ 1808.759728][T16165] attempt to access beyond end of device [ 1808.759747][T16165] loop1: rw=0, want=2393, limit=116 [ 1808.776783][T16169] attempt to access beyond end of device [ 1808.793270][T16169] loop4: rw=0, want=2391, limit=116 [ 1808.798783][T16169] attempt to access beyond end of device [ 1808.813260][T16169] loop4: rw=0, want=2392, limit=116 [ 1808.818495][T16169] attempt to access beyond end of device 12:20:21 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:21 executing program 3: 12:20:21 executing program 5: [ 1808.828064][T16169] loop4: rw=0, want=2393, limit=116 12:20:21 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) recvmsg$can_bcm(r1, &(0x7f0000000240)={&(0x7f00000002c0)=@hci, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000380)=""/122, 0x7a}, {&(0x7f0000000400)=""/145, 0x91}], 0x2, &(0x7f00000001c0)=""/8, 0x8}, 0x40) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:21 executing program 2: 12:20:21 executing program 0: 12:20:21 executing program 5: 12:20:21 executing program 3: 12:20:22 executing program 0: 12:20:22 executing program 2: [ 1809.119374][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.119929][T16183] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.136089][T16189] FAT-fs (loop4): Filesystem has been set read-only 12:20:22 executing program 5: [ 1809.177110][T16195] attempt to access beyond end of device [ 1809.191325][T16189] attempt to access beyond end of device 12:20:22 executing program 0: [ 1809.243010][T16195] loop1: rw=0, want=2390, limit=116 [ 1809.255395][T16189] loop4: rw=0, want=2390, limit=116 [ 1809.278505][T16183] FAT-fs (loop1): Filesystem has been set read-only [ 1809.305475][T16195] attempt to access beyond end of device [ 1809.315131][T16189] attempt to access beyond end of device [ 1809.333051][T16195] loop1: rw=0, want=2391, limit=116 [ 1809.340126][T16189] loop4: rw=0, want=2391, limit=116 [ 1809.355398][T16195] attempt to access beyond end of device [ 1809.362255][T16189] attempt to access beyond end of device [ 1809.397258][T16195] loop1: rw=0, want=2392, limit=116 [ 1809.402565][T16189] loop4: rw=0, want=2392, limit=116 [ 1809.415754][T16195] attempt to access beyond end of device [ 1809.421738][T16189] attempt to access beyond end of device [ 1809.434219][T16195] loop1: rw=0, want=2393, limit=116 [ 1809.436781][T16189] loop4: rw=0, want=2393, limit=116 [ 1809.445913][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.446983][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.454781][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.470752][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.472907][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.479411][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.495349][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.503652][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.506704][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.511579][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.528421][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.536493][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.537007][T16189] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1809.553244][T16194] attempt to access beyond end of device [ 1809.556550][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.559504][T16194] loop4: rw=0, want=2390, limit=116 [ 1809.574076][T16194] attempt to access beyond end of device [ 1809.579844][T16194] loop4: rw=0, want=2391, limit=116 [ 1809.580737][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.586093][T16194] attempt to access beyond end of device [ 1809.598538][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.599530][T16194] loop4: rw=0, want=2392, limit=116 [ 1809.612719][T16194] attempt to access beyond end of device [ 1809.617920][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.619289][T16194] loop4: rw=0, want=2393, limit=116 [ 1809.632812][T16195] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1809.641515][T16197] attempt to access beyond end of device [ 1809.648137][T16197] loop1: rw=0, want=2390, limit=116 [ 1809.653407][T16197] attempt to access beyond end of device [ 1809.673222][T16197] loop1: rw=0, want=2391, limit=116 [ 1809.678445][T16197] buffer_io_error: 79 callbacks suppressed [ 1809.678458][T16197] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1809.702460][T16197] attempt to access beyond end of device [ 1809.710475][T16197] loop1: rw=0, want=2392, limit=116 [ 1809.716437][T16197] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1809.724736][T16197] attempt to access beyond end of device [ 1809.730396][T16197] loop1: rw=0, want=2393, limit=116 [ 1809.735643][T16197] Buffer I/O error on dev loop1, logical block 2392, async page read 12:20:22 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:22 executing program 3: 12:20:22 executing program 2: 12:20:22 executing program 5: 12:20:22 executing program 0: 12:20:22 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) signalfd(r0, &(0x7f00000000c0)={[0x1000]}, 0x8) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:22 executing program 2: 12:20:22 executing program 5: 12:20:22 executing program 0: 12:20:22 executing program 3: [ 1810.010751][T16212] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.060631][T16225] attempt to access beyond end of device [ 1810.065134][T16212] FAT-fs (loop4): Filesystem has been set read-only [ 1810.072314][T16225] loop4: rw=0, want=2390, limit=116 [ 1810.096472][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.104416][T16221] FAT-fs (loop1): Filesystem has been set read-only [ 1810.112382][T16221] attempt to access beyond end of device [ 1810.118300][T16221] loop1: rw=0, want=2390, limit=116 [ 1810.123714][T16221] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1810.131856][T16221] attempt to access beyond end of device [ 1810.132366][T16225] Buffer I/O error on dev loop4, logical block 2389, async page read [ 1810.137755][T16221] loop1: rw=0, want=2391, limit=116 [ 1810.151015][T16221] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1810.159958][T16221] attempt to access beyond end of device [ 1810.166346][T16221] loop1: rw=0, want=2392, limit=116 [ 1810.171596][T16221] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1810.180872][T16221] attempt to access beyond end of device [ 1810.187103][T16221] loop1: rw=0, want=2393, limit=116 [ 1810.192337][T16221] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1810.202056][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:23 executing program 0: 12:20:23 executing program 2: [ 1810.210625][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.219004][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.227026][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.234951][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.243439][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.253020][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.261896][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.270289][T16221] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.279400][T16228] attempt to access beyond end of device [ 1810.280338][T16225] attempt to access beyond end of device [ 1810.285754][T16228] loop1: rw=0, want=2390, limit=116 [ 1810.293802][T16225] loop4: rw=0, want=2391, limit=116 [ 1810.303825][T16225] Buffer I/O error on dev loop4, logical block 2390, async page read [ 1810.321727][T16225] attempt to access beyond end of device [ 1810.340812][T16225] loop4: rw=0, want=2392, limit=116 [ 1810.346347][T16228] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1810.360080][T16225] attempt to access beyond end of device [ 1810.371966][T16228] attempt to access beyond end of device [ 1810.380654][T16225] loop4: rw=0, want=2393, limit=116 [ 1810.384386][T16228] loop1: rw=0, want=2391, limit=116 [ 1810.393201][T16228] attempt to access beyond end of device [ 1810.400484][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.406366][T16228] loop1: rw=0, want=2392, limit=116 [ 1810.416281][T16228] attempt to access beyond end of device [ 1810.429120][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.440057][T16228] loop1: rw=0, want=2393, limit=116 [ 1810.445736][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.463250][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.471305][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) 12:20:23 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:23 executing program 5: 12:20:23 executing program 3: 12:20:23 executing program 2: 12:20:23 executing program 0: [ 1810.485211][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.496595][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.533238][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.558623][T16225] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1810.599612][T16212] attempt to access beyond end of device [ 1810.606299][T16212] loop4: rw=0, want=2390, limit=116 [ 1810.636324][T16212] attempt to access beyond end of device [ 1810.666380][T16212] loop4: rw=0, want=2391, limit=116 [ 1810.693568][T16212] attempt to access beyond end of device [ 1810.709433][T16212] loop4: rw=0, want=2392, limit=116 [ 1810.714726][T16212] attempt to access beyond end of device [ 1810.720371][T16212] loop4: rw=0, want=2393, limit=116 [ 1810.750182][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1810.779324][T16240] FAT-fs (loop1): Filesystem has been set read-only [ 1810.791144][T16240] attempt to access beyond end of device 12:20:23 executing program 4: modify_ldt$write2(0x11, &(0x7f0000000140)={0x8, 0x100000, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x1}, 0x10) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='rdma.current\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:23 executing program 3: 12:20:23 executing program 5: 12:20:23 executing program 2: 12:20:23 executing program 0: [ 1810.797757][T16240] loop1: rw=0, want=2390, limit=116 [ 1810.803034][T16240] attempt to access beyond end of device [ 1810.851074][T16240] loop1: rw=0, want=2391, limit=116 [ 1810.876549][T16240] attempt to access beyond end of device 12:20:23 executing program 2: [ 1810.900852][T16240] loop1: rw=0, want=2392, limit=116 12:20:23 executing program 3: [ 1810.943252][T16240] attempt to access beyond end of device [ 1810.985467][T16240] loop1: rw=0, want=2393, limit=116 [ 1811.016318][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.069623][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.107634][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.123832][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.131761][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.140363][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.149143][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.158485][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.166643][T16240] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.175078][T16245] attempt to access beyond end of device [ 1811.182126][T16245] loop1: rw=0, want=2390, limit=116 [ 1811.188313][T16245] attempt to access beyond end of device [ 1811.194332][T16245] loop1: rw=0, want=2391, limit=116 [ 1811.199579][T16245] attempt to access beyond end of device [ 1811.206119][T16245] loop1: rw=0, want=2392, limit=116 [ 1811.211422][T16245] attempt to access beyond end of device [ 1811.217622][T16245] loop1: rw=0, want=2393, limit=116 12:20:24 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:24 executing program 5: 12:20:24 executing program 0: 12:20:24 executing program 3: 12:20:24 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x8, @ipv4={[], [], @rand_addr=0x64010100}}, 0x1c) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x30000, 0x0) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x10010, r6, 0x7309f000) socket$pppoe(0x18, 0x1, 0x0) 12:20:24 executing program 2: r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) ftruncate(r2, 0x2081fc) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10000081}) sendfile(r0, r1, 0x0, 0xffffffff) 12:20:24 executing program 5: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f0000001180)='threaded\x00', 0xfc9a) fallocate(r2, 0x3, 0x0, 0x2cbd) write$binfmt_elf64(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000005cd825a31253570000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000054f70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001300000000000000000000000000000000000000000000000000000000000000000000000000000000001f0000000000000000000000000000000000000000000000000100"/867], 0x366) sendfile(r0, r1, 0x0, 0x12ffe) 12:20:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0)='nl80211\x00') sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110000000000000000000200000008000300", @ANYRES32, @ANYBLOB="05005900000081db1200d100"], 0x28}}, 0x0) 12:20:24 executing program 3: perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="52000000240007a75cb27fec4b024ea8d27a0500", @ANYRES32, @ANYBLOB="00000000ffffffff000000000700010066710000340002000800050000000000000000000600000008000200000000000800080000000000080001000000003c43375472d900004a83bbcd97fb91b3b57fa9c92810a347a34e43643a3c5c6b25caffa9fd141476dd041c5b0b9662cd9fb075c7f419e3b9a3d22a5b156fe3f75a61a1aa4d1a39bdb19f5aa6eeeb07563388976c971c6fad98ec1b2a0a40b01390b8070ac248429b0e179aedc5230216eac8ce7b5da131b52e0a79aa28430293477fe446b3eb60b4c027a27dc36afe0214552f1e7e2c5e380de4096ba82a4764ffe558eeb4c1bd19fbe64f0000010000000000dc32f88cb972e7002a505deef1d65ba2c5d6fa4f8db4501d48a3931f3b000000000000000000000000061f3b9f45c7fd4b121472859d6d63823ceb67ee319a793d97a32d1e6d34c2f771e0f67db22975fab3a6c1ed5d65dab05ca14e423ea2878c45e5cc3ffc1e1ba7a5522b2735d26b123d97efc3"], 0x60}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000180)=[{0x3, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0) [ 1811.375877][ T26] audit: type=1804 audit(1587212424.328:99): pid=16270 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3281/bus" dev="sda1" ino=16360 res=1 [ 1811.444363][ T26] audit: type=1804 audit(1587212424.348:100): pid=16270 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3281/bus" dev="sda1" ino=16360 res=1 [ 1811.470109][T16269] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.509485][T16269] FAT-fs (loop4): Filesystem has been set read-only [ 1811.512764][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.532657][T16281] attempt to access beyond end of device [ 1811.537353][T16275] FAT-fs (loop1): Filesystem has been set read-only [ 1811.554018][T16281] loop4: rw=0, want=2390, limit=116 [ 1811.559337][T16281] attempt to access beyond end of device [ 1811.560338][T16275] attempt to access beyond end of device [ 1811.565160][T16281] loop4: rw=0, want=2391, limit=116 [ 1811.576186][T16281] attempt to access beyond end of device [ 1811.582004][T16281] loop4: rw=0, want=2392, limit=116 [ 1811.587834][T16281] attempt to access beyond end of device [ 1811.593640][T16281] loop4: rw=0, want=2393, limit=116 [ 1811.599385][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.607714][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.610813][T16282] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1811.615771][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.615786][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.615858][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.628493][T16275] loop1: rw=0, want=2390, limit=116 [ 1811.633002][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.667073][ T26] audit: type=1800 audit(1587212424.638:101): pid=16287 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16356 res=0 [ 1811.675661][T16288] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1811.686738][T16275] attempt to access beyond end of device [ 1811.702888][T16286] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1811.716440][T16286] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1811.727827][ T26] audit: type=1804 audit(1587212424.688:102): pid=16290 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir414067658/syzkaller.6itaBt/2747/file0" dev="sda1" ino=16356 res=1 [ 1811.734579][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.753509][T16275] loop1: rw=0, want=2391, limit=116 [ 1811.779817][T16275] attempt to access beyond end of device 12:20:24 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) keyctl$get_persistent(0x16, r3, r1) [ 1811.803791][T16286] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1811.816774][T16275] loop1: rw=0, want=2392, limit=116 [ 1811.838412][T16286] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1811.845945][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.850140][T16275] attempt to access beyond end of device [ 1811.874850][ T26] audit: type=1804 audit(1587212424.698:103): pid=16287 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir414067658/syzkaller.6itaBt/2747/file0" dev="sda1" ino=16356 res=1 12:20:24 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x405c5503) [ 1811.883465][T16281] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1811.903934][T16275] loop1: rw=0, want=2393, limit=116 [ 1811.919326][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:24 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r2, 0x65, 0x4, &(0x7f0000000240)=[{}], &(0x7f0000000280)=0x8) [ 1811.947645][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1811.970821][ T26] audit: type=1804 audit(1587212424.748:104): pid=16287 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir414067658/syzkaller.6itaBt/2747/file0" dev="sda1" ino=16356 res=1 [ 1811.997017][T16269] attempt to access beyond end of device [ 1812.013679][T16269] loop4: rw=0, want=2390, limit=116 [ 1812.031319][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.049118][T16269] attempt to access beyond end of device [ 1812.063153][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.065186][T16269] loop4: rw=0, want=2391, limit=116 [ 1812.081335][T16302] input: syz1 as /devices/virtual/input/input18 [ 1812.088538][T16269] attempt to access beyond end of device [ 1812.093768][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.099111][T16269] loop4: rw=0, want=2392, limit=116 [ 1812.108081][T16269] attempt to access beyond end of device [ 1812.117217][T16269] loop4: rw=0, want=2393, limit=116 [ 1812.119778][ T26] audit: type=1804 audit(1587212424.798:105): pid=16294 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3281/bus" dev="sda1" ino=16360 res=1 [ 1812.123813][T16269] attempt to access beyond end of device [ 1812.154822][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.161710][T16308] input: syz1 as /devices/virtual/input/input19 [ 1812.170965][T16269] loop4: rw=0, want=2390, limit=116 [ 1812.172931][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.179092][T16269] attempt to access beyond end of device [ 1812.191683][T16269] loop4: rw=0, want=2391, limit=116 [ 1812.196571][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.199452][T16269] attempt to access beyond end of device [ 1812.212084][ T26] audit: type=1804 audit(1587212424.798:106): pid=16270 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir352393698/syzkaller.MU5F8C/3281/bus" dev="sda1" ino=16360 res=1 [ 1812.213804][T16275] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.238312][T16269] loop4: rw=0, want=2392, limit=116 [ 1812.248391][T16269] attempt to access beyond end of device [ 1812.267093][T16269] loop4: rw=0, want=2393, limit=116 [ 1812.273713][T16283] attempt to access beyond end of device [ 1812.279803][T16283] loop1: rw=0, want=2390, limit=116 [ 1812.289172][T16269] attempt to access beyond end of device [ 1812.297682][T16269] loop4: rw=0, want=2390, limit=116 [ 1812.302939][T16269] attempt to access beyond end of device [ 1812.303095][T16283] attempt to access beyond end of device [ 1812.308669][T16269] loop4: rw=0, want=2391, limit=116 [ 1812.322306][T16269] attempt to access beyond end of device [ 1812.328367][T16269] loop4: rw=0, want=2392, limit=116 [ 1812.330432][T16283] loop1: rw=0, want=2391, limit=116 [ 1812.342155][T16269] attempt to access beyond end of device [ 1812.343618][T16283] attempt to access beyond end of device [ 1812.348218][T16269] loop4: rw=0, want=2393, limit=116 [ 1812.364577][T16283] loop1: rw=0, want=2392, limit=116 [ 1812.377818][T16283] attempt to access beyond end of device [ 1812.390268][T16283] loop1: rw=0, want=2393, limit=116 12:20:25 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:25 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0xff}]}}, &(0x7f0000000100)=""/139, 0x2a, 0x8b, 0x8}, 0x20) 12:20:25 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x74}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffc}, 0x48) 12:20:25 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) keyctl$get_persistent(0x16, r3, r1) 12:20:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 12:20:25 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000840)=ANY=[@ANYBLOB="7f454c4606801f04c80a00000000000003003e00ffff00004f000000000000004000000000000000a100000000000000000000004691380001000300ff000180060000000104000061000000000000000400000000000000000000000000000009000000000000000000000000000000010000000000000004000000810000000c9e0d4a000000000000000000000000015a7ce9414e62230e55cf773a1ea9830000000000000001000000000000000600000000000000ff03000000000000710ff843b1f7432576db5ed507fe2f0a926a19f7e4dc410efa5b93406f0b6f9fe0cc8ffe17e66edad807cd26c9e02eab2dbac5cfbd01770dfdd6d70a7d2aa7f70911b5cc815aeddc6f8782b9da657532f99c9c646c14c63e06bfd9133a61c5255f376556429cb95cf448e1218e5feaabb31a72c0ebf3fe116f8b9beaa08ab4543b48a7b68065cff13e0c0b0b851a1dc032a400b4e62032abf0d432e7b3bd6b2a50000ca4cb51c7a6ccc71bb979a38db6f9a26a10721fd5fb955c85a640921128f9426a19a715924c433477803d47002d20bf3a5e084fef7c5a99ec10e195000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/1175], 0x488) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x100, 0x2, {0x7ff, 0x7, 0x5d7, 0x161}}) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x2108089, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 1812.457183][T16319] BPF:[1] INT (anon) [ 1812.472215][T16319] BPF:size=5 bits_offset=255 nr_bits=0 encoding=(none) 12:20:25 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) tkill(r2, 0x14) 12:20:25 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00', {}, 0x4}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1812.502886][T16319] BPF: [ 1812.508095][T16319] BPF:nr_bits exceeds 128 [ 1812.518264][T16319] BPF: [ 1812.518264][T16319] [ 1812.526512][T16319] BPF:[1] INT (anon) [ 1812.536142][T16319] BPF:size=5 bits_offset=255 nr_bits=0 encoding=(none) 12:20:25 executing program 3: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000040)={0x7, 0x8}, 0x10) [ 1812.565192][T16319] BPF: [ 1812.574232][T16319] BPF:nr_bits exceeds 128 [ 1812.582839][T16319] BPF: [ 1812.582839][T16319] 12:20:25 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r2, 0x65, 0x2, &(0x7f0000000240)=[{}], &(0x7f0000000280)=0x8) 12:20:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7) [ 1812.689253][T16340] input: syz1 as /devices/virtual/input/input20 [ 1812.711368][T16335] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.767214][T16357] attempt to access beyond end of device [ 1812.778169][T16355] input: syz1 as /devices/virtual/input/input21 [ 1812.787239][T16335] FAT-fs (loop1): Filesystem has been set read-only [ 1812.810325][T16357] loop1: rw=0, want=2390, limit=116 [ 1812.839222][T16357] attempt to access beyond end of device [ 1812.844382][T16351] overlayfs: filesystem on './file0' not supported as upperdir [ 1812.861605][T16363] sp0: Synchronizing with TNC [ 1812.867342][ T26] audit: type=1800 audit(1587212425.838:107): pid=16364 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="overlay" ino=16113 res=0 12:20:25 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x200000, 0x2f}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffc}, 0x48) [ 1812.892586][T16357] loop1: rw=0, want=2391, limit=116 [ 1812.922464][T16357] attempt to access beyond end of device [ 1812.935475][T16357] loop1: rw=0, want=2392, limit=116 [ 1812.945682][T16357] attempt to access beyond end of device [ 1812.976091][T16357] loop1: rw=0, want=2393, limit=116 [ 1812.988535][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1812.999343][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.007844][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.016960][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.034056][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.045110][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.054521][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.062484][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.072041][T16357] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.081917][T16360] attempt to access beyond end of device [ 1813.089322][T16360] loop1: rw=0, want=2390, limit=116 [ 1813.104881][T16360] attempt to access beyond end of device [ 1813.110706][T16360] loop1: rw=0, want=2391, limit=116 [ 1813.117285][T16360] attempt to access beyond end of device [ 1813.125355][T16360] loop1: rw=0, want=2392, limit=116 [ 1813.130764][T16360] attempt to access beyond end of device [ 1813.137506][T16360] loop1: rw=0, want=2393, limit=116 12:20:26 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:26 executing program 4: bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r0}, 0x14) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0x148, 0x0, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x1}, @ETHTOOL_A_STRSET_STRINGSETS={0x44, 0x2, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0xc}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x2c, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID]}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x44, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}, {0xffffffffffffff12, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}]}, @ETHTOOL_A_STRSET_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x8, 0x2, 'bridge0\x00'}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x85}, 0x20000005) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x806000) write$cgroup_type(r2, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r5, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) socket$pppoe(0x18, 0x1, 0x0) 12:20:26 executing program 5: socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x82, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60000000004c2c00fe8000000000000000000000000000bb200100000000000000000000000000000000000000006f37e6c34930c9b900002420880b0000000000000800000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) 12:20:26 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x13, 0x10, 0x3, 0x5}, 0x40) 12:20:26 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x436, &(0x7f00000008c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f208", 0x400, 0x3a, 0xff, @local={0xfe, 0x80, [0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xb, "a78ce5402000000053d5dea6b259fe8000000000000023493b87aa0568f00b1c71a8242373244ad20100dc07df0a69748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c11b37adac15084dbaf736b41e5a803721d"}, {0x0, 0x16, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283d0dcd52a6de228bf697d3d6506afec30ef7e07413c7afc1eb139e0fb1a5a643b4099519e31f3fd4457f0e6d586ad05e1"}, {0x0, 0x5a, "062bf7b5e0f2dbbdc849b90d4e80a0e3f7af088060d01a1cfcfad88ef4512c6ef5c0ead4b9cc87484b106a060a9899d50f595204418f51e91480b395741dd314136a262cadf02b071d88e61703f037caded0b315701274012fa532ddd69499074e1a2df196e0afcffda08fb3d82ab8160253a47d3efc3d7cead55c28610ae20f69aaced0a1a6ce815344cf8d0bc8a0dfcdd1e8cd7242601777ec653c2d4b704397dcb1350982afd017eaa630c840d71589499fd68239ae0c0aa2fc9b949d1a716d40a24f078e92e8c268ff726290944b5f3a3bea9559f2d2a51405fba224411ecc49544dea47917a98bf79c3c8eed70429abf70a52ecbda21c9bf0f6a70cd2c2c887391e4095ad223437c60abf829447b47bd231ca2a98d9da7519a4bd28e803fa000fafc0dc453ed56cdf4356d7abcfec4eed0b94a4f78ce44a7177c6684026bb4f26a17e52e326c8bb7be5e2ea5780d7169d8f4ff62cb2b223f1d6221f62e0ee0244d86042560edd36853c464b23be536c65b87cd5ea60932ed90607b369ed2017f645afcb5cd07f6896a08473bd5dea2bfb52ac501a39c338ede985aa4a7755db876cc1558aac15ad4d6c078834be4d944f3cce0079d2ad9ba8d17f01a614052aadbd4af0fd282f594dc4530ee49b6c9ae6d5d80a073e678594be2e2f0869baa2a58dd2d0f6a995fb706c4d1b618d57da1c2d8f55611f746105a947b4f6bb74dbdbffb1b3c1f2316f6a28a07f0145b1bf8345b6aa4e9d5a819497856792121219ea151c1f8e2f86356039bc5b87fe4cad68b6afa08687e6e751803865165eac0c34bdddae1bbe52f55d08cc4a0865f8df372635e8a26ac4ac9716a124ac4e83349f17b612e2b1893b5eaccecc7d812bb4f4fc6b313f57c2035a90f782a4a97b5f5309b6c5798d72b9187f3d411e84041e3671fe35e39fa1887846721c38d501b471990b919d2ad9ca9bc71157a843d75838c0aa4ff0dabd74284709f1f87f324ec4f56eacd70e6bb5e9677e719786c4d4284e4c"}, {0x1, 0x1, "c1d9e856745a"}]}}}}}}, 0x0) [ 1813.255883][T16385] IPv6: addrconf: prefix option has invalid lifetime 12:20:26 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) keyctl$get_persistent(0x16, r3, r1) [ 1813.299078][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.309853][T16383] FAT-fs (loop4): Filesystem has been set read-only [ 1813.329018][T16383] attempt to access beyond end of device [ 1813.342428][T16383] loop4: rw=0, want=2390, limit=116 [ 1813.351273][T16383] attempt to access beyond end of device [ 1813.357516][T16383] loop4: rw=0, want=2391, limit=116 [ 1813.366404][T16383] attempt to access beyond end of device [ 1813.372333][T16383] loop4: rw=0, want=2392, limit=116 [ 1813.378743][T16383] attempt to access beyond end of device [ 1813.395998][T16383] loop4: rw=0, want=2393, limit=116 [ 1813.412933][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.421133][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.429728][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.438062][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.446319][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.454489][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.462416][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.470827][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.479110][T16383] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000024f) [ 1813.488824][T16397] attempt to access beyond end of device [ 1813.497492][T16397] loop4: rw=0, want=2390, limit=116 [ 1813.526744][T16397] attempt to access beyond end of device [ 1813.532441][T16397] loop4: rw=0, want=2391, limit=116 [ 1813.545733][T16392] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.565406][T16397] attempt to access beyond end of device [ 1813.571309][T16397] loop4: rw=0, want=2392, limit=116 12:20:26 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) tkill(r2, 0x14) 12:20:26 executing program 5: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x6) r2 = socket(0x10, 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsgid(r4) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=r5, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r5, @ANYBLOB="100006000000000020000000000000"], 0x34, 0x0) chown(&(0x7f00000001c0)='./file0\x00', r1, 0x0) chdir(&(0x7f0000000100)='./file0\x00') 12:20:26 executing program 3: perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="52000000240007a75cb27fec4b024ea8d27a0500", @ANYRES32=r1, @ANYBLOB="00000000ffffffff000000000700010066710000340002000800050000000000000000000600000008000200000000000800080000000000080001000000003c43375472d900004a83bbcd97fb91b3b57fa9c92810a347a34e43643a3c5c6b25caffa9fd141476dd041c5b0b9662cd9fb075c7f419e3b9a3d22a5b156fe3f75a61a1aa4d1a39bdb19f5aa6eeeb07563388976c971c6fad98ec1b2a0a40b01390b8070ac248429b0e179aedc5230216eac8ce7b5da131b52e0a79aa28430293477fe446b3eb60b4c027a27dc36afe0214552f1e7e2c5e380de4096ba82a4764ffe558eeb4c1bd19fbe64f0000010000000000dc32f88cb972e7002a505deef1d65ba2c5d6fa4f8db4501d48a3931f3b000000000000000000000000061f3b9f45c7fd4b121472859d6d63823ceb67ee319a793d97a32d1e6d34c2f771e0f67db22975fab3a6c1ed5d65dab05ca14e423ea2878c45e5cc3ffc1e1ba7a5522b2735d26b123d97efc3"], 0x60}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000180)=[{0x3, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0) 12:20:26 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r2, 0x65, 0x5, &(0x7f0000000240)=[{}], &(0x7f0000000280)=0x8) [ 1813.577457][T16392] FAT-fs (loop1): Filesystem has been set read-only [ 1813.590022][T16402] attempt to access beyond end of device [ 1813.595055][T16397] attempt to access beyond end of device [ 1813.620193][T16397] loop4: rw=0, want=2393, limit=116 [ 1813.622132][T16402] loop1: rw=0, want=2390, limit=116 [ 1813.641286][T16402] attempt to access beyond end of device [ 1813.667906][T16402] loop1: rw=0, want=2391, limit=116 [ 1813.703931][T16412] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1813.719019][T16402] attempt to access beyond end of device [ 1813.739901][T16402] loop1: rw=0, want=2392, limit=116 12:20:26 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x1c, 0x3, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) [ 1813.759875][T16412] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1813.777229][T16402] attempt to access beyond end of device [ 1813.815547][T16402] loop1: rw=0, want=2393, limit=116 12:20:26 executing program 5: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000080)={0x3}) [ 1813.836533][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.857755][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.878262][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.895176][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.911979][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.957786][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1813.987433][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1814.008145][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1814.026775][T16402] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1814.065568][T16407] attempt to access beyond end of device [ 1814.071350][T16407] loop1: rw=0, want=2390, limit=116 [ 1814.087835][T16407] attempt to access beyond end of device [ 1814.116959][T16407] loop1: rw=0, want=2391, limit=116 [ 1814.133830][T16407] attempt to access beyond end of device [ 1814.152766][T16407] loop1: rw=0, want=2392, limit=116 [ 1814.169486][T16407] attempt to access beyond end of device [ 1814.188615][T16407] loop1: rw=0, want=2393, limit=116 12:20:27 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:27 executing program 3: perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="52000000240007a75cb27fec4b024ea8d27a0500", @ANYRES32=r1, @ANYBLOB="00000000ffffffff000000000700010066710000340002000800050000000000000000000600000008000200000000000800080000000000080001000000003c43375472d900004a83bbcd97fb91b3b57fa9c92810a347a34e43643a3c5c6b25caffa9fd141476dd041c5b0b9662cd9fb075c7f419e3b9a3d22a5b156fe3f75a61a1aa4d1a39bdb19f5aa6eeeb07563388976c971c6fad98ec1b2a0a40b01390b8070ac248429b0e179aedc5230216eac8ce7b5da131b52e0a79aa28430293477fe446b3eb60b4c027a27dc36afe0214552f1e7e2c5e380de4096ba82a4764ffe558eeb4c1bd19fbe64f0000010000000000dc32f88cb972e7002a505deef1d65ba2c5d6fa4f8db4501d48a3931f3b000000000000000000000000061f3b9f45c7fd4b121472859d6d63823ceb67ee319a793d97a32d1e6d34c2f771e0f67db22975fab3a6c1ed5d65dab05ca14e423ea2878c45e5cc3ffc1e1ba7a5522b2735d26b123d97efc3"], 0x60}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000180)=[{0x3, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0) 12:20:27 executing program 2: ioctl$KVM_GET_NR_MMU_PAGES(0xffffffffffffffff, 0xae45, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0x3, 0x2) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.current\x00', 0x275a, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f00000000c0)={0xc0000000}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003140), 0x4000000000003b9, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) 12:20:27 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x5) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) accept4$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000200)=0x14, 0x0) [ 1814.315515][T16431] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1814.365410][T16431] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'. 12:20:27 executing program 5: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30009, 0x0) 12:20:27 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) tkill(r2, 0x14) [ 1814.548850][T16439] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:27 executing program 3: perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="52000000240007a75cb27fec4b024ea8d27a0500", @ANYRES32=r1, @ANYBLOB="00000000ffffffff000000000700010066710000340002000800050000000000000000000600000008000200000000000800080000000000080001000000003c43375472d900004a83bbcd97fb91b3b57fa9c92810a347a34e43643a3c5c6b25caffa9fd141476dd041c5b0b9662cd9fb075c7f419e3b9a3d22a5b156fe3f75a61a1aa4d1a39bdb19f5aa6eeeb07563388976c971c6fad98ec1b2a0a40b01390b8070ac248429b0e179aedc5230216eac8ce7b5da131b52e0a79aa28430293477fe446b3eb60b4c027a27dc36afe0214552f1e7e2c5e380de4096ba82a4764ffe558eeb4c1bd19fbe64f0000010000000000dc32f88cb972e7002a505deef1d65ba2c5d6fa4f8db4501d48a3931f3b000000000000000000000000061f3b9f45c7fd4b121472859d6d63823ceb67ee319a793d97a32d1e6d34c2f771e0f67db22975fab3a6c1ed5d65dab05ca14e423ea2878c45e5cc3ffc1e1ba7a5522b2735d26b123d97efc3"], 0x60}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000180)=[{0x3, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0) [ 1814.611622][T16439] FAT-fs (loop1): Filesystem has been set read-only [ 1814.620387][T16445] attempt to access beyond end of device 12:20:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0xd, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000180)) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r2, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c"], 0x90) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000040)) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000200)={0xa0, 0x0, 0x7, {{0x5, 0x3, 0x9, 0x8, 0x7, 0x101, {0x0, 0x0, 0x100000000, 0x7, 0x9, 0x9, 0xc6c0, 0x0, 0x8001, 0x3, 0x5, 0x0, 0x0, 0x1000}}, {0x0, 0x1}}}, 0xa0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) [ 1814.658479][T16445] loop1: rw=0, want=2390, limit=116 [ 1814.693938][T16445] buffer_io_error: 65 callbacks suppressed [ 1814.693954][T16445] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1814.746064][T16445] attempt to access beyond end of device [ 1814.760662][T16445] loop1: rw=0, want=2391, limit=116 [ 1814.774384][ C0] sd 0:0:1:0: [sg0] tag#7638 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1814.784778][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB: Test Unit Ready [ 1814.791201][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.800782][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.810714][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.820292][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.829868][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.839446][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.851965][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.861572][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.871144][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.880722][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12:20:27 executing program 3: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) bind$rxrpc(r0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x5, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x8000) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000006c0)={0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x8}}, 0x0, 0x4, 0xfffffffe, 0x3}}, &(0x7f0000000780)=0xb0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000200)=0x6, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e690bcc9497535e81a60b7a723f6adad1ac664ead5e11ec3d6ba94e9cfdaa5d2104a0e14d16a676be2e0c7c6d491290514bd3dcebfde6a6360"], 0xf0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vcan0\x00'}) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) migrate_pages(0x0, 0x6, &(0x7f0000000000)=0x7fffffff, &(0x7f0000000040)=0x2) [ 1814.890293][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.899492][T16445] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1814.899865][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1814.917447][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[c0]: 00 00 00 00 00 00 00 00 [ 1814.968303][T16445] attempt to access beyond end of device [ 1815.001627][T16445] loop1: rw=0, want=2392, limit=116 [ 1815.035571][T16445] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1815.090136][T16445] attempt to access beyond end of device [ 1815.122985][T16445] loop1: rw=0, want=2393, limit=116 [ 1815.151394][T16445] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1815.153580][ C0] sd 0:0:1:0: [sg0] tag#7639 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1815.169907][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB: Test Unit Ready [ 1815.176373][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.185978][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12:20:28 executing program 3: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) bind$rxrpc(r0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x5, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x8000) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000006c0)={0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x8}}, 0x0, 0x4, 0xfffffffe, 0x3}}, &(0x7f0000000780)=0xb0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000200)=0x6, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e690bcc9497535e81a60b7a723f6adad1ac664ead5e11ec3d6ba94e9cfdaa5d2104a0e14d16a676be2e0c7c6d491290514bd3dcebfde6a6360"], 0xf0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vcan0\x00'}) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) migrate_pages(0x0, 0x6, &(0x7f0000000000)=0x7fffffff, &(0x7f0000000040)=0x2) [ 1815.195771][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.205910][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.205936][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1815.216214][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.216243][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.243476][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.253212][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.262769][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.272353][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.281947][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.291589][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.301206][ C0] sd 0:0:1:0: [sg0] tag#7639 CDB[c0]: 00 00 00 00 00 00 00 00 [ 1815.308938][ C0] sd 0:0:1:0: [sg0] tag#7640 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1815.314925][ C1] sd 0:0:1:0: [sg0] tag#7655 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1815.319378][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB: Test Unit Ready [ 1815.329746][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB: Test Unit Ready [ 1815.336177][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.342753][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.352417][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.362171][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.371728][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.381281][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.390859][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.400579][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.410159][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.419800][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.429439][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.439066][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.448604][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.458176][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.467830][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.477397][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.487050][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.497642][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.507361][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.516916][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.526476][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.536020][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.545576][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.555134][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.564655][ C0] sd 0:0:1:0: [sg0] tag#7640 CDB[c0]: 00 00 00 00 00 00 00 00 [ 1815.574199][ C1] sd 0:0:1:0: [sg0] tag#7655 CDB[c0]: 00 00 00 00 00 00 00 00 12:20:28 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) tkill(r2, 0x14) [ 1815.623063][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:28 executing program 5: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) bind$rxrpc(r0, &(0x7f0000000080)=@in4={0x2, 0x0, 0x3, 0x10, {0x2, 0x0, @local}}, 0x24) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x5, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x8000) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000006c0)={0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x8}}, 0x0, 0x4, 0xfffffffe, 0x3}}, &(0x7f0000000780)=0xb0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x400000, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000200)=0x6, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e690bcc9497535e81a60b7a723f6adad1ac664ead5e11ec3d6ba94e9cfdaa5d2104a0e14d16a676be2e0c7c6d491290514bd3dcebfde6a6360"], 0xf0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vcan0\x00'}) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) migrate_pages(0x0, 0x6, &(0x7f0000000000)=0x7fffffff, &(0x7f0000000040)=0x2) [ 1815.671697][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1815.702756][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1815.728605][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1815.747475][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1815.765827][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1815.802531][ C0] sd 0:0:1:0: [sg0] tag#7656 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1815.812955][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB: Test Unit Ready [ 1815.819408][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.829021][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.838611][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.848204][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.857895][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.868015][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.878301][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.888279][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.898048][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.907645][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.917230][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.927423][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1815.937011][ C0] sd 0:0:1:0: [sg0] tag#7656 CDB[c0]: 00 00 00 00 00 00 00 00 [ 1815.946833][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1815.973973][T16445] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:29 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:29 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0xd, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) fstat(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000200)={0xa0, 0x0, 0x0, {{0x5, 0x0, 0x9, 0x8, 0x7, 0x0, {0x0, 0xfffffffffffffff9, 0x100000000, 0x7, 0x9, 0x9, 0xc6c0, 0x0, 0x8001, 0x3, 0x5, 0x0, 0x0, 0x1000, 0xffff}}}}, 0xa0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) 12:20:29 executing program 5: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) bind$rxrpc(r0, &(0x7f0000000080)=@in4={0x2, 0x0, 0x3, 0x10, {0x2, 0x0, @local}}, 0x24) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x5, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x8000) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000006c0)={0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x8}}, 0x0, 0x4, 0xfffffffe, 0x3}}, &(0x7f0000000780)=0xb0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x400000, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000200)=0x6, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e690bcc9497535e81a60b7a723f6adad1ac664ead5e11ec3d6ba94e9cfdaa5d2104a0e14d16a676be2e0c7c6d491290514bd3dcebfde6a6360"], 0xf0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vcan0\x00'}) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) migrate_pages(0x0, 0x6, &(0x7f0000000000)=0x7fffffff, &(0x7f0000000040)=0x2) [ 1816.241364][ C1] sd 0:0:1:0: [sg0] tag#7657 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1816.251797][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB: Test Unit Ready [ 1816.260427][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.270007][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.279678][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.289272][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.299403][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.308985][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.318739][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.328325][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.337906][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.347488][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.357248][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.366825][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.376417][ C1] sd 0:0:1:0: [sg0] tag#7657 CDB[c0]: 00 00 00 00 00 00 00 00 12:20:29 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) [ 1816.604775][ C1] sd 0:0:1:0: [sg0] tag#7658 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1816.615178][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB: Test Unit Ready [ 1816.621601][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.631563][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.641136][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.650719][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.657074][ C0] sd 0:0:1:0: [sg0] tag#7659 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1816.660397][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.670725][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB: Test Unit Ready [ 1816.680265][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.686675][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.696401][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.705942][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.715495][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.725065][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.734613][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.744181][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.753721][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.763255][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.772804][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.782493][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.792028][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.801573][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.811216][ C1] sd 0:0:1:0: [sg0] tag#7658 CDB[c0]: 00 00 00 00 00 00 00 00 [ 1816.820854][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.837877][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.847593][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.857211][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.866798][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1816.876402][ C0] sd 0:0:1:0: [sg0] tag#7659 CDB[c0]: 00 00 00 00 00 00 00 00 12:20:30 executing program 5: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) bind$rxrpc(r0, &(0x7f0000000080)=@in4={0x2, 0x0, 0x3, 0x10, {0x2, 0x0, @local}}, 0x24) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x5, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x8000) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000006c0)={0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x8}}, 0x0, 0x4, 0xfffffffe, 0x3}}, &(0x7f0000000780)=0xb0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x400000, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000200)=0x6, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e690bcc9497535e81a60b7a723f6adad1ac664ead5e11ec3d6ba94e9cfdaa5d2104a0e14d16a676be2e0c7c6d491290514bd3dcebfde6a6360"], 0xf0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vcan0\x00'}) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) migrate_pages(0x0, 0x6, &(0x7f0000000000)=0x7fffffff, &(0x7f0000000040)=0x2) 12:20:30 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1817.228803][ C1] sd 0:0:1:0: [sg0] tag#7637 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1817.239199][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB: Test Unit Ready [ 1817.245653][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.255235][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.265043][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.274625][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.284814][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.294409][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.304096][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.313699][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.323296][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.332897][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.342623][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.352216][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1817.361803][ C1] sd 0:0:1:0: [sg0] tag#7637 CDB[c0]: 00 00 00 00 00 00 00 00 12:20:30 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x0) unshare(0x20000400) ioctl$LOOP_CHANGE_FD(r0, 0x4c01, 0xffffffffffffffff) 12:20:30 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0xd, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r2, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0x375) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000200)={0xa0, 0x0, 0x7, {{0x5, 0x3, 0x9, 0x8, 0x7, 0x0, {0x0, 0xfffffffffffffff9, 0x100000000, 0x7, 0x9, 0x9, 0xc6c0, 0x0, 0x8001, 0x3, 0x5, 0x0, r3, 0x1000, 0xffff}}}}, 0xa0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) 12:20:30 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) [ 1817.705630][T16520] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:30 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0xd, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r3, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fa"], 0x92) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0x375) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000200)={0xa0, 0x0, 0x7, {{0x5, 0x3, 0x9, 0x8, 0x7, 0x101, {0x0, 0xfffffffffffffff9, 0x100000000, 0x7, 0x0, 0x9, 0xc6c0, 0x0, 0x8001, 0x3, 0x5, r2, r4, 0x0, 0xffff}}, {0x0, 0x1}}}, 0xa0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) [ 1817.760836][T16526] attempt to access beyond end of device [ 1817.771310][T16526] loop1: rw=0, want=2390, limit=116 [ 1817.777477][T16526] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1817.786262][T16526] attempt to access beyond end of device [ 1817.792243][T16526] loop1: rw=0, want=2391, limit=116 [ 1817.794949][T16520] FAT-fs (loop1): Filesystem has been set read-only 12:20:30 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) fstat(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) [ 1817.798408][T16526] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1817.813598][T16526] attempt to access beyond end of device [ 1817.824408][T16526] loop1: rw=0, want=2392, limit=116 [ 1817.845540][T16526] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1817.875985][T16526] attempt to access beyond end of device [ 1817.895626][T16526] loop1: rw=0, want=2393, limit=116 [ 1817.912050][T16526] Buffer I/O error on dev loop1, logical block 2392, async page read [ 1817.923134][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1817.931107][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1817.939905][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1817.948312][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1817.957021][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1817.966326][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1817.979207][ C0] sd 0:0:1:0: [sg0] tag#7638 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1817.991909][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB: Test Unit Ready [ 1817.998433][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.008022][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.017621][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.027314][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.036895][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.042007][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1818.046483][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.046504][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.046528][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.083129][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.092672][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.102278][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.111859][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1818.121711][ C0] sd 0:0:1:0: [sg0] tag#7638 CDB[c0]: 00 00 00 00 00 00 00 00 [ 1818.168824][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1818.192848][T16526] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1818.200982][T16529] attempt to access beyond end of device [ 1818.212394][T16529] loop1: rw=0, want=2390, limit=116 [ 1818.224256][T16529] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1818.246577][T16529] attempt to access beyond end of device [ 1818.275520][T16529] loop1: rw=0, want=2391, limit=116 [ 1818.281808][T16529] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1818.300022][T16529] attempt to access beyond end of device [ 1818.312988][T16529] loop1: rw=0, want=2392, limit=116 [ 1818.320662][T16529] attempt to access beyond end of device [ 1818.342355][T16529] loop1: rw=0, want=2393, limit=116 12:20:31 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:31 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) fcntl$setown(r4, 0x8, r2) 12:20:31 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:31 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000001200)={0x48, 0x2, 0x6, 0x2cf47c8458597b3, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x48}}, 0x0) 12:20:31 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[@ANYRES16], 0x2) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x30009, 0x0) 12:20:31 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) fstat(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) 12:20:31 executing program 2: ioctl$KVM_GET_NR_MMU_PAGES(0xffffffffffffffff, 0xae45, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.current\x00', 0x275a, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(0xffffffffffffffff, 0x400442c9, &(0x7f00000000c0)={0xc0000000}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003140), 0x4000000000003b9, 0x0, 0x0) [ 1819.058714][T16589] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.107559][T16600] attempt to access beyond end of device [ 1819.122611][T16589] FAT-fs (loop1): Filesystem has been set read-only [ 1819.130472][T16600] loop1: rw=0, want=2390, limit=116 [ 1819.142759][T16600] attempt to access beyond end of device [ 1819.148413][T16600] loop1: rw=0, want=2391, limit=116 12:20:32 executing program 2: ioctl$KVM_GET_NR_MMU_PAGES(0xffffffffffffffff, 0xae45, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0x3, 0x2) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360127ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6eeb296ec550457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469f070058efa16f44b53e5372c10000768d25f196ab6f2dc045421b94d878d0d9c2a5c74633a687a135308e49ce118c81517ac7bb2994ccc7e054d3f18cb770e4908dd3deaafaab51144c1e1b86b6291f5e73ff040000000000000000000000000000009a583b79ab0cf70d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee57afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a98052"], 0x199) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.current\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100)=ANY=[@ANYRES16], 0x2) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f00000000c0)={0xc0000000}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd256-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003140), 0x4000000000003b9, 0x0, 0x0) accept4$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000200)=0x14, 0x80800) sendmsg$nl_route_sched(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=@deltclass={0x44, 0x29, 0x10, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xe}, {0xa, 0x4}, {0x7, 0x9}}, [@tclass_kind_options=@c_multiq={0xb, 0x1, 'multiq\x00'}, @tclass_kind_options=@c_drr={{0x8, 0x1, 'drr\x00'}, {0xc, 0x2, @TCA_DRR_QUANTUM={0x8, 0x1, 0x1}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x4008040) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) ioctl$USBDEVFS_DISCARDURB(r1, 0x550b, &(0x7f00000001c0)) sync() syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) 12:20:32 executing program 3: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) bind$rxrpc(r0, &(0x7f0000000080)=@in4={0x2, 0x0, 0x3, 0x10, {0x2, 0x0, @local}}, 0x24) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x5, 0x1, 0x0, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x8000) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000006c0)={0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x8}}, 0x0, 0x4, 0xfffffffe, 0x3}}, &(0x7f0000000780)=0xb0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x400000, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000200)=0x6, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092cddd3b049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e690bcc9497535e81a60b7a723f6adad1ac664ead5e11ec3d6ba94e9cfdaa5d2104a0e14d16a676be2e0c7c6d491290514bd3dcebfde6a6360"], 0xf0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vcan0\x00'}) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) migrate_pages(0x0, 0x6, &(0x7f0000000000)=0x7fffffff, &(0x7f0000000040)=0x2) [ 1819.182747][T16600] attempt to access beyond end of device [ 1819.188419][T16600] loop1: rw=0, want=2392, limit=116 [ 1819.199368][T16600] attempt to access beyond end of device [ 1819.211564][T16600] loop1: rw=0, want=2393, limit=116 [ 1819.234487][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.266411][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.302034][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.339900][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.386427][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.433855][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.469939][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:32 executing program 5: r0 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ftruncate(r0, 0x0) 12:20:32 executing program 2: r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000080)={0x0, 0x382, &(0x7f0000000140)={0x0, 0xb7ff}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="3400000010000104000009040000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000140012000c00010062726964676500000300020092ab29e6bc90313f5c14a8d5d4534e466f18e765b4fd2a0e0ffabd5f884b8215627962f7a4aab6691329692afb3fdcc3e7378871f430fe0e63a139f8432b7c88d952fec2b4b0543063914575e89dce08917ef4c83982304f91f231dc1ecf62c4bf0541ff2b5060b6a4d69b9403c96422fd8632e43e946636599dedd725bcd83c8971198e43e29e4b1c15388e01dee5bf7c4e128ff5b5c146c15db0684e76186c1d4209d8b4158f7b359d8efa69231277e09c47884e9fb0b010687409fc6fa73c91c9504b4460a91a865e0897f10dc1c1e0edc0d560f18478d67cc5cf8dbb0ee5003f6cc7185e99bc93bcb9eb76abba12076a8d076c853092edf73f4224c4e770006630b3a7e43c7e4c90ce6a20fac946584d406aa1cc75103f746d1f026456e44c9a39c62eecdb8bb82ca275e24c5c9095cbc8a6701a2447f9f6e6e4a372717366f176f0e4df46e9e28ede8a00e2a8b3dc"], 0x34}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl(r4, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) [ 1819.498897][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.539227][T16600] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1819.556463][T16604] attempt to access beyond end of device [ 1819.566892][T16604] loop1: rw=0, want=2390, limit=116 [ 1819.586464][T16604] attempt to access beyond end of device [ 1819.592296][T16604] loop1: rw=0, want=2391, limit=116 [ 1819.599197][T16604] attempt to access beyond end of device [ 1819.608319][T16604] loop1: rw=0, want=2392, limit=116 [ 1819.630409][T16604] attempt to access beyond end of device [ 1819.636975][T16604] loop1: rw=0, want=2393, limit=116 12:20:32 executing program 3: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x10, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x40, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000100)={{0xa, 0x0, 0x1, @mcast2}, {0xa, 0x0, 0x0, @mcast2}, 0x0, [0x9, 0x0, 0x0, 0x204, 0x0, 0x0, 0x6, 0x1]}, 0x5c) setsockopt$inet6_int(r0, 0x29, 0xc8, &(0x7f00000007c0), 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0x3a, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3f}, {0xa, 0x4e24, 0x0, @mcast1, 0x3ff}, 0x7, [0x9, 0x2, 0x1, 0x1, 0x4d0e, 0x800, 0x8, 0x8ab4]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0xce21, 0xfffffffc, @mcast1, 0x916d}, {0xa, 0x4e23, 0x8651, @empty, 0x7}, 0x0, [0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0xfffffffc]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xc9, 0x0, 0x0) 12:20:32 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:32 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) tkill(r2, 0x14) [ 1819.911076][T16622] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1819.918078][T16631] IPVS: ftp: loaded support on port[0] = 21 [ 1819.933666][T16630] __nla_validate_parse: 2 callbacks suppressed [ 1819.933676][T16630] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 12:20:33 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00007, 0x4, 0x0, 0x0, 0x10000000002) [ 1819.987687][T16622] FAT-fs (loop1): Filesystem has been set read-only [ 1820.017692][T16622] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1820.070336][T16631] IPVS: ftp: loaded support on port[0] = 21 12:20:33 executing program 2: r0 = syz_open_dev$sndmidi(&(0x7f0000000080)='/dev/snd/midiC#D#\x00', 0x2, 0xa0001) r1 = socket$inet6(0xa, 0x2, 0x0) dup2(r1, r0) 12:20:33 executing program 3: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x10, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x40, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000100)={{0xa, 0x0, 0x1, @mcast2}, {0xa, 0x0, 0x0, @mcast2}, 0x0, [0x9, 0x0, 0x0, 0x204, 0x0, 0x0, 0x6, 0x1]}, 0x5c) setsockopt$inet6_int(r0, 0x29, 0xc8, &(0x7f00000007c0), 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0x3a, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3f}, {0xa, 0x4e24, 0x0, @mcast1, 0x3ff}, 0x7, [0x9, 0x2, 0x1, 0x1, 0x4d0e, 0x800, 0x8, 0x8ab4]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0xce21, 0xfffffffc, @mcast1, 0x916d}, {0xa, 0x4e23, 0x8651, @empty, 0x7}, 0x0, [0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0xfffffffc]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xc9, 0x0, 0x0) 12:20:33 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) [ 1820.236754][T16686] IPVS: ftp: loaded support on port[0] = 21 [ 1820.285142][ T9446] tipc: TX() has been purged, node left! 12:20:33 executing program 5: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x10, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x40, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000100)={{0xa, 0x0, 0x1, @mcast2}, {0xa, 0x0, 0x0, @mcast2}, 0x0, [0x9, 0x0, 0x0, 0x204, 0x0, 0x0, 0x6, 0x1]}, 0x5c) setsockopt$inet6_int(r0, 0x29, 0xc8, &(0x7f00000007c0), 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0x3a, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3f}, {0xa, 0x4e24, 0x0, @mcast1, 0x3ff}, 0x7, [0x9, 0x2, 0x1, 0x1, 0x4d0e, 0x800, 0x8, 0x8ab4]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0xce21, 0xfffffffc, @mcast1, 0x916d}, {0xa, 0x4e23, 0x8651, @empty, 0x7}, 0x0, [0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0xfffffffc]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xc9, 0x0, 0x0) [ 1820.379637][T16691] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:33 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffe0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$caif_stream(0x25, 0x1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) getsockopt$inet6_tcp_int(r0, 0x6, 0x1f, &(0x7f0000000100), &(0x7f0000000140)=0x4) openat$userio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/userio\x00', 0x200c00, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x18, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x4, 0x12}]}, 0x18}}, 0x0) [ 1820.445793][T16720] IPVS: ftp: loaded support on port[0] = 21 [ 1820.446420][T16691] FAT-fs (loop1): Filesystem has been set read-only [ 1820.520538][T16691] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:33 executing program 3: socket$nl_route(0x10, 0x3, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) socket(0x1e, 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8c}, 0x0, &(0x7f0000000140)={0x1b4}, &(0x7f00000001c0)={0x0, r3+30000000}, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000240)=[{&(0x7f00000002c0)="0874fdad3d742d0fe8a182910a736d5925a54facdbd7edb5de975ea6715d660146bbf83286901c427be7566b2fbe9c30b97108f0271225bdbe80e0039ed9fb7ee5d51536ddd930cb1b8cab8aa1c269d3827619c760b32a84a7e30625644d37870b131c9356042e22c70b046745278085b37457860020451d595b4d7d18cb71d5b239f04a60b5444b461897260bcde1d6c574d4a8fbf0381f74ac91a6374dd13ee2ed6ec791ec154fb6ea82d3c9ebd5779937e7646fcb601b642691e281d6641223c55bb09bf6c9a91590d68099ed28fc51a8d538ecea66ed35228ee1bc953e5c3c28", 0xfffffdca}, {&(0x7f0000000540)="9cb93fe5f1211621d01152548834284bb58283456e70568ed5c7b763aad2d8627a1c1029b2ae937c24268efb2b361385ff99036346d47d054daff0c229a9c238cca933692df36a369f96514586ea052795a332fcbd45ce1ba3ba5c88c24d55b14db8ae32ab9c36be183b4f25d387e7b2e654f11008a1ad6845f5df523be47290371fa91110953c29244cb8f73800b21982abd5fbbbaac269c4ace1c936889eea9cc693b98a52ad01ae864bc3be8ba01ba25e3203b48ad97d03b687bd6086c16c43be5c6cd7cc5c665e47", 0xca}, {&(0x7f00000004c0)="9544381f6d1d5defb05f685ca71527d858f9d4c0373f6ec69f3ef0a04b89ead1e500d9cdedd494d0fd03bdd3bbaaac887872e9d8971c8529efbf8668c6f2064c1d6960700ed41acf78", 0x49}], 0x3, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) 12:20:33 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:33 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) 12:20:33 executing program 2: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000080)={@mcast2}, 0x14) [ 1820.846766][T16754] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 1820.918664][T16754] FAT-fs (loop1): Filesystem has been set read-only [ 1820.958705][T16754] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 16) 12:20:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) getuid() ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x2) r0 = socket(0xa, 0x1, 0x0) close(r0) sendmmsg$inet_sctp(r0, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB="200000000000000084000000428bfc0000000c0200001eff03ddc4", @ANYRES32=0x0], 0x20}], 0x1, 0x0) bind$rose(r0, &(0x7f0000000040)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, 0x1c) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x0, 0x0) setsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x3, 0x0, 0x0) socket(0x0, 0x0, 0x1f) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000180)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 1821.178465][T16777] overlayfs: conflicting lowerdir path [ 1822.332519][ T9446] tipc: TX() has been purged, node left! [ 1822.502499][ T9446] tipc: TX() has been purged, node left! [ 1822.662504][ T9446] tipc: TX() has been purged, node left! 12:20:35 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) tkill(r2, 0x14) 12:20:35 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:35 executing program 5: r0 = syz_open_dev$sndmidi(&(0x7f0000000080)='/dev/snd/midiC#D#\x00', 0x2, 0xa0001) write(r0, &(0x7f0000000200)="a5", 0x1) 12:20:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x7a10}], 0x1, 0x0, 0x8003}, 0x0) 12:20:35 executing program 3: ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x1) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000cede6299eb6284070000000000fd85d16e79bad40ac3794899000000000005000000000000000000d94bfeadbfce0d4ed61c01bb3c42000000ea0000000000000000000000000000000000000500000000000000000000000000000000000000ee010000000100000000402000"], 0x3}}, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram\x00', 0x100, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x0) dup(r1) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x0) [ 1823.057234][T16802] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.107786][T16813] attempt to access beyond end of device [ 1823.120067][T16813] loop1: rw=0, want=2390, limit=116 [ 1823.132375][T16813] buffer_io_error: 10 callbacks suppressed [ 1823.132421][T16813] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1823.187698][T16813] attempt to access beyond end of device [ 1823.198559][T16802] FAT-fs (loop1): Filesystem has been set read-only [ 1823.223367][T16813] loop1: rw=0, want=2391, limit=116 12:20:36 executing program 5: r0 = syz_open_dev$sndmidi(&(0x7f0000000080)='/dev/snd/midiC#D#\x00', 0x2, 0xa0001) write(r0, &(0x7f0000000200)="a5", 0x1) [ 1823.238736][T16813] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1823.260028][T16813] attempt to access beyond end of device [ 1823.290706][T16813] loop1: rw=0, want=2392, limit=116 [ 1823.329464][T16813] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1823.378212][T16813] attempt to access beyond end of device [ 1823.415977][T16813] loop1: rw=0, want=2393, limit=116 [ 1823.446842][T16813] Buffer I/O error on dev loop1, logical block 2392, async page read 12:20:36 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="240000001e0081aee4050c00000f10fe070101000000000063da9a9a1cae18c1eebd11da", 0x24}], 0x1}, 0x0) [ 1823.536551][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.563048][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) 12:20:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x7a10}], 0x1, 0x0, 0x8003}, 0x0) [ 1823.582030][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.602492][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.621040][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.648910][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.676356][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.701413][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.723058][T16813] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000024f) [ 1823.752364][T16815] attempt to access beyond end of device [ 1823.772193][T16815] loop1: rw=0, want=2390, limit=116 12:20:36 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x7a10}], 0x1, 0x0, 0x8003}, 0x0) [ 1823.792376][T16815] Buffer I/O error on dev loop1, logical block 2389, async page read [ 1823.826855][T16815] attempt to access beyond end of device [ 1823.849924][T16815] loop1: rw=0, want=2391, limit=116 [ 1823.901456][T16815] Buffer I/O error on dev loop1, logical block 2390, async page read [ 1823.939144][T16815] attempt to access beyond end of device [ 1823.964723][T16815] loop1: rw=0, want=2392, limit=116 12:20:37 executing program 3: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@mcast2}, @in=@multicast2}}, 0xf0}}, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000080)='/dev/snd/midiC#D#\x00', 0x2, 0xa0001) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) write(r0, &(0x7f0000000200)="fa", 0x7ffff) [ 1823.995595][T16815] Buffer I/O error on dev loop1, logical block 2391, async page read [ 1824.032819][T16815] attempt to access beyond end of device [ 1824.068794][T16815] loop1: rw=0, want=2393, limit=116 12:20:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x7a10}], 0x1, 0x0, 0x8003}, 0x0) [ 1824.097002][T16815] Buffer I/O error on dev loop1, logical block 2392, async page read 12:20:37 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:38 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prlimit64(0x0, 0xb, &(0x7f00000001c0), 0x0) r2 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) fcntl$setsig(r3, 0xa, 0x12) poll(0x0, 0x0, 0x40000) clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x50) dup2(r3, r4) tkill(r2, 0x14) 12:20:38 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x7a10}], 0x1, 0x0, 0x8003}, 0x0) 12:20:38 executing program 1: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe900, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x806000) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='autogroup\x00') connect$inet6(r4, &(0x7f0000003a40)={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], @local}}, 0x1c) mmap(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x200000c, 0x800000032, 0xffffffffffffffff, 0x0) 12:20:38 executing program 3: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@mcast2}, @in=@multicast2}}, 0xf0}}, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000080)='/dev/snd/midiC#D#\x00', 0x2, 0xa0001) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) write(r0, &(0x7f0000000200)="fa", 0x7ffff) 12:20:38 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) recvmsg(r1, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x7a10}], 0x1, 0x0, 0x8003}, 0x0) [ 1826.241005][T16875] ================================================================== [ 1826.249164][T16875] BUG: KCSAN: data-race in __snd_rawmidi_transmit_ack / snd_rawmidi_write [ 1826.257664][T16875] [ 1826.261127][T16875] write to 0xffff8880899794b8 of 8 bytes by task 2518 on cpu 1: [ 1826.268871][T16875] __snd_rawmidi_transmit_ack+0xcc/0x1c0 [ 1826.274538][T16875] snd_rawmidi_transmit+0x8c/0xc0 [ 1826.279579][T16875] snd_vmidi_output_work+0xaf/0x1f0 [ 1826.284785][T16875] process_one_work+0x424/0x930 [ 1826.289645][T16875] worker_thread+0x9a/0x7e0 [ 1826.294163][T16875] kthread+0x203/0x230 [ 1826.298241][T16875] ret_from_fork+0x1f/0x30 [ 1826.302813][T16875] [ 1826.305153][T16875] read to 0xffff8880899794b8 of 8 bytes by task 16875 on cpu 0: [ 1826.312798][T16875] snd_rawmidi_write+0x5c7/0x730 [ 1826.317859][T16875] __vfs_write+0x58/0xb0 [ 1826.322115][T16875] vfs_write+0x189/0x380 [ 1826.326394][T16875] ksys_write+0x16a/0x1a0 [ 1826.330729][T16875] __x64_sys_write+0x49/0x60 [ 1826.335328][T16875] do_syscall_64+0xc7/0x3b0 [ 1826.339836][T16875] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1826.345716][T16875] [ 1826.348039][T16875] Reported by Kernel Concurrency Sanitizer on: [ 1826.354195][T16875] CPU: 0 PID: 16875 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0 [ 1826.363310][T16875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1826.373371][T16875] ================================================================== [ 1826.381445][T16875] Kernel panic - not syncing: panic_on_warn set ... [ 1826.388042][T16875] CPU: 0 PID: 16875 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0 [ 1826.396714][T16875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1826.406785][T16875] Call Trace: [ 1826.410081][T16875] dump_stack+0x11d/0x187 [ 1826.414421][T16875] panic+0x210/0x640 [ 1826.418323][T16875] ? vprintk_func+0x89/0x13a [ 1826.422952][T16875] kcsan_report.cold+0xc/0x1a [ 1826.427656][T16875] kcsan_setup_watchpoint+0x3fb/0x440 [ 1826.433045][T16875] snd_rawmidi_write+0x5c7/0x730 [ 1826.438015][T16875] ? wake_up_q+0x90/0x90 [ 1826.442271][T16875] ? snd_rawmidi_release+0x90/0x90 [ 1826.447405][T16875] __vfs_write+0x58/0xb0 [ 1826.451679][T16875] vfs_write+0x189/0x380 [ 1826.455934][T16875] ksys_write+0x16a/0x1a0 [ 1826.460273][T16875] __x64_sys_write+0x49/0x60 [ 1826.464875][T16875] do_syscall_64+0xc7/0x3b0 [ 1826.469395][T16875] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1826.475313][T16875] RIP: 0033:0x45c889 [ 1826.479224][T16875] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1826.498940][T16875] RSP: 002b:00007fcb8def9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1826.508432][T16875] RAX: ffffffffffffffda RBX: 00007fcb8defa6d4 RCX: 000000000045c889 [ 1826.516411][T16875] RDX: 000000000007ffff RSI: 0000000020000200 RDI: 0000000000000003 [ 1826.524404][T16875] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1826.532557][T16875] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1826.540715][T16875] R13: 0000000000000c4e R14: 00000000004ca0d5 R15: 000000000076bf0c [ 1826.550134][T16875] Kernel Offset: disabled [ 1826.554593][T16875] Rebooting in 86400 seconds..